ryan.freumh.org / nixos
btw i use nix
fork atom
nixos / modules / ryan-website.nix
at master 2.2 kB view raw
1{ 2 config, 3 lib, 4 ... 5}: 6 7with lib; 8 9let 10 cfg = config.custom.website.ryan; 11in 12{ 13 options = { 14 custom.website.ryan = { 15 enable = mkEnableOption "ryan's website"; 16 zone = mkOption { 17 type = types.str; 18 default = "${config.networking.domain}"; 19 }; 20 domain = mkOption { 21 type = types.str; 22 default = "ryan.${config.networking.domain}"; 23 }; 24 cname = mkOption { 25 type = types.nullOr types.str; 26 default = null; 27 description = '' 28 CNAME to create DNS records for. 29 Ignored if null 30 ''; 31 }; 32 }; 33 }; 34 35 config = mkIf cfg.enable { 36 security.acme-eon.nginxCerts = [ cfg.domain ]; 37 security.acme-eon.certs.${cfg.domain}.extraDomainNames = [ "www.${cfg.domain}" ]; 38 39 services.nginx = { 40 enable = true; 41 virtualHosts = { 42 "${cfg.domain}" = { 43 forceSSL = true; 44 root = "/var/www/ryan.freumh.org/"; 45 locations."/".index = "home.html index.html"; 46 locations."/teapot".extraConfig = '' 47 return 418; 48 ''; 49 locations."/var/".alias = "/var/www/var/"; 50 extraConfig = '' 51 error_page 403 =404 /404.html; 52 error_page 404 /404.html; 53 # see http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log 54 access_log /var/log/nginx/${cfg.domain}.log; 55 ''; 56 }; 57 "www.${cfg.domain}" = 58 let 59 certDir = config.security.acme-eon.certs.${cfg.domain}.directory; 60 in 61 { 62 forceSSL = true; 63 sslCertificate = "${certDir}/fullchain.pem"; 64 sslCertificateKey = "${certDir}/key.pem"; 65 sslTrustedCertificate = "${certDir}/chain.pem"; 66 extraConfig = '' 67 return 301 https://${cfg.domain}$request_uri; 68 ''; 69 }; 70 }; 71 }; 72 73 eilean.services.dns.zones.${cfg.zone}.records = [ 74 { 75 name = "${cfg.domain}."; 76 type = "CNAME"; 77 value = cfg.cname; 78 } 79 { 80 name = "www.${cfg.domain}."; 81 type = "CNAME"; 82 value = cfg.cname; 83 } 84 ]; 85 }; 86}