56 lines
953 B
Nix
56 lines
953 B
Nix
{
|
|
inputs,
|
|
constants,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.services.nginx;
|
|
|
|
inherit (constants) domain;
|
|
in
|
|
{
|
|
imports = [
|
|
inputs.synix.nixosModules.nginx
|
|
];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/www 0755 gitea-runner ${cfg.group} -"
|
|
];
|
|
|
|
systemd.services.gitea-runner-default.serviceConfig = {
|
|
ReadWritePaths = [ "/var/www" ];
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
openFirewall = false;
|
|
forceSSL = false;
|
|
|
|
virtualHosts = {
|
|
"${constants.services.docs.fqdn}" = {
|
|
locations."/" = {
|
|
root = "/var/www/doc";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "admin@${domain}";
|
|
dnsProvider = "hetzner";
|
|
credentialFiles = {
|
|
HETZNER_API_TOKEN_FILE = config.sops.secrets.hetzner-api-key.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets.hetzner-api-key = {
|
|
mode = "0400";
|
|
owner = "acme";
|
|
group = "acme";
|
|
};
|
|
}
|