Koen/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/modules/containers/nginx.nix
KoenDR06 fde1d41bb8 add acme shit
2026-02-09 14:38:02 +01:00

107 lines
2.4 KiB
Nix
Raw Blame History

{
inputs,
outputs,
lib,
config,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkIf mkOption types;
cfg = config.horseman.containers.nginx;
osConfig = config;
in {
options = {
horseman.containers.nginx = {
enable = mkEnableOption "nginx container";
domain = mkOption {
type = types.str;
default = "koendev.nl";
};
};
};
config = mkIf cfg.enable {
security.acme = {
acceptTerms = true;
defaults.email = "koen.de.ruiter@hotmail.com";
};
containers.nginx = {
autoStart = true;
privateNetwork = true;
hostAddress = "172.16.0.1";
localAddress = "192.168.100.1";
bindMounts = {
"/var/www/portfolio" = {
hostPath = "/var/www/portfolio";
isReadOnly = true;
};
"/var/www/public" = {
hostPath = "/var/www/public";
isReadOnly = true;
};
};
config = {
config,
pkgs,
lib,
...
}: {
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/portfolio";
default = true;
extraConfig = ''
error_page 404 /404.html;
'';
};
"public.${cfg.domain}" = {
forceSSL = true;
enableACME = true;
root = "/var/www/public";
};
"git.${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${osConfig.containers.forgejo.localAddress}:${toString osConfig.horseman.containers.forgejo.port}";
};
};
"vault.${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${osConfig.containers.vaultwarden.localAddress}:${toString osConfig.horseman.containers.vaultwarden.port}";
};
};
};
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
};
}
Reference in a new issue View git blame Copy permalink