mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-25 17:46:14 +01:00
104 lines
2.4 KiB
Nix
104 lines
2.4 KiB
Nix
{inputs, ...}: {
|
|
flake.nixngConfigurations.ingressToothpick = inputs.nixng.nglib.makeSystem {
|
|
system = "x86_64-linux";
|
|
name = "ingress-toothpick";
|
|
nixpkgs = inputs.nixpkgs-stable;
|
|
|
|
config = {
|
|
pkgs,
|
|
lib,
|
|
nglib,
|
|
...
|
|
}: let
|
|
inherit
|
|
(lib)
|
|
singleton
|
|
;
|
|
in {
|
|
dinit.enable = true;
|
|
init.services.nginx.shutdownOnExit = true;
|
|
|
|
system.activation = {
|
|
resolv-conf =
|
|
nglib.dag.dagEntryBefore ["certbot"]
|
|
''
|
|
export PATH=${pkgs.busybox}/bin
|
|
|
|
mkdir -p /etc
|
|
echo "nameserver 8.8.8.8" > /etc/resolv.conf
|
|
'';
|
|
};
|
|
|
|
services.certbot = {
|
|
enable = true;
|
|
|
|
acceptTerms = true;
|
|
|
|
domains = {
|
|
"redalder.org" = {
|
|
extraDomains = [
|
|
"hydra.redalder.org"
|
|
"gitea.redalder.org"
|
|
"git.redalder.org"
|
|
"matrix.redalder.org"
|
|
"buildbot.redalder.org"
|
|
"nixng.org"
|
|
];
|
|
webroot = "/var/www/certbot";
|
|
email = "admin@redalder.org";
|
|
extraOptions = "--expand --keep-until-expiring --renew-with-new-domains -v";
|
|
};
|
|
};
|
|
};
|
|
services.nginx = {
|
|
enable = true;
|
|
envsubst = true;
|
|
configuration = [
|
|
{
|
|
daemon = "off";
|
|
worker_processes = 2;
|
|
user = "nginx";
|
|
|
|
events."" = {
|
|
use = "epoll";
|
|
worker_connections = 128;
|
|
};
|
|
|
|
error_log = ["/dev/stderr" "warn"];
|
|
|
|
pid = "/nginx.pid";
|
|
|
|
stream."" = {
|
|
include = [
|
|
["/local/streams.conf"]
|
|
];
|
|
};
|
|
|
|
http."" = {
|
|
server_tokens = "off";
|
|
include = [
|
|
["${pkgs.nginx}/conf/mime.types"]
|
|
["/local/upstreams.conf"]
|
|
];
|
|
charset = "utf-8";
|
|
access_log = ["/dev/stdout" "combined"];
|
|
|
|
server."" = {
|
|
listen = ["80" "default_server"];
|
|
server_name = [
|
|
"redalder.org"
|
|
"nixng.org"
|
|
];
|
|
|
|
location."/" = {
|
|
return = ["301" "https://$$host$$request_uri"];
|
|
};
|
|
};
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|