diff --git a/hosts/vps/mailserver/default.nix b/hosts/vps/mailserver/default.nix index 3ae683a..da92c36 100644 --- a/hosts/vps/mailserver/default.nix +++ b/hosts/vps/mailserver/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ pkgs, ... }: { fileSystems."/mnt/export1981" = { device = "172.16.128.47:/nas/5490"; @@ -101,39 +101,6 @@ PermitRootLogin = "prohibit-password"; }; }; - postgresql = { - enable = true; - ensureUsers = [ - { - name = "root"; - ensureClauses = { - superuser = true; - createrole = true; - createdb = true; - }; - } - ]; - }; - gitea = { - enable = true; - appName = "src"; - database = { - type = "postgres"; - }; - settings = { - server = { - DOMAIN = "src.idimitrov.dev"; - ROOT_URL = "https://src.idimitrov.dev/"; - HTTP_PORT = 3001; - }; - repository = { - DEFAULT_BRANCH = "master"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - }; - }; dnscrypt-proxy2 = { enable = true; settings = { @@ -159,63 +126,6 @@ }; }; }; - nginx = - let - webshiteConfig = '' - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - add_header X-Content-Type-Options nosniff; - ''; - extensions = [ "html" "txt" "png" "jpg" "jpeg" ]; - serveStatic = exts: '' - try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404; - ''; - in - { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - virtualHosts = { - "idimitrov.dev" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "${pkgs.webshite}"; - extraConfig = serveStatic extensions; - }; - extraConfig = webshiteConfig; - }; - "www.idimitrov.dev" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "${pkgs.webshite}"; - extraConfig = serveStatic extensions; - }; - extraConfig = webshiteConfig; - }; - "src.idimitrov.dev" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3001"; - }; - }; - "pic.idimitrov.dev" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "/var/pic"; - extraConfig = '' - autoindex on; - ${serveStatic ["png"]} - ''; - }; - }; - }; - }; }; systemd = { timers = { diff --git a/nixos/configs/default.nix b/nixos/configs/default.nix index 4cc76ad..958bc62 100644 --- a/nixos/configs/default.nix +++ b/nixos/configs/default.nix @@ -22,7 +22,7 @@ in nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]); nova-ai = novaConfig (with mods; [ ivand ai ]); install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); }; - vps = configWithModules { modules = (with mods; [ base shell security vps mailserver ]); }; + vps = configWithModules { modules = (with mods; [ base shell security vps mailserver nginx ]); }; stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); }; }; } diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index a235ac7..e84de0d 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -314,5 +314,99 @@ top@{ inputs, moduleWithSystem, ... }: { }; }; }); + nginx = moduleWithSystem (toplevel@{ ... }: perSystem@{ config, pkgs, ... }: { + services = { + nginx = + let + webshiteConfig = '' + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header X-Content-Type-Options nosniff; + ''; + extensions = [ "html" "txt" "png" "jpg" "jpeg" ]; + serveStatic = exts: '' + try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404; + ''; + in + { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + virtualHosts = { + "idimitrov.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "${pkgs.webshite}"; + extraConfig = serveStatic extensions; + }; + extraConfig = webshiteConfig; + }; + "www.idimitrov.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "${pkgs.webshite}"; + extraConfig = serveStatic extensions; + }; + extraConfig = webshiteConfig; + }; + "src.idimitrov.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3001"; + }; + }; + "pic.idimitrov.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "/var/pic"; + extraConfig = '' + autoindex on; + ${serveStatic ["png"]} + ''; + }; + }; + }; + }; + gitea = { + enable = true; + appName = "src"; + database = { + type = "postgres"; + }; + settings = { + server = { + DOMAIN = "src.idimitrov.dev"; + ROOT_URL = "https://src.idimitrov.dev/"; + HTTP_PORT = 3001; + }; + repository = { + DEFAULT_BRANCH = "master"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + }; + }; + postgresql = { + enable = true; + ensureUsers = [ + { + name = "root"; + ensureClauses = { + superuser = true; + createrole = true; + createdb = true; + }; + } + ]; + }; + }; + }); }; }