mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 09:07:21 +01:00
40 lines
1.1 KiB
Nix
40 lines
1.1 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
let
|
|
inherit (config.repo.secrets.common) dnsProvider;
|
|
inherit (config.repo.secrets.common.mail) address3;
|
|
|
|
in
|
|
{
|
|
options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server";
|
|
config = lib.mkIf config.swarselmodules.server.nginx {
|
|
environment.systemPackages = with pkgs; [
|
|
lego
|
|
];
|
|
|
|
sops = {
|
|
secrets.acme-dns-token = { inherit (config.swarselsystems) sopsFile; };
|
|
templates."certs.secret".content = ''
|
|
CF_DNS_API_TOKEN=${config.sops.placeholder.acme-dns-token}
|
|
'';
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
inherit dnsProvider;
|
|
email = address3;
|
|
environmentFile = "${config.sops.templates."certs.secret".path}";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
statusPage = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
# virtualHosts are defined in the respective sections
|
|
};
|
|
};
|
|
}
|