ryan.freumh.org / nixos
btw i use nix
fork atom
nixos / modules / fn06-website.nix
at master 1.8 kB view raw
1{ 2 pkgs, 3 config, 4 lib, 5 fn06-website, 6 ... 7}: 8 9with lib; 10 11let 12 cfg = config.custom.website.fn06; 13in 14{ 15 options = { 16 custom.website.fn06 = { 17 enable = mkEnableOption "fn06's website"; 18 domain = mkOption { 19 type = types.str; 20 default = "fn06.${config.networking.domain}"; 21 }; 22 cname = mkOption { 23 type = types.nullOr types.str; 24 default = null; 25 description = '' 26 CNAME to create DNS records for. 27 Ignored if null 28 ''; 29 }; 30 }; 31 }; 32 33 config = mkIf cfg.enable { 34 security.acme-eon.nginxCerts = [ cfg.domain ]; 35 security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ]; 36 37 services.nginx = { 38 enable = true; 39 virtualHosts = { 40 "${cfg.domain}" = { 41 forceSSL = true; 42 root = "${fn06-website.packages.${pkgs.stdenv.hostPlatform.system}.default}"; 43 locations."/var/".extraConfig = '' 44 alias /var/${cfg.domain}/; 45 ''; 46 extraConfig = '' 47 error_page 403 =404 /404.html; 48 error_page 404 /404.html; 49 # see http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log 50 access_log /var/log/nginx/${cfg.domain}.log; 51 ''; 52 }; 53 "www.${cfg.domain}" = 54 let 55 certDir = config.security.acme-eon.certs.${cfg.domain}.directory; 56 in 57 { 58 forceSSL = true; 59 sslCertificate = "${certDir}/fullchain.pem"; 60 sslCertificateKey = "${certDir}/key.pem"; 61 sslTrustedCertificate = "${certDir}/chain.pem"; 62 extraConfig = '' 63 return 301 https://${cfg.domain}$request_uri; 64 ''; 65 }; 66 }; 67 }; 68 }; 69}