ryan.freumh.org / nixos
btw i use nix
fork atom
nixos / modules / ryan-website.nix
at e62b9b9b5a9d30b484958726f17e247bff67b08b 2.2 kB view raw
1{ 2 pkgs, 3 config, 4 lib, 5 ryan-website, 6 ... 7}: 8 9with lib; 10 11let 12 cfg = config.custom.website.ryan; 13in 14{ 15 options = { 16 custom.website.ryan = { 17 enable = mkEnableOption "ryan's website"; 18 zone = mkOption { 19 type = types.str; 20 default = "${config.networking.domain}"; 21 }; 22 domain = mkOption { 23 type = types.str; 24 default = "ryan.${config.networking.domain}"; 25 }; 26 cname = mkOption { 27 type = types.nullOr types.str; 28 default = null; 29 description = '' 30 CNAME to create DNS records for. 31 Ignored if null 32 ''; 33 }; 34 }; 35 }; 36 37 config = mkIf cfg.enable { 38 security.acme-eon.nginxCerts = [ cfg.domain ]; 39 security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ]; 40 41 services.nginx = { 42 enable = true; 43 virtualHosts = { 44 "${cfg.domain}" = { 45 forceSSL = true; 46 root = "/var/www/ryan.freumh.org/"; 47 locations."/".index = "home.html index.html"; 48 locations."/teapot".extraConfig = '' 49 return 418; 50 ''; 51 locations."/var".root = "/var/www/var/"; 52 extraConfig = '' 53 error_page 403 =404 /404.html; 54 error_page 404 /404.html; 55 # see http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log 56 access_log /var/log/nginx/${cfg.domain}.log; 57 ''; 58 }; 59 "www.${cfg.domain}" = 60 let 61 certDir = config.security.acme-eon.certs.${cfg.domain}.directory; 62 in 63 { 64 forceSSL = true; 65 sslCertificate = "${certDir}/fullchain.pem"; 66 sslCertificateKey = "${certDir}/key.pem"; 67 sslTrustedCertificate = "${certDir}/chain.pem"; 68 extraConfig = '' 69 return 301 https://${cfg.domain}$request_uri; 70 ''; 71 }; 72 }; 73 }; 74 75 eilean.services.dns.zones.${cfg.zone}.records = [ 76 { 77 name = "${cfg.domain}."; 78 type = "CNAME"; 79 value = cfg.cname; 80 } 81 { 82 name = "www.${cfg.domain}."; 83 type = "CNAME"; 84 value = cfg.cname; 85 } 86 ]; 87 }; 88}