diff options
author | sinanmohd <sinan@sinanmohd.com> | 2024-01-15 07:31:02 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2024-01-15 07:31:02 +0530 |
commit | c2915950ae09921d228c4f4d828ba60f7748abcb (patch) | |
tree | 6d28651ecf0ba059ff0b05737a0cf4f37e0ebb6b /hosts/fscusat/modules | |
parent | 3d1057bab5e09499af8786fa81135e0949c10fc7 (diff) |
fscusat/www/foss: init
Diffstat (limited to 'hosts/fscusat/modules')
-rw-r--r-- | hosts/fscusat/modules/www.nix | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/hosts/fscusat/modules/www.nix b/hosts/fscusat/modules/www.nix new file mode 100644 index 0000000..464aaa6 --- /dev/null +++ b/hosts/fscusat/modules/www.nix @@ -0,0 +1,39 @@ +{ config, ... }: + +let + domain = "foss.fscusat.ac.in"; +in +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + sops.secrets = let + opts = { + owner = config.services.nginx.user; + group = config.services.nginx.group; + }; + in{ + "cusat.ac.in/key" = opts; + "cusat.ac.in/crt" = opts; + }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + recommendedBrotliSettings = true; + + virtualHosts.${domain} = { + forceSSL = true; + sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path; + sslCertificate = config.sops.secrets."cusat.ac.in/crt".path; + + locations."/" = { + return = "200 '<h1>under construction</h1>'"; + extraConfig = "add_header Content-Type text/html;"; + }; + }; + }; +} |