servers/losurdo/nginx.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (config) networking;
   4   inherit (config.services) nginx;
   5 in
   6 {
   7 imports = [
   8   ../../nixos/profiles/services/nginx.nix
   9   nginx/sourcephile.fr.nix
  10 ];
  11 users.groups."acme".members = [nginx.user];
  12 networking.nftables.ruleset = ''
  13   add rule inet filter net2fw tcp dport 8443 counter accept comment "HTTPS"
  14 '';
  15 services.nginx = {
  16   enable = true;
  17   package = pkgs.nginx.override {
  18     modules = with pkgs.nginxModules; [
  19       fancyindex
  20     ];
  21   };
  22   resolver = {
  23     addresses = [ "127.0.0.1:53" ];
  24     valid = "";
  25   };
  26   virtualHosts."_" = {
  27     listen = [ { addr = "0.0.0.0"; port = 8443; ssl = true; } ];
  28     onlySSL = true;
  29     #forceSSL = true;
  30     useACMEHost = networking.domain;
  31   };
  32 };
  33 }