75 lines
1.3 KiB
Nix
75 lines
1.3 KiB
Nix
{ config, self, ... }:
|
|
let
|
|
inherit (config.networking) fqdn;
|
|
|
|
mkVhost =
|
|
attrs: locations:
|
|
let
|
|
acmeEnabled = config.acme.enable;
|
|
in
|
|
{
|
|
forceSSL = acmeEnabled;
|
|
useACMEHost = if acmeEnabled then fqdn else null;
|
|
|
|
locations = {
|
|
"= /robots.txt" = {
|
|
alias = disallowedRobotsTxt;
|
|
};
|
|
}
|
|
// locations;
|
|
}
|
|
// attrs;
|
|
|
|
mkProxy = port: {
|
|
proxyPass = "http://127.0.0.1:${toString port}/";
|
|
|
|
extraConfig = ''
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
'';
|
|
};
|
|
|
|
mkSsi = webRoot: {
|
|
root = webRoot;
|
|
|
|
extraConfig = ''
|
|
ssi on;
|
|
'';
|
|
};
|
|
|
|
disallowedRobotsTxt = builtins.toFile "robots.txt" ''
|
|
User-agent: *
|
|
Disallow: /
|
|
'';
|
|
in
|
|
{
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
|
|
virtualHosts = {
|
|
"${fqdn}" = mkVhost { default = true; } {
|
|
"/" = mkSsi "${self.pins.website}/web-root";
|
|
};
|
|
|
|
"git.${fqdn}" = mkVhost { } {
|
|
"/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
|
|
};
|
|
|
|
"auth.${fqdn}" = mkVhost { } {
|
|
"/" = mkProxy 3001;
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
}
|