ryan.freumh.org / nixos
btw i use nix
fork atom
nixos / modules / alec-website.nix
at a6fee824c37b7acf9c0c63c3f4d497852afc4473 2.1 kB view raw
1{ 2 pkgs, 3 config, 4 lib, 5 alec-website, 6 ... 7}: 8 9with lib; 10 11let 12 cfg = config.custom.website.alec; 13in 14{ 15 options = { 16 custom.website.alec = { 17 enable = mkEnableOption "Alec's website"; 18 zone = mkOption { 19 type = types.str; 20 default = "${config.networking.domain}"; 21 }; 22 domain = mkOption { 23 type = types.str; 24 default = "alec.${config.networking.domain}"; 25 }; 26 cname = mkOption { 27 type = types.nullOr types.str; 28 default = null; 29 description = '' 30 CNAME to create DNS records for. 31 Ignored if null 32 ''; 33 }; 34 }; 35 }; 36 37 config = mkIf cfg.enable { 38 security.acme-eon.nginxCerts = [ cfg.domain ]; 39 security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ]; 40 41 services.nginx = { 42 enable = true; 43 virtualHosts = { 44 "${cfg.domain}" = { 45 forceSSL = true; 46 root = "${alec-website.packages.${pkgs.stdenv.hostPlatform.system}.default}"; 47 locations."/var/".extraConfig = '' 48 alias /var/${cfg.domain}/; 49 ''; 50 extraConfig = '' 51 error_page 403 =404 /404.html; 52 error_page 404 /404.html; 53 # see http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log 54 access_log /var/log/nginx/${cfg.domain}.log; 55 ''; 56 }; 57 "www.${cfg.domain}" = 58 let 59 certDir = config.security.acme-eon.certs.${cfg.domain}.directory; 60 in 61 { 62 forceSSL = true; 63 sslCertificate = "${certDir}/fullchain.pem"; 64 sslCertificateKey = "${certDir}/key.pem"; 65 sslTrustedCertificate = "${certDir}/chain.pem"; 66 extraConfig = '' 67 return 301 https://${cfg.domain}$request_uri; 68 ''; 69 }; 70 }; 71 }; 72 73 eilean.services.dns.zones.${cfg.zone}.records = [ 74 { 75 name = "${cfg.domain}."; 76 type = "CNAME"; 77 value = cfg.cname; 78 } 79 { 80 name = "www.${cfg.domain}."; 81 type = "CNAME"; 82 value = cfg.cname; 83 } 84 ]; 85 }; 86}