32 lines
678 B
Nix
32 lines
678 B
Nix
{pkgs, ...}: let
|
|
rootDomain = "gumpling.net";
|
|
hostDomain = rootDomain;
|
|
in {
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "acme.evict519@simplelogin.com";
|
|
/*
|
|
Should have logic about extra certs here for the case where rootDomain and
|
|
hostDomain are not the same.
|
|
*/
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
/*
|
|
Should really be using hostDomain here for ACME, and rootDomain for my-site.
|
|
This is not robust and should be changed.
|
|
*/
|
|
virtualHosts.${rootDomain} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
root = pkgs.my-site;
|
|
};
|
|
};
|
|
}
|