46 lines
1.2 KiB
Nix
46 lines
1.2 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.syscfg.server;
|
|
containers = cfg.containers;
|
|
|
|
# Function to convert your container config into an NGINX vhost
|
|
mkVhost = name: container: {
|
|
forceSSL = true;
|
|
useACMEHost = "${cfg.hostDomain}";
|
|
locations."/" = {
|
|
proxyPass = "http://${container.ip}:${toString container.port}";
|
|
proxyWebsockets = true; # Recommended for modern apps
|
|
};
|
|
};
|
|
in {
|
|
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "admin@domain.org";
|
|
|
|
certs."${cfg.hostDomain}" = {
|
|
domain = "*.${cfg.hostDomain}";
|
|
extraDomainNames = [ "${cfg.hostDomain}" ]; # Adds the root too
|
|
dnsProvider = "cloudflare"; # Change to your provider
|
|
# File containing your API token (e.g. CLOUDFLARE_DNS_API_TOKEN=...)
|
|
credentialsFile = "/var/lib/secrets/acme-dns.env";
|
|
group = "nginx";
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts = lib.mapAttrs' (name: value:
|
|
lib.nameValuePair "${value.subdomain}.${cfg.hostDomain}" (mkVhost name value)
|
|
) cfg;
|
|
};
|
|
|
|
# Open the firewall
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|