nixos-config/profiles/vm/http.nix

{ config, pkgs, ... }:

{ containers.https =
  let
    hostname = "${config.hostname}.fudo.link";
    incomingCertDir = "/srv/${config.hostname}/certs";
    containerCertsDir = "/etc/letsencrypt/live";

  in {
    autoStart = true;

    bindMounts = [
      {
        "${containerCertsDir}" = {
          hostPath = "${incomingCertsDir}";
          isReadOnly = false;
        };
      }
    ];

    config = { config, pkgs, ... }:
    {
      environment.systemPackages = with pkgs; [
        nginx
      ];

      services.nginx = {
        enable = true;

        virtualHosts."${hostname}" = {
          enableACME = true;
          forceSSL = true;
          root = "/var/www";
        };

        security.acme.certs = {
          "${hostname}".email = config.adminEmail;
        };
      };
    };
  };
}
Initial re-checki 2019-12-25 15:20:36 -08:00			`{ config, pkgs, ... }:`

			`{ containers.https =`
			`let`
			`hostname = "${config.hostname}.fudo.link";`
			`incomingCertDir = "/srv/${config.hostname}/certs";`
			`containerCertsDir = "/etc/letsencrypt/live";`

			`in {`
			`autoStart = true;`

			`bindMounts = [`
			`{`
			`"${containerCertsDir}" = {`
			`hostPath = "${incomingCertsDir}";`
			`isReadOnly = false;`
			`};`
			`}`
			`];`

			`config = { config, pkgs, ... }:`
			`{`
			`environment.systemPackages = with pkgs; [`
			`nginx`
			`];`

			`services.nginx = {`
			`enable = true;`

			`virtualHosts."${hostname}" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`root = "/var/www";`
			`};`

			`security.acme.certs = {`
			`"${hostname}".email = config.adminEmail;`
			`};`
			`};`
			`};`
			`};`
			`}`