From 710b81c94cb69cab007299e9906f6cf8c1a7cfaa Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 28 Oct 2023 15:31:44 +0200 Subject: [PATCH] use nginx --- hosts/nachtigall/apps/caddy.nix | 64 --------------------------------- hosts/nachtigall/apps/nginx.nix | 23 ++++++++++++ hosts/nachtigall/default.nix | 2 +- 3 files changed, 24 insertions(+), 65 deletions(-) delete mode 100644 hosts/nachtigall/apps/caddy.nix create mode 100644 hosts/nachtigall/apps/nginx.nix diff --git a/hosts/nachtigall/apps/caddy.nix b/hosts/nachtigall/apps/caddy.nix deleted file mode 100644 index 1c0876c..0000000 --- a/hosts/nachtigall/apps/caddy.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - lib, - pkgs, - flake, - ... -}: let - maintenanceMode = { - logFormat = lib.mkForce '' - output discard - ''; - extraConfig = '' - @notFound `{err.status_code} == 404` - - @websitePages { - path / - path /about - path /hakken - path /privacy - path /os - } - - error @websitePages "Scheduled Maintenance" 503 - - handle { - root * /srv/www/pub.solar - try_files {path}.html {path} - file_server - } - - handle_errors @notFound { - error * "Scheduled Maintenance" 503 - } - - handle_errors { - root * /srv/www/pub.solar - rewrite * /maintenance/index.html - file_server - } - ''; - }; -in { - disabledModules = [ - "services/web-servers/caddy/default.nix" - ]; - - imports = [ - "${flake.inputs.unstable}/nixos/modules/services/web-servers/caddy/default.nix" - ]; - - systemd.tmpfiles.rules = [ - "d '/data/srv/www/os/download/' 0750 hakkonaut hakkonaut - -" - ]; - - services.caddy = { - enable = lib.mkForce true; - group = "hakkonaut"; - email = "admins@pub.solar"; - globalConfig = lib.mkForce '' - grace_period 60s - ''; - }; - networking.firewall.allowedTCPPorts = [80 443]; -} diff --git a/hosts/nachtigall/apps/nginx.nix b/hosts/nachtigall/apps/nginx.nix new file mode 100644 index 0000000..359a8e3 --- /dev/null +++ b/hosts/nachtigall/apps/nginx.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + self, + ... +}: let + acmeEmailAddress = "admins@pub.solar"; + webserverGroup = "hakkonaut"; +in { + services.nginx = { + enable = true; + group = webserverGroup; + enableReload = true; + }; + + security.acme = { + acceptTerms = true; + email = acmeEmailAddress; + }; + + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 67f1073..9a39d8c 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -8,6 +8,6 @@ ./networking.nix ./nix.nix - ./apps/caddy.nix + ./apps/nginx.nix ]; }