diff options
Diffstat (limited to 'static.nix')
-rw-r--r-- | static.nix | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/static.nix b/static.nix new file mode 100644 index 0000000..7924aad --- /dev/null +++ b/static.nix @@ -0,0 +1,69 @@ +# Static web and gemini hosting +# Copyright (C) 2022 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, lib, pkgs, ... }: +let + certs = config.security.acme.certs.${domain}; + domain = config.networking.domain; + bindUserDirs = sources: target: lib.mapAttrs' (user: dir: { + name = target + user; + value = { + device = "${config.users.users.${user}.home}/${dir}"; + options = [ "bind" ]; + }; + }) sources; +in { + fileSystems = bindUserDirs { + cnx = "www"; + } "${config.services.nginx.virtualHosts.${domain}.root}/~"; + + networking.firewall.allowedTCPPorts = [ + 80 # HTTP + 443 # TLS + 1965 # Gemini + ]; + + security.acme = { + acceptTerms = true; + defaults.email = "mcsinyx@disroot.org"; + }; + + services = { + molly-brown = { + certPath = "${certs.directory}/cert.pem"; + docBase = "/var/lib/gemini/${domain}"; + enable = true; + hostName = domain; + keyPath = "${certs.directory}/key.pem"; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + root = "/var/lib/www/${domain}"; + }; + }; + }; + + systemd.services.molly-brown.serviceConfig.SupplementaryGroups = [ + certs.group + ]; +} |