2020-10-13 11:44:45 +00:00
|
|
|
# NixOps configuration for deploying the mcwhirter.io website
|
|
|
|
|
|
|
|
{ config, pkgs, ...}:
|
|
|
|
|
|
|
|
let
|
|
|
|
mcwhirter-io = import (pkgs.fetchgit {
|
|
|
|
name = "mcwhirter-io-src";
|
|
|
|
url = "https://source.mcwhirter.io/craige/mcwhirter.io.git";
|
|
|
|
branchName = "master";
|
2021-03-04 03:36:09 +00:00
|
|
|
sha256 = "sha256-RrhxjXl3PtF9n5wWNISOqGeXKoUluGhuBA+evvLjmjw=";
|
2020-10-13 11:44:45 +00:00
|
|
|
}) { nixpkgs = pkgs; };
|
|
|
|
webdomain = "mcwhirter.io";
|
|
|
|
|
|
|
|
in {
|
|
|
|
|
|
|
|
environment.sessionVariables = {
|
|
|
|
LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true; # Enable Nginx
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"${webdomain}" = { # website hostname
|
|
|
|
enableACME = true; # Use ACME certs
|
|
|
|
forceSSL = true; # Force SSL
|
|
|
|
root = "${mcwhirter-io}"; # Wesbite root
|
|
|
|
};
|
|
|
|
"www.${webdomain}" = { # Respect our elders :-)
|
|
|
|
#forceSSL = true;
|
|
|
|
#enableACME = true;
|
|
|
|
locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
certs = {
|
|
|
|
"${webdomain}" = {
|
|
|
|
email = "admin@${webdomain}";
|
|
|
|
group = "matrix-synapse";
|
|
|
|
};
|
|
|
|
#"www.${webdomain}" = {
|
|
|
|
# email = "admin@${webdomain}";
|
|
|
|
#};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
|
|
|
|
}
|