summary refs log tree commit diff
path: root/modules/www/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/www/default.nix')
-rw-r--r--modules/www/default.nix105
1 files changed, 0 insertions, 105 deletions
diff --git a/modules/www/default.nix b/modules/www/default.nix
deleted file mode 100644
index ecc9b66..0000000
--- a/modules/www/default.nix
+++ /dev/null
@@ -1,105 +0,0 @@
-{
-  me,
-  config,
-  pkgs,
-  lib,
-  util,
-  ...
-}:
-
-let
-  inherit (lib) mergeAttrsList;
-  inherit (config.age) secrets;
-
-  rnrdUrl = if me.is.renard then "rnrd.eu" else "${me.name}.rnrd.eu";
-
-  base-index = pkgs.substituteAll {
-    src = ../../assets/base.html;
-    env.me = util.titleCase me.name;
-  };
-
-  base = pkgs.linkFarm "www-base" {
-    "index.html" = base-index;
-    "favicon.png" = ../../assets/favicon.png;
-  };
-
-  certificate = domain: {
-    ${domain} = {
-      domain = "*.${domain}";
-      extraDomainNames = [ domain ];
-
-      dnsProvider = "cloudflare";
-      credentialFiles = {
-        CLOUDFLARE_DNS_API_TOKEN_FILE = secrets.cloudflare-dns.path;
-      };
-    };
-  };
-in
-{
-  imports = [ ./tailnet.nix ];
-
-  age.secrets = {
-    cloudflare-dns.file = ../../secrets/cloudflare-dns.age;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    # causes issues with tailscale certificates
-    preliminarySelfsigned = false;
-    defaults = {
-      email = "mel@rnrd.eu";
-      # our certificates are really only used with Nginx
-      group = config.services.nginx.group;
-      reloadServices = [ "nginx.service" ];
-    };
-
-    certs = mergeAttrsList [
-      (certificate "rnrd.eu")
-      (certificate "rnrd.fyi")
-    ];
-  };
-
-  services.nginx = {
-    enable = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    statusPage = true;
-
-    commonHttpConfig = ''
-      log_format json_combined escape=json '{'
-      	'"time_local":"$time_local",'
-      	'"remote_addr":"$remote_addr",'
-      	'"remote_user":"$remote_user",'
-      	'"request":"$request",'
-      	'"status": "$status",'
-      	'"body_bytes_sent":"$body_bytes_sent",'
-      	'"request_length":"$request_length",'
-      	'"request_time":"$request_time",'
-      	'"http_referrer":"$http_referer",'
-      	'"http_user_agent":"$http_user_agent",'
-      	'"upstream_response_time":"$upstream_response_time",'
-      	'"upstream_addr":"$upstream_addr",'
-      	'"upstream_status":"$upstream_status"'
-      '}';
-      access_log /var/log/nginx/access.log json_combined;
-      error_log /var/log/nginx/error.log warn;
-    '';
-
-    virtualHosts = {
-      base = {
-        default = true;
-        serverName = rnrdUrl;
-        forceSSL = true;
-        useACMEHost = "rnrd.eu";
-
-        root = base;
-        extraConfig = ''
-          access_log /var/log/nginx/base.access.log json_combined;
-        '';
-      };
-    };
-  };
-}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 14:25:13 +0000