2023-07-19 18:33:53 +00:00
|
|
|
{ config, pkgs, self, ... }: {
|
2023-07-04 17:40:45 +00:00
|
|
|
security.acme.defaults.email = "admins@clan.lol";
|
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
|
|
2023-07-19 18:28:03 +00:00
|
|
|
# www user to push website artifacts via ssh
|
|
|
|
|
users.users.www = {
|
2023-07-19 18:33:53 +00:00
|
|
|
openssh.authorizedKeys.keys =
|
|
|
|
|
config.users.users.root.openssh.authorizedKeys.keys
|
|
|
|
|
++ [
|
|
|
|
|
# ssh-homepage-key
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxZ3Av30M6Sh6NU1mnCskB16bYtNP8vskc/+ud0AU1C ssh-homepage-key"
|
|
|
|
|
];
|
2023-09-12 10:36:30 +00:00
|
|
|
isSystemUser = true;
|
2023-11-16 14:02:26 +00:00
|
|
|
shell = "/run/current-system/sw/bin/bash";
|
2023-09-12 10:36:30 +00:00
|
|
|
group = "www";
|
2023-07-19 18:28:03 +00:00
|
|
|
};
|
2023-09-12 10:36:30 +00:00
|
|
|
users.groups.www = { };
|
2023-07-19 18:28:03 +00:00
|
|
|
|
|
|
|
|
# ensure /var/www can be accessed by nginx and www user
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d /var/www 0755 www nginx"
|
|
|
|
|
];
|
|
|
|
|
|
2023-07-04 17:40:45 +00:00
|
|
|
services.nginx = {
|
|
|
|
|
virtualHosts."clan.lol" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
2023-07-17 21:26:10 +00:00
|
|
|
# to be deployed via rsync
|
2024-04-12 13:35:19 +00:00
|
|
|
root = "/var/www/clan.lol";
|
2023-07-04 17:40:45 +00:00
|
|
|
extraConfig = ''
|
|
|
|
|
charset utf-8;
|
|
|
|
|
source_charset utf-8;
|
|
|
|
|
'';
|
2024-03-19 06:11:43 +00:00
|
|
|
|
|
|
|
|
# Make sure to expire the cache after 1 hour
|
|
|
|
|
locations."/".extraConfig = ''
|
|
|
|
|
add_header Cache-Control "public, max-age=3600";
|
|
|
|
|
'';
|
2024-02-12 06:26:59 +00:00
|
|
|
locations."/thaigersprint".return = "307 https://pad.lassul.us/s/clan-thaigersprint";
|
2023-07-04 17:40:45 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualHosts."www.clan.lol" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
globalRedirect = "clan.lol";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
