materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2026-06-24 17:36:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

waffentrager: init

Browse Source
This commit is contained in:
Mateusz Słodkowicz
2026-06-24 00:06:21 +02:00
parent 29adb6e6b0
commit fb653eb0f4
30 changed files with 1325 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nix-config/host/waffentrager/services/nginx.nix
+39
View File
@@ -0,0 +1,39 @@
{ config, lib, pkgs, mkk, ... }:
{
options.waffentragerService.nginx.enable = mkk.lib.mkBoolOpt false "Enable nginx";
config =
let
cfg = config.waffentragerService.nginx;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
package = pkgs.tengine;
virtualHosts."default" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
forceSSL = true;
http2 = false;
default = true;
locations."/" = { extraConfig = ''deny all;''; };
};
};
systemd.services.nginx = {
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig = {
restart = "always";
restartSec = 60;
};
};
};
}