diff options
Diffstat (limited to 'modules/nixos/vhack/nginx/default.nix')
| -rw-r--r-- | modules/nixos/vhack/nginx/default.nix | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/modules/nixos/vhack/nginx/default.nix b/modules/nixos/vhack/nginx/default.nix deleted file mode 100644 index 6a82147..0000000 --- a/modules/nixos/vhack/nginx/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - lib, - config, - ... -}: let - importedRedirects = import ./redirects.nix {}; - mkRedirect = { - key, - value, - }: { - name = key; - value = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 ${value}"; - }; - }; - - redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects); - - cfg = config.vhack.nginx; -in { - options.vhack.nginx = { - enable = lib.mkEnableOption '' - a default nginx config. - ''; - - selfsign = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether to selfsign the acme certificates. This should only - really be useful for tests. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - security.acme = { - acceptTerms = true; - defaults = { - email = "admin@vhack.eu"; - webroot = "/var/lib/acme/acme-challenge"; - - # Avoid spamming the acme server, if we run in a test, and only really want self-signed - # certificates - server = lib.mkIf cfg.selfsign "https://127.0.0.1"; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - }; - services.nginx = { - enable = true; - # The merge here is fine, as no domain should be specified twice - virtualHosts = - { - "gallery.s-schoeffel.de" = { - forceSSL = true; - enableACME = true; - root = "/srv/gallery.s-schoeffel.de"; - }; - } - // redirects; - }; - }; -} |