mirror of
https://github.com/kp2pml30/dotfiles.git
synced 2026-02-16 23:34:42 +04:00
70 lines
1.3 KiB
Nix
70 lines
1.3 KiB
Nix
{ config
|
|
, pkgs
|
|
, lib
|
|
, ...
|
|
}:
|
|
let
|
|
cfg = config.kp2pml30.server;
|
|
acmeRoot = "/var/lib/acme/acme-challenge";
|
|
pref = "kp2";
|
|
in lib.mkIf cfg.nginx {
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
maxConcurrentRenewals = 1;
|
|
defaults.email = "kp2pml30@gmail.com";
|
|
#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
certs."${cfg.hostname}" = {
|
|
extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" "git.${cfg.hostname}" ];
|
|
webroot = acmeRoot;
|
|
group = "nginx";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts."git.${cfg.hostname}" = {
|
|
enableACME = true;
|
|
acmeRoot = acmeRoot;
|
|
|
|
listen = [
|
|
{ addr = "0.0.0.0"; port = 80; }
|
|
];
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8002";
|
|
};
|
|
};
|
|
|
|
virtualHosts."backend.${cfg.hostname}" = {
|
|
enableACME = true;
|
|
acmeRoot = acmeRoot;
|
|
|
|
listen = [
|
|
{ addr = "0.0.0.0"; port = 80; }
|
|
];
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8001";
|
|
};
|
|
};
|
|
|
|
virtualHosts."${cfg.hostname}" = {
|
|
# addSSL = true;
|
|
# forceSSL = true;
|
|
enableACME = true;
|
|
acmeRoot = acmeRoot;
|
|
|
|
listen = [
|
|
{ addr = "0.0.0.0"; port = 80; }
|
|
];
|
|
|
|
locations."/" = {
|
|
root = cfg.sitePath;
|
|
tryFiles = "$uri $uri/ /index.html";
|
|
};
|
|
};
|
|
|
|
streamConfig = (builtins.readFile ./stream.nginx);
|
|
};
|
|
}
|