{ pkgs, lib, config, ... }: let inherit (config) networking; inherit (config.services) nginx; in { imports = [ ../../nixos/profiles/services/nginx.nix nginx/sourcephile.fr.nix ]; users.groups."acme".members = [nginx.user]; users.groups."transmission".members = [nginx.user]; networking.nftables.ruleset = '' add rule inet filter net2fw tcp dport 80 counter accept comment "HTTP" add rule inet filter net2fw tcp dport 443 counter accept comment "HTTPS" ''; services.upnpc.redirections = [ { port = 80; protocol = "TCP"; } { port = 443; protocol = "TCP"; } ]; services.nginx = { enable = true; package = pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; }; resolver = { addresses = [ "127.0.0.1:53" ]; valid = ""; }; virtualHosts."_" = { default = true; extraConfig = '' # Connection closed without response return 444; ''; forceSSL = true; useACMEHost = networking.domain; }; }; }