sourcephile / git / sourcephile-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mermet: zfs: limite ARC
[sourcephile-nix.git] / hosts / losurdo / nginx.nix
diff --git a/hosts/losurdo/nginx.nix b/hosts/losurdo/nginx.nix
index 52cd0049b4a3a7f9b17b0f5a0391dfae33a85342..29b6c4db38f6dbe9ba9fe72b469d2c1991a731a4 100644 (file)
--- a/hosts/losurdo/nginx.nix
+++ b/hosts/losurdo/nginx.nix
@@ -1,56 +1,65 @@
-{ pkgs, lib, config, hostName, ... }:
+{ pkgs, config, hostName, ... }:
 let
   inherit (config) networking;
   inherit (config.services) nginx;
 in
 {
-imports = [
-  ../../nixos/profiles/services/nginx.nix
-  nginx/sourcephile.fr.nix
-];
-users.groups."acme".members = [nginx.user];
-users.groups."keys".members = [nginx.user];
-users.groups."transmission".members = [nginx.user];
-networking.nftables.ruleset = ''
-  table inet filter {
-    chain input-net {
-      tcp dport { http, https } counter accept comment "HTTP(S)"
+  imports = [
+    ../../nixos/profiles/services/nginx.nix
+    nginx/sourcephile.fr.nix
+  ];
+  users.groups."acme".members = [ nginx.user ];
+  users.groups."keys".members = [ nginx.user ];
+  users.groups."transmission".members = [ nginx.user ];
+  networking.nftables.ruleset = ''
+    table inet filter {
+      chain input-net {
+        tcp dport { http, https } counter accept comment "HTTP(S)"
+      }
     }
-  }
-'';
-fileSystems."/var/lib/nginx" = {
-  device = "${hostName}/var/www";
-  fsType = "zfs";
-};
-services.upnpc.redirections = [
-  { description = "HTTP"; externalPort =  80; protocol = "TCP"; duration = 30 * 60;
-    service.wantedBy = ["nginx.service"];
-    service.partOf = ["nginx.service"];
-  }
-  { description = "HTTPS"; externalPort = 443; protocol = "TCP"; duration = 30 * 60;
-    service.wantedBy = ["nginx.service"];
-    service.partOf = ["nginx.service"];
-  }
-];
-services.nginx = {
-  enable = true;
-  package = pkgs.nginx.override {
-    modules = with pkgs.nginxModules; [
-      fancyindex
-    ];
+  '';
+  fileSystems."/var/lib/nginx" = {
+    device = "${hostName}/var/www";
+    fsType = "zfs";
   };
-  resolver = {
-    addresses = [ "127.0.0.1:53" ];
-    valid = "";
-  };
-  virtualHosts."_" = {
-    default = true;
-    extraConfig = ''
-      # Connection closed without response
-      return 444;
-    '';
-    forceSSL = true;
-    useACMEHost = networking.domain;
+  services.upnpc.enable = true;
+  services.upnpc.redirections = [
+    {
+      description = "HTTP";
+      externalPort = 80;
+      protocol = "TCP";
+      duration = 30 * 60;
+      service.wantedBy = [ "nginx.service" ];
+      service.partOf = [ "nginx.service" ];
+    }
+    {
+      description = "HTTPS";
+      externalPort = 443;
+      protocol = "TCP";
+      duration = 30 * 60;
+      service.wantedBy = [ "nginx.service" ];
+      service.partOf = [ "nginx.service" ];
+    }
+  ];
+  services.nginx = {
+    enable = true;
+    package = pkgs.nginx.override {
+      modules = with pkgs.nginxModules; [
+        fancyindex
+      ];
+    };
+    resolver = {
+      addresses = [ "127.0.0.1:53" ];
+      valid = "";
+    };
+    virtualHosts."_" = {
+      default = true;
+      extraConfig = ''
+        # Connection closed without response
+        return 444;
+      '';
+      forceSSL = true;
+      useACMEHost = networking.domain;
+    };
   };
-};
 }
NixOS configurations for Sourcephile's infrastructure