diff options
| -rw-r--r-- | static.nix | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/static.nix b/static.nix index 71889e8..c8e4eb2 100644 --- a/static.nix +++ b/static.nix @@ -17,7 +17,10 @@ # along with loang configuration. If not, see <https://www.gnu.org/licenses/>. { config, lib, pkgs, ... }: -let inherit (config.networking) domain; +let + inherit (config.networking) domain; + inherit (config.services) phylactery; + phylacteryAddress = "http://${phylactery.host}:${toString phylactery.port}"; in { networking.firewall.allowedTCPPorts = [ 80 # HTTP @@ -74,6 +77,24 @@ in { root = "/var/lib/www/khoanh.${domain}"; }; + "xem.${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + extraConfig = '' + auth_pam "Password Required"; + auth_pam_service_name "nginx"; + ''; + proxyPass = phylacteryAddress; + }; + }; + + "striproman.pirate" = { + addSSL = true; + useACMEHost = "xem.${domain}"; + locations."/".proxyPass = phylacteryAddress; + }; + "cercle.libre" = { addSSL = true; useACMEHost = "khoanh.${domain}"; @@ -129,18 +150,7 @@ in { ''; }; root = "/mnt/nas/www/px.cnx.gdn"; - }) // (aliasOpenNIC "striproman.pirate" "xem.${domain}" (let - address = "http://${phylactery.host}:${toString phylactery.port}"; - phylactery = config.services.phylactery; - in { - locations."/" = { - proxyPass = address; - extraConfig = '' - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - ''; - }; - }))); + })); }; phylactery = { |