{ inputs, outputs, lib, config, pkgs, ... }: let inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.horseman.containers.nginx; osConfig = config; in { options = { horseman.containers.nginx = { enable = mkEnableOption "nginx container"; domain = mkOption { type = types.str; default = "koendev.nl"; }; }; }; config = mkIf cfg.enable { containers.nginx = { autoStart = true; privateNetwork = true; hostAddress = "172.16.0.1"; localAddress = "192.168.100.1"; bindMounts = { "/var/www/portfolio" = { hostPath = "/var/www/portfolio"; isReadOnly = true; }; "/var/www/public" = { hostPath = "/var/www/public"; isReadOnly = true; }; }; config = { config, pkgs, lib, ... }: { services.nginx = { enable = true; virtualHosts = { "${cfg.domain}" = { forceSSL = true; enableACME = true; root = "/var/www/portfolio"; default = true; extraConfig = '' error_page 404 /404.html; ''; }; "public.${cfg.domain}" = { forceSSL = true; enableACME = true; root = "/var/www/public"; }; "git.${cfg.domain}" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${osConfig.containers.forgejo.localAddress}:${toString osConfig.horseman.containers.forgejo.port}"; }; }; "vault.${cfg.domain}" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${osConfig.containers.vaultwarden.localAddress}:${toString osConfig.horseman.containers.vaultwarden.port}"; }; }; }; }; networking = { firewall = { enable = true; allowedTCPPorts = [80 443]; }; useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; system.stateVersion = "23.11"; }; }; }; }