47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
deertopiaRoot = {
|
|
directory = "/persist/deertopia.net/";
|
|
group = "nginx";
|
|
user = "nginx";
|
|
};
|
|
in
|
|
{
|
|
services.nginx.enable = true;
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80 # HTTP
|
|
443 # HTTPS
|
|
];
|
|
|
|
# With this section, virtual hosts declared through the Nginx NixOS module
|
|
# will automatically request ACME SSL certificates and configure systemd
|
|
# timers to renew the certificate if required. See the article on the NixOS
|
|
# wiki, from which I've nabbed the following snippet:
|
|
# https://nixos.wiki/wiki/Nginx#Let.27s_Encrypt_certificates
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "lomiskiam@gmail.com";
|
|
};
|
|
|
|
services.nginx.virtualHosts."deertopia.net" = {
|
|
root = "${deertopiaRoot.directory}/www";
|
|
|
|
# addSSL = true;
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
index = "index.html";
|
|
};
|
|
};
|
|
|
|
system.activationScripts.initialiseDeertopiaRoot.text = ''
|
|
mkdir -p "${deertopiaRoot.directory}"
|
|
chown -R "${deertopiaRoot.user}:${deertopiaRoot.user}" \
|
|
"${deertopiaRoot.directory}"
|
|
chmod -R 775 "${deertopiaRoot.directory}"
|
|
'';
|
|
}
|