38 lines
905 B
Nix
38 lines
905 B
Nix
{ config, pkgs, self, ... }: {
|
|
security.acme.defaults.email = "admins@clan.lol";
|
|
security.acme.acceptTerms = true;
|
|
|
|
# www user to push website artifacts via ssh
|
|
users.users.www = {
|
|
openssh.authorizedKeys.keys = [
|
|
# ssh-homepage-key
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPcQi7FThpE2dFcb08d7DSQzhit8e/0W9OUZXasH0JJA ssh-homepage-key"
|
|
];
|
|
isNormalUser = true;
|
|
};
|
|
|
|
# ensure /var/www can be accessed by nginx and www user
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/www 0755 www nginx"
|
|
];
|
|
|
|
services.nginx = {
|
|
virtualHosts."clan.lol" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
# to be deployed via rsync
|
|
root = "/var/www";
|
|
extraConfig = ''
|
|
charset utf-8;
|
|
source_charset utf-8;
|
|
'';
|
|
};
|
|
|
|
virtualHosts."www.clan.lol" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
globalRedirect = "clan.lol";
|
|
};
|
|
};
|
|
}
|