Commit `58104d53403d`

Vincent Demeester <vincent@sbr.pm>

2019-01-25 14:53:18

kerkouane: enable nginx + acme

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

main

1 parent e04bdca

Changed files (1)

machine

kerkouane.nix

@@ -7,6 +7,15 @@ with import ../assets/machines.nix; {
     cleanTmpDir = true;
     loader.grub.enable = true;
   };
+  locations."/public/default/index" =
+  let file = pkgs.writeText "index" "Welcome !";
+  in 
+  { alias = file;
+    extraConfig = ''
+      etag off;
+      add_header etag "\"${builtins.substring 11 32 file.outPath}\"";
+      '';
+  }
   profiles = {
     git.enable = true;
     nix-config.localCaches = [];
@@ -17,9 +26,22 @@ with import ../assets/machines.nix; {
   };
   networking.firewall.allowPing = true;
   services = {
+    nginx = {
+      enable = true;
+      virtualHosts."sbr.pm" = {
+        enableACME = true;
+        forceSSL = true;
+        root = "/public/default";
+      };
+    };
     openssh.ports = [ ssh.kerkouane.port ];
     openssh.permitRootLogin = "without-password";
   };
+  security = {
+    acme.certs = {
+      "sbr.pm".email = "vincent@sbr.pm";
+    };
+  };
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
   ];

Commit 58104d53403d

Commit `58104d53403d`