1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
{ me, pkgs, util, ... }:
let
rnrdUrl = if me.is.renard then "rnrd.eu" else "${me.name}.rnrd.eu";
base-index = pkgs.substituteAll {
src = ../../assets/base.html;
env.me = util.titleCase me.name;
};
base = pkgs.linkFarm "www-base" {
"index.html" = base-index;
"favicon.png" = ../../assets/favicon.png;
};
in
{
imports = [ ./tailnet.nix ];
security.acme = {
acceptTerms = true;
defaults.email = "mel@rnrd.eu";
# causes issues with tailscale certificates
preliminarySelfsigned = false;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
statusPage = true;
commonHttpConfig = ''
log_format json_combined escape=json '{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_length":"$request_length",'
'"request_time":"$request_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"upstream_response_time":"$upstream_response_time",'
'"upstream_addr":"$upstream_addr",'
'"upstream_status":"$upstream_status"'
'}';
access_log /var/log/nginx/access.log json_combined;
error_log /var/log/nginx/error.log warn;
'';
virtualHosts = {
base = {
default = true;
serverName = rnrdUrl;
root = base;
forceSSL = true;
enableACME = true;
extraConfig = ''
access_log /var/log/nginx/base.access.log json_combined;
'';
};
};
};
}
|
