]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/nginx.nix
losurdo: openvpn: fix riseup
[sourcephile-nix.git] / hosts / mermet / nginx.nix
1 { pkgs, config, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) nginx;
5 in
6 {
7 imports = [
8 ../../nixos/profiles/services/nginx.nix
9 nginx/autogeree.net.nix
10 nginx/sourcephile.fr.nix
11 ];
12 users.groups."acme".members = [ nginx.user ];
13 users.groups."keys".members = [ nginx.user ];
14 networking.nftables.ruleset = ''
15 table inet filter {
16 chain input-net {
17 tcp dport { 80, 443 } counter accept comment "HTTP(S)"
18 }
19 }
20 '';
21 services.nginx = {
22 enable = true;
23 package = pkgs.nginx.override {
24 modules = with pkgs.nginxModules; [
25 fancyindex
26 ];
27 };
28 resolver = {
29 addresses = [ "127.0.0.1:53" ];
30 valid = "";
31 };
32 virtualHosts."_" = {
33 forceSSL = true;
34 useACMEHost = networking.domain;
35 };
36 };
37 /*
38 fileSystems."/var/lib/nginx" = {
39 device = "rpool/var/lib/nginx";
40 fsType = "zfs";
41 };
42 */
43 services.sanoid.datasets."rpool/var/lib/nginx" = {
44 use_template = [ "snap" ];
45 daily = 7;
46 recursive = true;
47 };
48 }