44 lines
1.3 KiB
Nix
44 lines
1.3 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.services.jirafeau;
|
|
domain = config.networking.domain;
|
|
subdomain = cfg.reverseProxy.subdomain;
|
|
fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
|
|
|
|
inherit (lib)
|
|
mkDefault
|
|
mkIf
|
|
;
|
|
|
|
inherit (lib.utils)
|
|
mkReverseProxyOption
|
|
;
|
|
in
|
|
{
|
|
options.services.jirafeau = {
|
|
reverseProxy = mkReverseProxyOption "Jirafeau" "share";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.jirafeau = {
|
|
hostName = fqdn;
|
|
extraConfig = mkDefault ''
|
|
$cfg['style'] = 'dark-courgette';
|
|
$cfg['maximal_upload_size'] = 4096;
|
|
'';
|
|
nginxConfig = {
|
|
enableACME = if cfg.reverseProxy.enable then cfg.reverseProxy.forceSSL else mkDefault false;
|
|
forceSSL = if cfg.reverseProxy.enable then cfg.reverseProxy.forceSSL else mkDefault false;
|
|
listenAddresses = mkDefault [ "0.0.0.0" ]; # FIXME: 127.0.0.1 does not work
|
|
serverName = fqdn;
|
|
sslCertificate =
|
|
mkIf (with cfg.reverseProxy; enable && forceSSL)
|
|
"${config.security.acme.certs."${fqdn}".directory}/cert.pem";
|
|
sslCertificateKey =
|
|
mkIf (with cfg.reverseProxy; enable && forceSSL)
|
|
"${config.security.acme.certs."${fqdn}".directory}/key.pem";
|
|
};
|
|
};
|
|
};
|
|
}
|