79 lines
1.6 KiB
Nix
79 lines
1.6 KiB
Nix
{
|
|
inputs,
|
|
outputs,
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
inherit (lib) mkEnableOption mkIf mkOption types;
|
|
cfg = config.horseman.containers.nginx;
|
|
in {
|
|
options = {
|
|
horseman.containers.nginx = {
|
|
enable = mkEnableOption "nginx container";
|
|
|
|
domain = mkOption {
|
|
type = types.str;
|
|
default = "koendev.nl";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "koen.de.ruiter@hotmail.com";
|
|
};
|
|
|
|
services.fail2ban.enable = true;
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
|
"${cfg.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
root = "/var/www/portfolio";
|
|
default = true;
|
|
extraConfig = ''
|
|
error_page 404 /404.html;
|
|
'';
|
|
};
|
|
|
|
"public.${cfg.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
root = "/var/www/public";
|
|
};
|
|
|
|
"git.${cfg.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${config.containers.forgejo.localAddress}:${toString config.horseman.containers.forgejo.port}";
|
|
};
|
|
};
|
|
|
|
"vault.${cfg.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${config.containers.vaultwarden.localAddress}:${toString config.horseman.containers.vaultwarden.port}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [80 443];
|
|
};
|
|
};
|
|
};
|
|
}
|