servers/losurdo/nginx/sourcephile.fr/losurdo.nix

   1 { domain, ... }:
   2 { pkgs, lib, config, ... }:
   3 let
   4   inherit (config) networking;
   5   inherit (config.security) pass;
   6   inherit (config.services) nginx;
   7   srv = "losurdo";
   8 in
   9 {
  10 services.nginx = {
  11   virtualHosts."${srv}" = {
  12     serverName = "${srv}.${domain}";
  13     serverAliases = [ domain ];
  14     listen = [ { addr = "0.0.0.0"; port = 8443; ssl = true; } ];
  15     onlySSL = true;
  16     #forceSSL = true;
  17     useACMEHost = domain;
  18     root = "/var/lib/nginx";
  19     extraConfig = ''
  20       access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
  21       error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
  22     '';
  23     locations."/".extraConfig = ''
  24       autoindex off;
  25     '';
  26     locations."/sevy".extraConfig = ''
  27       fancyindex on;
  28       fancyindex_name_length 255;
  29       fancyindex_exact_size off;
  30       auth_basic "sevy's area";
  31       auth_basic_user_file ${pass.secrets."nginx/sevy/htpasswd".path};
  32     '';
  33   };
  34 };
  35 systemd.services.nginx = {
  36   serviceConfig.LogsDirectory = lib.mkForce ["nginx/${domain}/${srv}"];
  37   wants = [ pass.secrets."nginx/sevy/htpasswd".service ];
  38   after = [ pass.secrets."nginx/sevy/htpasswd".service ];
  39 };
  40 security.pass.secrets."nginx/sevy/htpasswd" = {
  41   # Generated with: echo "$user:$(openssl passwd -apr1)"
  42   user = nginx.user;
  43   group = nginx.group;
  44 };
  45 }