52 lines
1.2 KiB
Nix
52 lines
1.2 KiB
Nix
{ lib, config, ... }: {
|
|
|
|
imports = [
|
|
./acme.nix
|
|
];
|
|
|
|
options = {
|
|
website.enable = lib.mkEnableOption "enables website";
|
|
};
|
|
|
|
config = lib.mkIf config.website.enable {
|
|
|
|
users.users.website = {
|
|
createHome = false;
|
|
isNormalUser = true;
|
|
group = "users";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7P9K9D5RkBk+JCRRS6AtHuTAc6cRpXfRfRMg/Kyren"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1B/i/AQLYt6mrz0P/oUJItpvWXp7z0xHNzmcPdtwWd"
|
|
];
|
|
};
|
|
|
|
# Make sure the "website" user has access to /srv/website
|
|
systemd.tmpfiles.rules = [
|
|
"d /srv/website 0750 website nginx"
|
|
];
|
|
|
|
# Open http and https ports to the public
|
|
networking.firewall.allowedTCPPorts = [ 443 ];
|
|
|
|
# Make sure acme module is active for the "kyren.codes" ssl cert
|
|
acme.enable = true;
|
|
|
|
services.nginx.enable = true;
|
|
services.nginx.virtualHosts."kyren.codes" = {
|
|
useACMEHost = "kyren.codes";
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
index = "index.html";
|
|
root = "/srv/website";
|
|
};
|
|
|
|
locations."/404.html" = {
|
|
root = "/srv/website";
|
|
};
|
|
extraConfig = ''
|
|
error_page 404 /404.html;
|
|
'';
|
|
};
|
|
};
|
|
}
|