infra/pastila/srv.nix

70 lines
1.5 KiB
Nix
Raw Normal View History

2024-06-01 10:53:00 +00:00
{ config, lib, pkgs, ... }:
2024-06-01 17:19:37 +00:00
let
up_dir = "/srv/up";
isomorphisme_dir = "/srv/isomorphis.me";
2024-06-25 21:54:18 +00:00
tremeg_dir = "/srv/tremeg.net";
2024-06-29 10:34:51 +00:00
dev_dir = "/srv/dev";
2024-06-01 17:19:37 +00:00
in
2024-06-01 10:53:00 +00:00
{
services.nginx.enable = true;
2024-06-01 16:45:55 +00:00
# nginx runs under ProtectHome=true which disallows reading anywhere
# in /home. So we need to use a different location.
2024-06-01 10:53:00 +00:00
users.users."up" = {
isNormalUser = true;
2024-06-25 21:54:18 +00:00
home = "${up_dir}";
2024-06-01 17:34:21 +00:00
# group = config.services.nginx.group;
group = "nginx";
2024-06-16 18:44:54 +00:00
createHome = true;
homeMode = "750";
2024-06-01 10:53:00 +00:00
};
services.nginx.virtualHosts."srv.isomorphis.me" = {
forceSSL = true;
enableACME = true;
2024-06-25 21:54:18 +00:00
root = "${up_dir}";
2024-06-01 18:22:49 +00:00
locations = {
2024-06-01 17:19:37 +00:00
"/" = {
extraConfig = "autoindex on;";
};
"/.ssh" = {
return = "403";
};
"/i/" = {
extraConfig = "autoindex off;";
};
2024-06-01 10:53:00 +00:00
};
};
2024-06-01 18:22:49 +00:00
services.nginx.virtualHosts."isomorphis.me" = {
forceSSL = true;
enableACME = true;
locations."/" = {
2024-06-25 21:54:18 +00:00
root = "${isomorphisme_dir}";
};
};
services.nginx.virtualHosts."tremeg.net" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = "${tremeg_dir}";
2024-06-01 18:22:49 +00:00
};
};
2024-06-29 10:34:51 +00:00
services.nginx.virtualHosts."dev.isomorphis.me" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = "${dev_dir}/public";
};
};
2024-06-01 18:22:49 +00:00
system.activationScripts."srv-permissions" = ''
2024-06-25 21:54:18 +00:00
chown -R up:nginx ${up_dir}
chown -R nginx:nginx ${isomorphisme_dir}
chown -R nginx:nginx ${tremeg_dir}
2024-06-29 10:34:51 +00:00
chown -R nginx:nginx ${dev_dir}
2024-06-01 18:22:49 +00:00
'';
2024-06-01 10:53:00 +00:00
}