infra/pastila/srv.nix

{ config, lib, pkgs, ... }:

{
  services.nginx.enable = true;

  # nginx runs under ProtectHome=true which disallows reading anywhere
  # in /home. So we need to use a different location.
  users.users."up" = {
    isNormalUser = true;
    home = /srv/up;
    group = config.services.nginx.group;
    createHome = true;
    homeMode = "750";
  };

  services.nginx.virtualHosts."srv.isomorphis.me" = {
    forceSSL = true;
    enableACME = true;
    root = config.users.users."up".home;
    locations."/" = {
      extraConfig = ''
        autoindex on;
      '';
    };
    locations."/i/" = {
      extraConfig = ''
        autoindex off;
      '';
    };
  };
}
pastila: srv 2024-06-01 10:53:00 +00:00			`{ config, lib, pkgs, ... }:`

			`{`
			`services.nginx.enable = true;`

tweak srv 2024-06-01 16:45:55 +00:00			`# nginx runs under ProtectHome=true which disallows reading anywhere`
			`# in /home. So we need to use a different location.`
pastila: srv 2024-06-01 10:53:00 +00:00			`users.users."up" = {`
			`isNormalUser = true;`
tweak srv 2024-06-01 16:45:55 +00:00			`home = /srv/up;`
pastila: srv 2024-06-01 10:53:00 +00:00			`group = config.services.nginx.group;`
			`createHome = true;`
tweak srv 2024-06-01 16:45:55 +00:00			`homeMode = "750";`
pastila: srv 2024-06-01 10:53:00 +00:00			`};`

			`services.nginx.virtualHosts."srv.isomorphis.me" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`root = config.users.users."up".home;`
			`locations."/" = {`
			`extraConfig = ''`
			`autoindex on;`
			`'';`
			`};`
			`locations."/i/" = {`
			`extraConfig = ''`
			`autoindex off;`
			`'';`
			`};`
			`};`
			`}`