]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/nginx.nix
nix: update flake.lock
[sourcephile-nix.git] / hosts / mermet / nginx.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) nginx;
5 in
6 {
7 imports = [
8 ../../nixos/profiles/services/nginx.nix
9 nginx/sourcephile.fr.nix
10 ];
11 users.groups."acme".members = [nginx.user];
12 networking.nftables.ruleset = ''
13 add rule inet filter net2fw tcp dport 80 counter accept comment "HTTP"
14 add rule inet filter net2fw tcp dport 443 counter accept comment "HTTPS"
15 '';
16 fileSystems."/var/www" = {
17 device = "rpool/var/www";
18 fsType = "zfs";
19 };
20 services.nginx = {
21 enable = true;
22 package = pkgs.nginx.override {
23 modules = with pkgs.nginxModules; [
24 fancyindex
25 ];
26 };
27 resolver = {
28 addresses = [ "127.0.0.1:53" ];
29 valid = "";
30 };
31 virtualHosts."_" = {
32 forceSSL = true;
33 useACMEHost = networking.domain;
34 };
35 };
36 }