diff options
| author | Mel <mel@rnrd.eu> | 2025-04-16 12:49:53 +0200 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2025-04-16 12:49:53 +0200 |
| commit | 5e1a9f0179c0beb73b63140a3ee20c4acb04fcc4 (patch) | |
| tree | e2d3c83e761dc2bec056d81c268bc500ad148a6c /modules/www/default.nix | |
| parent | 6c9f992808b6cf8b079f4c8cfa5625de1e624618 (diff) | |
| download | network-5e1a9f0179c0beb73b63140a3ee20c4acb04fcc4.tar.zst network-5e1a9f0179c0beb73b63140a3ee20c4acb04fcc4.zip | |
Move WWW configuration into foundation module, and make it configurable
Signed-off-by: Mel <mel@rnrd.eu>
Diffstat (limited to 'modules/www/default.nix')
| -rw-r--r-- | modules/www/default.nix | 105 |
1 files changed, 0 insertions, 105 deletions
diff --git a/modules/www/default.nix b/modules/www/default.nix deleted file mode 100644 index ecc9b66..0000000 --- a/modules/www/default.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ - me, - config, - pkgs, - lib, - util, - ... -}: - -let - inherit (lib) mergeAttrsList; - inherit (config.age) secrets; - - rnrdUrl = if me.is.renard then "rnrd.eu" else "${me.name}.rnrd.eu"; - - base-index = pkgs.substituteAll { - src = ../../assets/base.html; - env.me = util.titleCase me.name; - }; - - base = pkgs.linkFarm "www-base" { - "index.html" = base-index; - "favicon.png" = ../../assets/favicon.png; - }; - - certificate = domain: { - ${domain} = { - domain = "*.${domain}"; - extraDomainNames = [ domain ]; - - dnsProvider = "cloudflare"; - credentialFiles = { - CLOUDFLARE_DNS_API_TOKEN_FILE = secrets.cloudflare-dns.path; - }; - }; - }; -in -{ - imports = [ ./tailnet.nix ]; - - age.secrets = { - cloudflare-dns.file = ../../secrets/cloudflare-dns.age; - }; - - security.acme = { - acceptTerms = true; - # causes issues with tailscale certificates - preliminarySelfsigned = false; - defaults = { - email = "mel@rnrd.eu"; - # our certificates are really only used with Nginx - group = config.services.nginx.group; - reloadServices = [ "nginx.service" ]; - }; - - certs = mergeAttrsList [ - (certificate "rnrd.eu") - (certificate "rnrd.fyi") - ]; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - statusPage = true; - - commonHttpConfig = '' - log_format json_combined escape=json '{' - '"time_local":"$time_local",' - '"remote_addr":"$remote_addr",' - '"remote_user":"$remote_user",' - '"request":"$request",' - '"status": "$status",' - '"body_bytes_sent":"$body_bytes_sent",' - '"request_length":"$request_length",' - '"request_time":"$request_time",' - '"http_referrer":"$http_referer",' - '"http_user_agent":"$http_user_agent",' - '"upstream_response_time":"$upstream_response_time",' - '"upstream_addr":"$upstream_addr",' - '"upstream_status":"$upstream_status"' - '}'; - access_log /var/log/nginx/access.log json_combined; - error_log /var/log/nginx/error.log warn; - ''; - - virtualHosts = { - base = { - default = true; - serverName = rnrdUrl; - forceSSL = true; - useACMEHost = "rnrd.eu"; - - root = base; - extraConfig = '' - access_log /var/log/nginx/base.access.log json_combined; - ''; - }; - }; - }; -} |