]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/nginx/autogeree.net/www.nix
grafana: listen on wg-intra
[sourcephile-nix.git] / hosts / mermet / nginx / autogeree.net / www.nix
1 { domain, ... }:
2 { pkgs, lib, config, ... }:
3 let
4 inherit (config) networking;
5 inherit (config.security) gnupg;
6 inherit (config.services) nginx;
7 srv = "www";
8 root = "/var/lib/nginx/${domain}";
9 in
10 {
11 systemd.services.nginx.serviceConfig = {
12 BindPaths = [
13 "/home/julm/work/perso:${root}/julm"
14 ];
15 StateDirectory = [
16 "nginx/${domain}/julm"
17 ];
18 LogsDirectory = lib.mkForce [
19 "nginx/${domain}/${srv}"
20 ];
21 };
22 services.nginx = {
23 virtualHosts."${domain}.${srv}" = {
24 serverAliases = [ domain ];
25 forceSSL = true;
26 useACMEHost = domain;
27 root = "${root}/${srv}";
28 extraConfig = ''
29 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
30 error_log /var/log/nginx/${domain}/${srv}/error.log warn;
31 '';
32 locations."/".extraConfig = ''
33 #autoindex on;
34 fancyindex on;
35 fancyindex_name_length 255;
36 fancyindex_exact_size off;
37 '';
38 locations."/julm/" = {
39 alias = "${root}/julm/";
40 extraConfig = ''
41 autoindex off;
42 '';
43 };
44 locations."/julm/PC/" = {
45 alias = "${root}/julm/PC/";
46 extraConfig = ''
47 auth_basic "restricted area";
48 auth_basic_user_file ${gnupg.secrets."nginx/${domain}/${srv}/julm/PC/htpasswd".path};
49 fancyindex on;
50 fancyindex_name_length 255;
51 fancyindex_exact_size off;
52 '';
53 };
54 };
55 };
56 security.gnupg.secrets = {
57 "nginx/${domain}/${srv}/julm/PC/htpasswd" = {
58 # Generated with: echo "$user:$(openssl passwd -apr1)"
59 systemdConfig.before = [ "nginx.service" ];
60 systemdConfig.wantedBy = [ "nginx.service" ];
61 user = nginx.user;
62 group = nginx.group;
63 };
64 };
65 }