]> Git — Sourcephile - sourcephile-nix.git/blob - machines/mermet/nginx/sourcephile.fr/www.nix
nftables: harden input checks on losurdo
[sourcephile-nix.git] / machines / mermet / nginx / sourcephile.fr / www.nix
1 { domain, ... }:
2 { pkgs, lib, config, ... }:
3 let inherit (config) networking;
4 inherit (config.services) nginx public-inbox;
5 srv = "www";
6 in
7 {
8 services.nginx = {
9 virtualHosts."${srv}" = {
10 serverName = "${srv}.${domain}";
11 serverAliases = [ domain ];
12 forceSSL = true;
13 useACMEHost = domain;
14 root = "/home/julm/work/sourcephile/txt";
15 extraConfig = ''
16 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
17 error_log /var/log/nginx/${domain}/${srv}/error.log warn;
18 '';
19 locations."/".extraConfig = ''
20 #autoindex on;
21 fancyindex on;
22 fancyindex_name_length 255;
23 fancyindex_exact_size off;
24 '';
25 locations."/git".return = "302 https://git.${domain}/$request_uri";
26 locations."/versions".return = "302 https://git.${domain}/$request_uri";
27 locations."/codes_sources".return = "302 http://git.${domain}/$request_uri";
28 locations."/mails".return = "302 https://mails.${domain}/$request_uri";
29 locations."/listes".return = "302 https://mails.${domain}/$request_uri";
30 };
31 };
32 systemd.services.nginx.serviceConfig.LogsDirectory = lib.mkForce ["nginx/${domain}/${srv}"];
33 }