carotte: apply git-crypt
[sourcephile-nix.git] / hosts / mermet / nginx / sourcephile.fr / www.nix
1 { domain, ... }:
2 { lib, config, ... }:
3 let
4 inherit (config.services) nginx;
5 srv = "www";
6 root = "/var/lib/nginx/${domain}";
7 in
8 {
9 systemd.services.nginx.serviceConfig = {
10 BindPaths = [
11 "/home/julm/work/sourcephile/txt:${root}/${srv}"
12 ];
13 StateDirectory = [
14 "nginx/${domain}/${srv}"
15 ];
16 LogsDirectory = lib.mkForce [
17 "nginx/${domain}/${srv}"
18 ];
19 };
20 services.nginx = {
21 virtualHosts.${domain} = {
22 serverAliases = [ "${srv}.${domain}" ];
23 forceSSL = true;
24 useACMEHost = domain;
25 root = "${root}/${srv}";
26 extraConfig = ''
27 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
28 error_log /var/log/nginx/${domain}/${srv}/error.log warn;
29 '';
30 locations."/".extraConfig = ''
31 #autoindex on;
32 fancyindex on;
33 fancyindex_name_length 255;
34 fancyindex_exact_size off;
35 '';
36 locations."/temp".extraConfig = ''
37 autoindex off;
38 fancyindex off;
39 '';
40 locations."/git".return = "302 https://git.${domain}/$request_uri";
41 locations."/versions".return = "302 https://git.${domain}/$request_uri";
42 locations."/codes_sources".return = "302 https://git.code.${domain}";
43 locations."/mails".return = "302 https://mails.${domain}/$request_uri";
44 locations."/listes".return = "302 https://mails.${domain}/$request_uri";
45 };
46 };
47 }