sourcephile / git / sourcephile-nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
mermet: iodine: stop after 30min of inactivity
[sourcephile-nix.git] / hosts / losurdo / nginx / sourcephile.fr / losurdo.nix
diff --git a/hosts/losurdo/nginx/sourcephile.fr/losurdo.nix b/hosts/losurdo/nginx/sourcephile.fr/losurdo.nix
index eead78712e3a0a3b2dfb69127d1708ab330f8ef5..9bab9a16c33256dfbb941cc124b6ac004d3f2876 100644 (file)
--- a/hosts/losurdo/nginx/sourcephile.fr/losurdo.nix
+++ b/hosts/losurdo/nginx/sourcephile.fr/losurdo.nix
@@ -1,16 +1,15 @@
 { domain, ... }:
-{ pkgs, lib, config, ... }:
+{ pkgs, lib, config, hostName, ... }:
 let
   inherit (config) networking;
   inherit (config.security) gnupg;
   inherit (config.services) nginx;
-  srv = "losurdo";
   root = "/var/lib/nginx";
   onion = "dfc66yn2fundui5yvq2ndx4nmcmbxpho4ji32tlc4cncrjvs2b5yu4id";
 in
 {
 services.tor = {
-  relay.onionServices."nginx/${domain}/${srv}" = {
+  relay.onionServices."nginx/${domain}/${hostName}" = {
     secretKey = gnupg.secrets."tor/onion/${onion}/hs_ed25519_secret_key".path;
     map = [
       80
@@ -50,8 +49,8 @@ services.nginx = {
   virtualHosts."${onion}.onion" = {
     root = root + "/dl";
     extraConfig = ''
-      access_log /var/log/nginx/${domain}/${srv}/access.json json buffer=32k;
-      error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
+      access_log /var/log/nginx/${domain}/${hostName}/access.json json buffer=32k;
+      error_log  /var/log/nginx/${domain}/${hostName}/error.log warn;
     '';
     locations."/".extraConfig = ''
       autoindex on;
@@ -62,7 +61,7 @@ services.nginx = {
       #open_file_cache_valid 1s;
     '';
   };
-  virtualHosts."${srv}.${domain}" = {
+  virtualHosts."${hostName}.${domain}" = {
     serverAliases = [ domain ];
     #onlySSL = true;
     #addSSL = true;
@@ -70,8 +69,8 @@ services.nginx = {
     useACMEHost = domain;
     root = root;
     extraConfig = ''
-      access_log /var/log/nginx/${domain}/${srv}/access.json json buffer=32k;
-      error_log  /var/log/nginx/${domain}/${srv}/error.log warn;
+      access_log /var/log/nginx/${domain}/${hostName}/access.json json buffer=32k;
+      error_log  /var/log/nginx/${domain}/${hostName}/error.log warn;
     '';
     locations."/".extraConfig = ''
       #autoindex on;
@@ -101,16 +100,20 @@ services.nginx = {
       open_file_cache off;
       #open_file_cache_valid 1s;
     '';
-    locations."/perso".extraConfig = ''
-      auth_basic "authentication required";
-      auth_basic_user_file ${gnupg.secrets."nginx/perso/htpasswd".path};
-      autoindex on;
-    '';
+    locations."/perso" = {
+      basicAuthFile = gnupg.secrets."nginx/perso/htpasswd".path;
+      extraConfig = ''
+        autoindex on;
+      '';
+    };
   };
 };
 systemd.services.nginx = {
   serviceConfig = {
-    LogsDirectory = lib.mkForce ["nginx/${domain}/${srv}"];
+    LogsDirectory = lib.mkForce [
+      "nginx/${domain}/${hostName}"
+      "nginx/wg-intra/${hostName}"
+    ];
     BindReadOnlyPaths = [
       "/home/julm/work/sourcephile/web:${root}/julm"
       "/home/julm/dl:${root}/dl"
NixOS configurations for Sourcephile's infrastructure