{ pkgs, lib, config, ... }: let inherit (config) networking; inherit (config.services) nginx; in { imports = [ ../../nixos/profiles/services/nginx.nix nginx/autogeree.net.nix nginx/sourcephile.fr.nix ]; users.groups."acme".members = [nginx.user]; users.groups."keys".members = [nginx.user]; networking.nftables.ruleset = '' add rule inet filter net2fw tcp dport 80 counter accept comment "HTTP" add rule inet filter net2fw tcp dport 443 counter accept comment "HTTPS" ''; fileSystems."/var/lib/nginx" = { device = "rpool/var/www"; fsType = "zfs"; }; services.nginx = { enable = true; package = pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; }; resolver = { addresses = [ "127.0.0.1:53" ]; valid = ""; }; virtualHosts."_" = { forceSSL = true; useACMEHost = networking.domain; }; }; }