Home Explore Help
Sign In
badbayan
/
nix-config
Watch 1
Star 0
Fork 0
Files
Tree: b5b5b6757e
Branches Tags
nix-config
/
modules
/
domains
/
bad.net.ru.nix

bad.net.ru.nix 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. { config, pkgs, inputs, ... }:
    2. 

  2. let
    3. 

  3.   dns = "regru";
    4. 

  4.   domain = "bad.net.ru";
    5. 

  5.   email = "badya65@gmail.com";
    6. 

  6.   homepage.root = "/system/data/homepage";
    7. 

  7.   public = {
    8. 

  8.     alias = "/system/data/pub/";
    9. 

  9.     extraConfig = ''
    10. 

  10.       fancyindex on;
    11. 

  11.       fancyindex_exact_size on;
    12. 

  12.       directio 4M;
    13. 

  13.     '';
    14. 

  14.   };
    15. 

  15. in {
    16. 

  16.   roles.server = {
    17. 

  17.     inherit domain;
    18. 

  18.     forgejo.enable = true;
    19. 

  19.     miniflux = {
    20. 

  20.       enable = true;
    21. 

  21.       adminCredentialsFile = config.age.secrets.miniflux.path;
    22. 

  22.     };
    23. 

  23.     nginx.enable = true;
    24. 

  24.   };
    25. 

  25. 

  26.   age.secrets = with inputs.self.modules; {
    27. 

  27.     ${dns}.file = secrets.${dns};
    28. 

  28.     miniflux.file = secrets.miniflux;
    29. 

  29.     nix-serve.file = secrets."nix.bad.net.ru-1";
    30. 

  30.   };
    31. 

  31. 

  32.   services.nix-serve = {
    33. 

  33.     enable = true;
    34. 

  34.     package = pkgs.nix-serve;
    35. 

  35.     secretKeyFile = config.age.secrets.nix-serve.path;
    36. 

  36.   };
    37. 

  37. 

  38.   security.acme.certs.${domain} = {
    39. 

  39.     credentialFiles.REGRU_PASSWORD_FILE = config.age.secrets.${dns}.path;
    40. 

  40.     environmentFile = pkgs.writeText "${dns}-env" ''
    41. 

  41.       REGRU_USERNAME=${email}
    42. 

  42.       REGRU_POLLING_INTERVAL=10
    43. 

  43.       REGRU_PROPAGATION_TIMEOUT=3600
    44. 

  44.     '';
    45. 

  45.     domain = "*." + domain;
    46. 

  46.     dnsPropagationCheck = true;
    47. 

  47.     dnsProvider = dns;
    48. 

  48.     dnsResolver = "ns1.reg.ru:53";
    49. 

  49.     inherit email;
    50. 

  50.     extraDomainNames = [ domain ];
    51. 

  51.     inherit (config.security.acme.defaults) group;
    52. 

  52.     # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
    53. 

  53.   };
    54. 

  54. 

  55.   services.nginx.virtualHosts = {
    56. 

  56.     ${domain} = {
    57. 

  57.       forceSSL = true;
    58. 

  58.       enableACME = true;
    59. 

  59.       acmeRoot = null;
    60. 

  60.       locations."/" = homepage;
    61. 

  61.       locations."/pub/" = public;
    62. 

  62.       extraConfig = ''
    63. 

  63.         add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    64. 

  64.       '';
    65. 

  65.     };
    66. 

  66. 

  67.     "nix.${domain}" = {
    68. 

  68.       forceSSL = true;
    69. 

  69.       useACMEHost = domain;
    70. 

  70.       locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
    71. 

  71.     };
    72. 

  72. 

  73.     "*.${domain}" = {
    74. 

  74.       default = true;
    75. 

  75.       forceSSL = true;
    76. 

  76.       useACMEHost = domain;
    77. 

  77.       globalRedirect = domain;
    78. 

  78.     };
    79. 

  79.   };
    80. 

  80. }
    81. 

  81.