bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 00:29:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos/src/system/modules/nginx/default.nix
Bryan Ramos cadcfe0bc5
updated to 25.05
2025-07-06 01:24:42 -04:00

93 lines
2.3 KiB
Nix
Raw Blame History

{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.system.nginx;
module = config.modules.system;
forgejo = config.services.forgejo;
in
{ options.modules.system.nginx = { enable = mkEnableOption "Nginx Reverse Proxy"; };
config = mkIf cfg.enable {
users = {
users = {
"${config.services.nginx.user}" = {
description = "Web server system user";
isSystemUser = true;
group = mkForce "${config.services.nginx.group}";
extraGroups = [
"${config.security.acme.defaults.group}"
];
};
"btc" = {
extraGroups = mkIf module.bitcoin.enable [
"${config.services.nginx.group}"
];
};
"${forgejo.user}" = {
extraGroups = mkIf module.forgejo.enable [
"${config.services.nginx.group}"
];
};
};
groups = {
"${config.services.nginx.group}" = {
members = [
"${config.services.nginx.user}"
];
};
};
};
security.acme =
{
acceptTerms = true;
defaults = {
email = "${config.user.email}";
validMinDays = 90;
listenHTTP = ":80";
};
certs = {
"ramos.codes" = {
extraDomainNames = attrNames config.services.nginx.virtualHosts;
};
};
};
services.nginx = {
enable = true;
user = "nginx";
group = "web";
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
certPath = config.security.acme.certs."ramos.codes".directory;
sslCertificate = "${certPath}/fullchain.pem";
sslCertificateKey = "${certPath}/key.pem";
withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
inherit sslCertificate sslCertificateKey;
forceSSL = true;
}) hosts;
in withSSL
{
"git.ramos.codes" = mkIf module.forgejo.enable {
locations = {
"/" = {
proxyPass = "http://unix:${forgejo.settings.server.HTTP_ADDR}";
};
};
};
#"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable {
# locations = {
# "/" = {
# proxyPass = "";
# };
# };
#};
};
};
};
}
Reference in a new issue View git blame Copy permalink