168 lines
4.8 KiB
Nix
168 lines
4.8 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
port = 38471;
|
|
config = pkgs.writeTextFile {
|
|
name = "Caddyfile";
|
|
text = ''
|
|
when-then-zen.christine.website:${toString port} {
|
|
tls off
|
|
errors syslog
|
|
|
|
root /srv/http/when-then-zen.christine.website
|
|
|
|
internal /README.md
|
|
internal /templates
|
|
internal /LICENSE
|
|
internal /Caddyfile
|
|
|
|
ext .md
|
|
|
|
browse /bonus
|
|
browse /meditation /srv/http/when-then-zen.christine.website/templates/index.html
|
|
browse /skills /srv/http/when-then-zen.christine.website/templates/index.html
|
|
|
|
markdown / {
|
|
template templates/page.html
|
|
}
|
|
}
|
|
|
|
xena.greedo.xeserv.us:${toString port} {
|
|
tls off
|
|
errors syslog
|
|
|
|
header / X-Clacks-Overhead "GNU Ashlynn"
|
|
|
|
root /srv/http/xena.greedo.xeserv.us
|
|
markdown / {
|
|
template blog templates/blog.html
|
|
template index templates/index.html
|
|
}
|
|
|
|
browse
|
|
}
|
|
|
|
xn--u7hz981o.ws:${toString port} {
|
|
tls off
|
|
errors syslog
|
|
|
|
header / X-Clacks-Overhead "GNU Ashlynn"
|
|
|
|
internal /templates
|
|
|
|
root /srv/http/xn--u7hz981o.ws
|
|
markdown / {
|
|
template index templates/index.html
|
|
template page templates/page.html
|
|
}
|
|
}
|
|
'';
|
|
};
|
|
caddyPkg = pkgs.stdenv.mkDerivation {
|
|
pname = "caddy";
|
|
version = "1.0.4";
|
|
src = builtins.fetchurl {
|
|
url =
|
|
"https://github.com/caddyserver/caddy/releases/download/v1.0.4/caddy_v1.0.4_linux_amd64.tar.gz";
|
|
sha256 = "0cmlwkp3cjx5yw3947y91wymsr398knq92q3iwc57bdzdi33fzwy";
|
|
};
|
|
|
|
phases = "unpackPhase installPhase";
|
|
|
|
installPhase = ''
|
|
tar zxf $src
|
|
mkdir -p $out/bin
|
|
cp ./caddy $out/bin/caddy
|
|
'';
|
|
};
|
|
in {
|
|
age.secrets.mi-token = {
|
|
file = ../../secret/lufta.aws.env.age;
|
|
path = "/var/lib/nginx/mi-token";
|
|
mode = "600";
|
|
owner = "nginx";
|
|
group = "nginx";
|
|
};
|
|
|
|
services.fcgiwrap.enable = true;
|
|
services.nginx.virtualHosts = {
|
|
"home.cetacean.club" = {
|
|
locations."/front".extraConfig = ''
|
|
root /tmp;
|
|
fastcgi_param QUERY_STRING $query_string;
|
|
fastcgi_param REQUEST_METHOD $request_method;
|
|
fastcgi_param CONTENT_TYPE $content_type;
|
|
fastcgi_param CONTENT_LENGTH $content_length;
|
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
fastcgi_param REQUEST_URI $request_uri;
|
|
fastcgi_param DOCUMENT_URI $document_uri;
|
|
fastcgi_param DOCUMENT_ROOT /srv/http/home.cetacean.club;
|
|
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
|
|
|
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
|
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
|
|
|
fastcgi_param REMOTE_ADDR $remote_addr;
|
|
fastcgi_param REMOTE_PORT $remote_port;
|
|
fastcgi_param SERVER_ADDR $server_addr;
|
|
fastcgi_param SERVER_PORT $server_port;
|
|
fastcgi_param SERVER_NAME $server_name;
|
|
|
|
fastcgi_param HTTPS $https;
|
|
|
|
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
|
fastcgi_param REDIRECT_STATUS 200;
|
|
fastcgi_param MI_TOKEN_PATH /var/lib/nginx/mi-token;
|
|
fastcgi_param SCRIPT_FILENAME ${pkgs.xeserv.whoisfront};
|
|
fastcgi_pass unix:/run/fcgiwrap.sock;
|
|
'';
|
|
forceSSL = true;
|
|
useACMEHost = "cetacean.club";
|
|
extraConfig = ''
|
|
access_log /var/log/nginx/home.cetacean.club.access.log;
|
|
'';
|
|
};
|
|
|
|
"when-then-zen.christine.website" = {
|
|
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
|
|
forceSSL = true;
|
|
useACMEHost = "christine.website";
|
|
extraConfig = ''
|
|
access_log /var/log/nginx/when-then-zen.access.log;
|
|
'';
|
|
};
|
|
|
|
"xena.greedo.xeserv.us" = {
|
|
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
|
|
forceSSL = true;
|
|
useACMEHost = "xeserv.us";
|
|
extraConfig = ''
|
|
access_log /var/log/nginx/xenafiles.access.log;
|
|
'';
|
|
};
|
|
|
|
"xn--u7hz981o.ws" = {
|
|
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
|
|
forceSSL = true;
|
|
useACMEHost = "xn--u7hz981o.ws";
|
|
};
|
|
};
|
|
|
|
systemd.services.caddy = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
User = "nginx";
|
|
Group = "within";
|
|
Restart = "on-failure";
|
|
RestartSec = "30s";
|
|
};
|
|
|
|
script = ''
|
|
exec ${caddyPkg}/bin/caddy -conf ${config} -port ${toString port} -agree
|
|
'';
|
|
};
|
|
}
|