hosts/mermet/nginx/autogeree.net/www.nix

   1 { domain, ... }:
   2 { lib, config, inputs, hostName, ... }:
   3 let
   4   inherit (config.services) nginx;
   5   srv = "www";
   6   root = "/var/lib/nginx/${domain}";
   7 in
   8 {
   9   systemd.services.nginx.serviceConfig = {
  10     LogsDirectory = lib.mkForce [
  11       "nginx/${domain}/${srv}"
  12     ];
  13     LoadCredentialEncrypted = [
  14       "${domain}.${srv}.julm.PC.htpasswd:${./. + "/${srv}/julm/PC/htpasswd.cred"}"
  15       "${domain}.${srv}.julm.perso.camera.htpasswd:${./. + "/${srv}/julm/perso/camera.htpasswd.cred"}"
  16     ];
  17   };
  18   services.nginx = {
  19     virtualHosts.${domain} = {
  20       serverAliases = [ "${srv}.${domain}" ];
  21       forceSSL = true;
  22       useACMEHost = domain;
  23       root = "${root}/${srv}";
  24       extraConfig = ''
  25         access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
  26         error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
  27       '';
  28       locations."/".extraConfig = ''
  29         #autoindex on;
  30         fancyindex on;
  31         fancyindex_name_length 255;
  32         fancyindex_exact_size off;
  33       '';
  34       locations."/julm/" = {
  35         alias = "${root}/julm/";
  36         extraConfig = ''
  37           autoindex off;
  38         '';
  39       };
  40       locations."/julm/PC/" = {
  41         alias = "${root}/julm/PC/";
  42         basicAuthFile = "/run/credentials/nginx.service/${domain}.${srv}.julm.PC.htpasswd";
  43         extraConfig = ''
  44           fancyindex on;
  45           fancyindex_name_length 255;
  46           fancyindex_exact_size off;
  47         '';
  48       };
  49       locations."/julm/perso/camera/" = {
  50         alias = "${root}/julm/perso/camera/";
  51         basicAuthFile = "/run/credentials/nginx.service/${domain}.${srv}.julm.perso.camera.htpasswd";
  52         extraConfig = ''
  53           fancyindex on;
  54           fancyindex_name_length 255;
  55           fancyindex_exact_size off;
  56         '';
  57       };
  58       # Disable basicAuthFile for by-uuid
  59       locations."~ ^/julm/perso/camera/([0-9]+/[0-9][0-9]/by-uuid/[0-9a-f-]+/.+)$" = {
  60         alias = "${root}/julm/perso/camera/$1";
  61         extraConfig = ''
  62           autoindex off;
  63         '';
  64       };
  65     };
  66   };
  67 }