noa/nixconf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove websites module since I wasn't using it anyways

Browse source
This commit is contained in:
Noa Aarts 2025-05-04 09:21:47 +02:00
parent bb94867bed
commit e8e2886672
Signed by: noa
GPG key ID: 1850932741EFF672
2 changed files with 0 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -10,6 +10,4 @@ I have three active systems, my pc (lambdaOS), my laptop (muOS) and my server (n
Both my pc and laptop are running mainly niri with plasma mostly just Both my pc and laptop are running mainly niri with plasma mostly just
there because I didn't want to setup sddm themes myself. there because I didn't want to setup sddm themes myself.
the server has some nginx helper functions so I can easily add more proxies for random websites I make.
I hope you have a great rest of your day. I hope you have a great rest of your day.

135
modules/websites/default.nix
View file

@ -1,135 +0,0 @@
{
config,
options,
lib,
...
}:
let
cfg = config.modules.websites;
in
{
options.modules.websites = {
enable = lib.mkEnableOption "enable web hosting";
certMail = lib.mkOption {
type = lib.types.str;
description = "the email address the certificate will be requested to";
};
mainDomains = lib.mkOption {
description = "nginx domains for which a certificate is needed";
type =
with lib.types;
attrsOf (submodule {
options =
let
proxyOption = lib.mkOption {
type = str;
description = "what url to proxy the requests to";
};
in
{
enable = lib.mkEnableOption "enable this website";
extra_sites = lib.mkOption {
description = "extra sites that use this certificate";
type = attrsOf (submodule {
options = {
enable = lib.mkEnableOption "enable this website";
proxy = proxyOption;
};
});
};
proxy = proxyOption;
};
});
};
};
config = lib.mkIf cfg.enable (
let
hostnames = lib.lists.flatten (
lib.attrsets.mapAttrsToList (
name: config: [ name ] ++ lib.attrsets.mapAttrsToList (n: c: lib.mkIf c.enable n) config.extra_sites
) cfg.mainDomains
);
certs = lib.attrsets.mapAttrs (
name: config:
lib.mkIf config.enable {
extraDomainNames = lib.attrsets.mapAttrsToList (
domain_name: domain_config: lib.mkIf domain_config.enable domain_name
) config.extra_sites;
webroot = lib.traceVal "/var/lib/acme/acme-challenge/${name}";
}
) cfg.mainDomains;
hosts = lib.attrsets.concatMapAttrs (
name: config:
let
extra = ''
client_max_body_size 50000M;
proxy_redirect off;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;'';
proxy = url: {
forceSSL = true;
useACMEHost = name;
extraConfig = extra;
locations."/" = {
proxyWebsockets = true;
proxyPass = url;
};
};
in
lib.trace name (
lib.mkIf config.enable (
lib.mkMerge [
{
${name} = {
forceSSL = true;
enableACME = true;
extraConfig = extra;
locations."/" = {
proxyWebsockets = true;
proxyPass = config.proxy;
};
};
}
(lib.attrsets.mapAttrs (n: c: lib.traceSeq c (proxy c.proxy)) config.extra_sites)
]
)
)
) cfg.mainDomains;
in
{
networking.hosts = {
# NOTE: this is needed because I don't have hairpin nat. :(
"::1" = hostnames;
};
security.acme = {
acceptTerms = true;
defaults.email = cfg.certMail;
certs = certs;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = hosts;
};
networking.firewall.allowedTCPPorts = [
80 # http
443 # https
];
networking.firewall.allowedUDPPorts = [
80 # http
443 # https
];
}
);
}