2024-06-01 10:53:00 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
2024-06-01 17:19:37 +00:00
|
|
|
let
|
2024-06-16 09:04:59 +00:00
|
|
|
up_dir = "/srv/up";
|
|
|
|
isomorphisme_dir = "/srv/isomorphis.me";
|
2024-06-25 21:54:18 +00:00
|
|
|
tremeg_dir = "/srv/tremeg.net";
|
2024-06-29 10:34:51 +00:00
|
|
|
dev_dir = "/srv/dev";
|
2024-06-01 17:19:37 +00:00
|
|
|
in
|
2024-06-01 10:53:00 +00:00
|
|
|
{
|
|
|
|
services.nginx.enable = true;
|
|
|
|
|
2024-06-01 16:45:55 +00:00
|
|
|
# nginx runs under ProtectHome=true which disallows reading anywhere
|
|
|
|
# in /home. So we need to use a different location.
|
2024-06-01 10:53:00 +00:00
|
|
|
users.users."up" = {
|
|
|
|
isNormalUser = true;
|
2024-06-25 21:54:18 +00:00
|
|
|
home = "${up_dir}";
|
2024-06-01 17:34:21 +00:00
|
|
|
# group = config.services.nginx.group;
|
|
|
|
group = "nginx";
|
2024-06-16 18:44:54 +00:00
|
|
|
createHome = true;
|
|
|
|
homeMode = "750";
|
2024-06-01 10:53:00 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."srv.isomorphis.me" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2024-06-25 21:54:18 +00:00
|
|
|
root = "${up_dir}";
|
2024-06-01 18:22:49 +00:00
|
|
|
locations = {
|
2024-06-01 17:19:37 +00:00
|
|
|
"/" = {
|
|
|
|
extraConfig = "autoindex on;";
|
|
|
|
};
|
|
|
|
"/.ssh" = {
|
|
|
|
return = "403";
|
|
|
|
};
|
|
|
|
"/i/" = {
|
|
|
|
extraConfig = "autoindex off;";
|
|
|
|
};
|
2024-06-01 10:53:00 +00:00
|
|
|
};
|
|
|
|
};
|
2024-06-01 18:22:49 +00:00
|
|
|
|
|
|
|
services.nginx.virtualHosts."isomorphis.me" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
2024-06-25 21:54:18 +00:00
|
|
|
root = "${isomorphisme_dir}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."tremeg.net" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
|
|
root = "${tremeg_dir}";
|
2024-06-01 18:22:49 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-06-29 10:34:51 +00:00
|
|
|
services.nginx.virtualHosts."dev.isomorphis.me" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
|
|
root = "${dev_dir}/public";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-06-01 18:22:49 +00:00
|
|
|
system.activationScripts."srv-permissions" = ''
|
2024-06-25 21:54:18 +00:00
|
|
|
chown -R up:nginx ${up_dir}
|
|
|
|
chown -R nginx:nginx ${isomorphisme_dir}
|
|
|
|
chown -R nginx:nginx ${tremeg_dir}
|
2024-06-29 10:34:51 +00:00
|
|
|
chown -R nginx:nginx ${dev_dir}
|
2024-06-01 18:22:49 +00:00
|
|
|
'';
|
2024-06-01 10:53:00 +00:00
|
|
|
}
|