43 lines
812 B
Nix
43 lines
812 B
Nix
![]() |
{ config, pkgs, ... }:
|
||
|
|
||
|
{ containers.https =
|
||
|
let
|
||
|
hostname = "${config.hostname}.fudo.link";
|
||
|
incomingCertDir = "/srv/${config.hostname}/certs";
|
||
|
containerCertsDir = "/etc/letsencrypt/live";
|
||
|
|
||
|
in {
|
||
|
autoStart = true;
|
||
|
|
||
|
bindMounts = [
|
||
|
{
|
||
|
"${containerCertsDir}" = {
|
||
|
hostPath = "${incomingCertsDir}";
|
||
|
isReadOnly = false;
|
||
|
};
|
||
|
}
|
||
|
];
|
||
|
|
||
|
config = { config, pkgs, ... }:
|
||
|
{
|
||
|
environment.systemPackages = with pkgs; [
|
||
|
nginx
|
||
|
];
|
||
|
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
|
||
|
virtualHosts."${hostname}" = {
|
||
|
enableACME = true;
|
||
|
forceSSL = true;
|
||
|
root = "/var/www";
|
||
|
};
|
||
|
|
||
|
security.acme.certs = {
|
||
|
"${hostname}".email = config.adminEmail;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|