forgejo good, nginx coming along

2026-02-15 22:46:17 -08:00 · 2026-02-15 22:46:17 -08:00 · 8fdbb33939
commit 8fdbb33939
parent 29eb6493be
40 changed files with 153 additions and 493 deletions
--- a/servers/nginx.nix
+++ b/servers/nginx.nix
@ -0,0 +1,29 @@
+{ config, lib, pkgs, ... }:
+let
+  # WARNING: this ends up world-readable in the Nix store if you inline it.
+  cloudflareEnv = pkgs.writeText "cloudflare-acme.env" ''
+    umnyPSYOr9U3m404_IBMl4PTOzg29nz_XzNEGw2v
+  '';
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+
+    # These defaults are inherited by security.acme.certs.* unless overridden. :contentReference[oaicite:0]{index=0}
+    defaults = {
+      email = "admin@symbiotrip.com";
+      dnsProvider = "cloudflare";            # :contentReference[oaicite:1]{index=1}
+      environmentFile = cloudflareEnv;       # :contentReference[oaicite:2]{index=2}
+    };
+  };
+}