mirror of
https://github.com/Gerg-L/nixos.git
synced 2025-12-10 00:43:56 -05:00
64 lines
1.5 KiB
Nix
64 lines
1.5 KiB
Nix
{ config, lib }:
|
|
{
|
|
options.local.nginx = {
|
|
proxyVhosts = lib.mkOption {
|
|
type = lib.types.attrsOf lib.types.str;
|
|
};
|
|
defaultVhosts = lib.mkOption {
|
|
type = lib.types.attrs;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
local.nginx.defaultVhosts =
|
|
{
|
|
"_" = {
|
|
default = true;
|
|
locations."/".return = "404";
|
|
};
|
|
}
|
|
// (builtins.mapAttrs (_: v: {
|
|
locations."/".proxyPass = v;
|
|
}) config.local.nginx.proxyVhosts);
|
|
|
|
sops.secrets = {
|
|
gerg_ssl_key.owner = config.services.nginx.user;
|
|
gerg_ssl_cert.owner = config.services.nginx.user;
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
certs."gerg-l.com" = {
|
|
email = "GregLeyda@proton.me";
|
|
webroot = "/var/lib/acme/acme-challenge";
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [ "L+ /var/lib/acme - - - - /persist/services/acme" ];
|
|
|
|
users.users.${config.services.nginx.user}.extraGroups = [ "acme" ];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedZstdSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
# For immich
|
|
clientMaxBodySize = "50000M";
|
|
virtualHosts = builtins.mapAttrs (
|
|
_: v:
|
|
{
|
|
forceSSL = true;
|
|
useACMEHost = "gerg-l.com";
|
|
}
|
|
// v
|
|
) config.local.nginx.defaultVhosts;
|
|
};
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
};
|
|
}
|