summary refs log tree commit diff stats
path: root/modules/webserver.nix
diff options
context:
space:
mode:
authorChristian Krinitsin <code@krinitsin.xyz>2025-02-26 13:00:48 +0100
committerChristian Krinitsin <code@krinitsin.xyz>2025-02-26 13:00:48 +0100
commitdc0eb0ec4674ee97a7bbf0070ce841afbf47b994 (patch)
tree23e5a6ff99247398850a8e9b1e7c56926aa68d12 /modules/webserver.nix
parentdea825d1dba8023ecc6ec75dd760ccea37fd72a4 (diff)
downloadnosix-dc0eb0ec4674ee97a7bbf0070ce841afbf47b994.tar.gz
nosix-dc0eb0ec4674ee97a7bbf0070ce841afbf47b994.zip
add nginx webserver with acme
Diffstat (limited to 'modules/webserver.nix')
-rw-r--r--modules/webserver.nix40


1 files changed, 40 insertions, 0 deletions
diff --git a/modules/webserver.nix b/modules/webserver.nix
new file mode 100644
index 0000000..50b28f4
--- /dev/null
+++ b/modules/webserver.nix
@@ -0,0 +1,40 @@
+{ config, libs, pkgs, ... }:
+{
+
+  users.users.nginx.extraGroups = [ "acme" ];
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "krinitsin.com" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/var/www/krinitsin.com";
+	serverAliases = [ "www.krinitsin.com" ];
+
+	locations."/shopping/".basicAuthFile = "/secret/shopping_auth";
+	locations."/shopping/api/".proxyPass = "http://krinitsin.com:5000";
+      };
+
+      "recipes.krinitsin.com" = {
+        forceSSL = true;
+	useACMEHost = "krinitsin.com";
+	root = "/var/www/recipes.krinitsin.com";
+	serverAliases = [ "rezepte.krinitsin.com" ]
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "christian@krinitsin.xyz";
+    certs."krinitsin.com".extraDomainNames = [ "shopping.krinitsin.com" "webmail.krinitsin.com" ];
+  };
+
+  systemd.services.flask = {
+    enable = true;
+    wantedBy = ["default.target"];
+    serviceConfig.ExecStart = ''/run/current-system/sw/bin/flask --app /var/www/krinitsin.com/shopping/app.py run -h krinitsin.com'';
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 5000 ];
+}