hosts/mermet/nginx/autogeree.net/www.nix

   1 { domain, ... }:
   2 { pkgs, lib, config, inputs, hostName, ... }:
   3 let
   4   inherit (config) networking;
   5   inherit (config.services) nginx;
   6   srv = "www";
   7   root = "/var/lib/nginx/${domain}";
   8 in
   9 {
  10 systemd.services.nginx.serviceConfig = {
  11   BindPaths = [
  12     "/home/julm/work/perso:${root}/julm"
  13   ];
  14   StateDirectory = [
  15     "nginx/${domain}/julm"
  16   ];
  17   LogsDirectory = lib.mkForce [
  18     "nginx/${domain}/${srv}"
  19   ];
  20   LoadCredentialEncrypted = [
  21     "${domain}.${srv}.julm.PC.htpasswd:${inputs.self}/hosts/${hostName}/nginx/${domain}/${srv}/julm/PC/htpasswd.cred"
  22   ];
  23 };
  24 services.nginx = {
  25   virtualHosts."${domain}.${srv}" = {
  26     serverAliases = [ domain ];
  27     forceSSL = true;
  28     useACMEHost = domain;
  29     root = "${root}/${srv}";
  30     extraConfig = ''
  31       access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
  32       error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
  33     '';
  34     locations."/".extraConfig = ''
  35       #autoindex on;
  36       fancyindex on;
  37       fancyindex_name_length 255;
  38       fancyindex_exact_size off;
  39     '';
  40     locations."/julm/" = {
  41       alias = "${root}/julm/";
  42       extraConfig = ''
  43         autoindex off;
  44       '';
  45     };
  46     locations."/julm/PC/" = {
  47       alias = "${root}/julm/PC/";
  48       basicAuthFile = "/run/credentials/nginx.service/${domain}.${srv}.julm.PC.htpasswd";
  49       extraConfig = ''
  50         fancyindex on;
  51         fancyindex_name_length 255;
  52         fancyindex_exact_size off;
  53       '';
  54     };
  55   };
  56 };
  57 }