From d478dbd916c240e5ff609dcca17eedbd04c7fe83 Mon Sep 17 00:00:00 2001 From: Martin Fischer Date: Fri, 13 Dec 2024 07:35:32 +0100 Subject: tente: add nginx --- nixos/tente-configuration.nix | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'nixos/tente-configuration.nix') diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix index 8254fb0..e74a679 100644 --- a/nixos/tente-configuration.nix +++ b/nixos/tente-configuration.nix @@ -3,6 +3,10 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +let + domain = "beta.push-f.com"; + acmeEmail = "martin@push-f.com"; +in { config, lib, pkgs, ... }: { @@ -41,7 +45,10 @@ users.users.martin = { isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + extraGroups = [ + "wheel" # Enable ‘sudo’ for the user. + "www-data" + ]; packages = with pkgs; [ ]; }; @@ -65,6 +72,7 @@ networking.firewall.allowedTCPPorts = [ # Enabling openssh automatically opens its port in the firewall. # For all other services we need to manually list the ports here. + 80 443 ]; networking.firewall.allowedUDPPorts = []; @@ -73,6 +81,12 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; + users.groups.www-data = {}; + + systemd.tmpfiles.rules = [ + "d /srv/www 2770 root www-data -" + ]; + services.gitolite = { enable = true; adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional @@ -80,6 +94,23 @@ dataDir = "/srv/gitolite"; }; + security.acme = { + acceptTerms = true; # https://letsencrypt.org/repository/ + defaults.email = acmeEmail; + }; + + services.nginx = { + enable = true; + group = "www-data"; + + # My personal website + virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + root = "/srv/www/${domain}"; + }; + }; + # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. -- cgit v1.2.3