42 lines
1,015 B
Nix
42 lines
1,015 B
Nix
{ config, inputs, ... }: {
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
email = "me@lava.moe";
|
|
certs."lava.moe" = {
|
|
group = "nginx";
|
|
domain = "lava.moe";
|
|
extraDomainNames = [
|
|
"*.lava.moe"
|
|
"*.local.lava.moe"
|
|
];
|
|
dnsProvider = "cloudflare";
|
|
credentialsFile = config.age.secrets."acme_dns".path;
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts = {
|
|
"lava.moe" = {
|
|
useACMEHost = "lava.moe";
|
|
forceSSL = true;
|
|
root = inputs.website.outPath;
|
|
};
|
|
# "_" = {
|
|
# default = true;
|
|
# addSSL = true;
|
|
# # TODO generate this somewhere
|
|
# sslCertificate = "/persist/fakeCerts/fake.crt";
|
|
# sslCertificateKey = "/persist/fakeCerts/fake.key";
|
|
# extraConfig = ''
|
|
# return 444;
|
|
# '';
|
|
# };
|
|
};
|
|
};
|
|
}
|