]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/nginx.nix
nix: register shell.root
[sourcephile-nix.git] / machines / losurdo / nginx.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) nginx;
5 in
6 {
7 imports = [
8 ../../nixos/profiles/services/nginx.nix
9 nginx/sourcephile.fr.nix
10 ];
11 users.groups."acme".members = [nginx.user];
12 users.groups."transmission".members = [nginx.user];
13 networking.nftables.ruleset = ''
14 add rule inet filter net2fw tcp dport 443 counter accept comment "HTTPS"
15 add rule inet filter net2fw tcp dport 8443 counter accept comment "HTTPS"
16 '';
17 services.nginx = {
18 enable = true;
19 package = pkgs.nginx.override {
20 modules = with pkgs.nginxModules; [
21 fancyindex
22 ];
23 };
24 resolver = {
25 addresses = [ "127.0.0.1:53" ];
26 valid = "";
27 };
28 /*
29 virtualHosts."_" = {
30 listen = [ { addr = "0.0.0.0"; port = 8443; ssl = true; } ];
31 onlySSL = true;
32 #forceSSL = true;
33 useACMEHost = networking.domain;
34 };
35 */
36 };
37 }