36 lines
896 B
Nix
36 lines
896 B
Nix
{ pkgs, ... }: {
|
|
services.nginx.enable = true;
|
|
services.nginx.virtualHosts."kyren.codes" = {
|
|
useACMEHost = "kyren.codes";
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
index = "index.html";
|
|
root = "/srv/website";
|
|
};
|
|
|
|
locations."/404.html" = {
|
|
root = "/srv/website";
|
|
};
|
|
extraConfig = ''
|
|
error_page 404 /404.html;
|
|
'';
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "kyren223@proton.me";
|
|
certs."kyren.codes" = {
|
|
domain = "kyren.codes";
|
|
extraDomainNames = [ "*.kyren.codes" ];
|
|
dnsProvider = "cloudflare";
|
|
environmentFile = "${pkgs.writeText "cf-creds" ''
|
|
CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare-dns-api-token
|
|
''}";
|
|
webroot = null;
|
|
};
|
|
};
|
|
users.users.nginx.extraGroups = [ "acme" ];
|
|
|
|
networking.firewall.allowedTCPPorts = [ 443 80 3000 ];
|
|
}
|