From 93279eb6e61b303c6a82c7338cd27c0a23e595a9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:42:08 +1000 Subject: [PATCH] services/website: init --- hosts/dandelion/default.nix | 1 + modules/default.nix | 1 + modules/services/nginx.nix | 2 +- modules/services/website.nix | 24 ++++++++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 modules/services/website.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 2e915a3..b9f5e42 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -22,6 +22,7 @@ modules.services.nginx modules.services.postgres modules.services.unbound + modules.services.website ./filesystem.nix ./kernel.nix diff --git a/modules/default.nix b/modules/default.nix index 8a66d93..9a1898a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -26,6 +26,7 @@ in { ./services/transmission.nix ./services/unbound.nix ./services/vaultwarden.nix + ./services/website.nix ]; system = mkAttrsFromPaths [ ./system/aagl.nix diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index eb4767b..be8adaf 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -1,4 +1,4 @@ -{ config, inputs, ... }: { +{ config, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; diff --git a/modules/services/website.nix b/modules/services/website.nix new file mode 100644 index 0000000..5e7a223 --- /dev/null +++ b/modules/services/website.nix @@ -0,0 +1,24 @@ +{ inputs, ... }: { + services.nginx.virtualHosts = { + "lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + root = inputs.website.outPath; + }; + "cdn.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + root = "/persist/cdn"; + }; + "_" = { + default = true; + addSSL = true; + # TODO generate this somewhere + sslCertificate = "/persist/fakeCerts/fake.crt"; + sslCertificateKey = "/persist/fakeCerts/fake.key"; + extraConfig = '' + return 444; + ''; + }; + }; +}