-{ pkgs, lib, config, ... }:
+{ pkgs, config, inputs, ... }:
let
inherit (config) networking;
inherit (config.services) nginx;
in
{
-imports = [
- ../../nixos/profiles/services/nginx.nix
- nginx/autogeree.net.nix
- nginx/sourcephile.fr.nix
-];
-users.groups."acme".members = [nginx.user];
-users.groups."keys".members = [nginx.user];
-networking.nftables.ruleset = ''
- add rule inet filter net2fw tcp dport 80 counter accept comment "HTTP"
- add rule inet filter net2fw tcp dport 443 counter accept comment "HTTPS"
-'';
-services.nginx = {
- enable = true;
- package = pkgs.nginx.override {
- modules = with pkgs.nginxModules; [
- fancyindex
- ];
+ imports = [
+ (inputs.julm-nix + "/nixos/profiles/services/nginx.nix")
+ nginx/autogeree.net.nix
+ nginx/sourcephile.fr.nix
+ ];
+ users.groups."acme".members = [ nginx.user ];
+ users.groups."keys".members = [ nginx.user ];
+ networking.nftables.ruleset = ''
+ table inet filter {
+ chain input-net {
+ tcp dport { 80, 443 } counter accept comment "HTTP(S)"
+ }
+ }
+ '';
+ services.nginx = {
+ enable = true;
+ package = pkgs.nginx.override {
+ modules = with pkgs.nginxModules; [
+ fancyindex
+ ];
+ };
+ resolver = {
+ addresses = [ "127.0.0.1:53" ];
+ valid = "";
+ };
+ virtualHosts."_" = {
+ forceSSL = true;
+ useACMEHost = networking.domain;
+ };
};
- resolver = {
- addresses = [ "127.0.0.1:53" ];
- valid = "";
+ /*
+ fileSystems."/var/lib/nginx" = {
+ device = "rpool/var/lib/nginx";
+ fsType = "zfs";
+ };
+ */
+ services.sanoid.datasets."rpool/var/lib/nginx" = {
+ use_template = [ "snap" ];
+ daily = 7;
+ recursive = true;
};
- virtualHosts."_" = {
- forceSSL = true;
- useACMEHost = networking.domain;
- };
-};
-fileSystems."/var/lib/nginx" = {
- device = "rpool/var/www";
- fsType = "zfs";
-};
-services.sanoid.datasets."rpool/var/www" = {
- use_template = [ "local" ];
- daily = 7;
-};
}