modules/server/nginx.nix at main · auri.ee/nix-config

my terrible dotfiles
nix-config / modules / server / nginx.nix
at main 61 lines 1.4 kB view raw
wrap content
 1{ config, lib, ... }:
 2{
 3  sops.secrets = {
 4    "ssl/cert" = {
 5      owner = config.services.nginx.user;
 6    };
 7    "ssl/key" = {
 8      owner = config.services.nginx.user;
 9    };
10  };
11
12  networking.firewall.allowedTCPPorts = [
13    80
14    443
15  ];
16
17  services.nginx = {
18    enable = true;
19    recommendedProxySettings = true;
20    recommendedGzipSettings = true;
21    recommendedTlsSettings = true;
22    recommendedOptimisation = true;
23    appendHttpConfig = ''
24      proxy_buffering off;
25    '';
26    virtualHosts = lib.mkMerge config.forest.nginxHosts;
27  };
28
29  forest.nginxHosts = [
30    {
31      "monke.moe" = {
32        onlySSL = true;
33        useACMEHost = "monke.moe";
34        http2 = true;
35        locations = {
36          "/".return = "301 https://auri.ee";
37        };
38      };
39      "auri.ee" = {
40        onlySSL = true;
41        useACMEHost = "auri.ee";
42        http2 = true;
43        locations = {
44          "/" = {
45            return = ''200 "<h1>under construction</h1>"'';
46            extraConfig = ''
47              add_header Content-Type "text/html" always;
48            '';
49          };
50          "/.well-known/atproto-did" = {
51            return = "200 did:plc:dlxa6xglnevgshddrhscr6nj";
52            extraConfig = ''
53              add_header Access-Control-Allow-Origin "*" always;
54              add_header Content-Type "text/plain" always;
55            '';
56          };
57        };
58      };
59    }
60  ];
61}