summaryrefslogtreecommitdiff
path: root/hosts/fscusat/modules
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-01-15 07:31:02 +0530
committersinanmohd <sinan@sinanmohd.com>2024-01-15 07:31:02 +0530
commitc2915950ae09921d228c4f4d828ba60f7748abcb (patch)
tree6d28651ecf0ba059ff0b05737a0cf4f37e0ebb6b /hosts/fscusat/modules
parent3d1057bab5e09499af8786fa81135e0949c10fc7 (diff)
fscusat/www/foss: init
Diffstat (limited to 'hosts/fscusat/modules')
-rw-r--r--hosts/fscusat/modules/www.nix39
1 files changed, 39 insertions, 0 deletions
diff --git a/hosts/fscusat/modules/www.nix b/hosts/fscusat/modules/www.nix
new file mode 100644
index 0000000..464aaa6
--- /dev/null
+++ b/hosts/fscusat/modules/www.nix
@@ -0,0 +1,39 @@
+{ config, ... }:
+
+let
+ domain = "foss.fscusat.ac.in";
+in
+{
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ sops.secrets = let
+ opts = {
+ owner = config.services.nginx.user;
+ group = config.services.nginx.group;
+ };
+ in{
+ "cusat.ac.in/key" = opts;
+ "cusat.ac.in/crt" = opts;
+ };
+
+ services.nginx = {
+ enable = true;
+ recommendedTlsSettings = true;
+ recommendedZstdSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+ recommendedBrotliSettings = true;
+
+ virtualHosts.${domain} = {
+ forceSSL = true;
+ sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path;
+ sslCertificate = config.sops.secrets."cusat.ac.in/crt".path;
+
+ locations."/" = {
+ return = "200 '<h1>under construction</h1>'";
+ extraConfig = "add_header Content-Type text/html;";
+ };
+ };
+ };
+}