hosts/mermet/nginx/autogeree.net/www.nix

   1 { domain, ... }:
   2 { lib, config, inputs, hostName, ... }:
   3 let
   4   inherit (config.services) nginx;
   5   srv = "www";
   6   root = "/var/lib/nginx/${domain}";
   7 in
   8 {
   9   systemd.services.nginx.serviceConfig = {
  10     BindPaths = [
  11       "/home/julm/work/perso:${root}/julm"
  12     ];
  13     StateDirectory = [
  14       "nginx/${domain}/julm"
  15     ];
  16     LogsDirectory = lib.mkForce [
  17       "nginx/${domain}/${srv}"
  18     ];
  19     LoadCredentialEncrypted = [
  20       "${domain}.${srv}.julm.PC.htpasswd:${inputs.self}/hosts/${hostName}/nginx/${domain}/${srv}/julm/PC/htpasswd.cred"
  21     ];
  22   };
  23   services.nginx = {
  24     virtualHosts."${domain}.${srv}" = {
  25       serverAliases = [ domain ];
  26       forceSSL = true;
  27       useACMEHost = domain;
  28       root = "${root}/${srv}";
  29       extraConfig = ''
  30         access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
  31         error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
  32       '';
  33       locations."/".extraConfig = ''
  34         #autoindex on;
  35         fancyindex on;
  36         fancyindex_name_length 255;
  37         fancyindex_exact_size off;
  38       '';
  39       locations."/julm/" = {
  40         alias = "${root}/julm/";
  41         extraConfig = ''
  42           autoindex off;
  43         '';
  44       };
  45       locations."/julm/PC/" = {
  46         alias = "${root}/julm/PC/";
  47         basicAuthFile = "/run/credentials/nginx.service/${domain}.${srv}.julm.PC.htpasswd";
  48         extraConfig = ''
  49           fancyindex on;
  50           fancyindex_name_length 255;
  51           fancyindex_exact_size off;
  52         '';
  53       };
  54     };
  55   };
  56 }