Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2024-01-14 21:45:31 +0100
committer: makefu <github@syntax-fehler.de> 2024-01-14 21:45:31 +0100
commit: 9b553ebec7cb3315d5d7ad551ba942005e0da501 (patch)
tree: a4efff47471b575d8ed90aa0ae1afd56d5ced281 /krebs/2configs/nginx.nix
parent: 2ca25d5fc3b5bcabe15b0934208b5f5201420eb2 (diff)
parent: 9368e6d78abbe1523a2a54279fd4e9db01a4f610 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/krebs/2configs/nginx.nix b/krebs/2configs/nginx.nix
new file mode 100644
index 000000000..812093a7e
--- /dev/null
+++ b/krebs/2configs/nginx.nix
@@ -0,0 +1,24 @@
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "spam@krebsco.de";
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+
+    enableReload = true;
+
+    virtualHosts.default = {
+      default = true;
+      locations."= /etc/os-release".extraConfig = ''
+        default_type text/plain;
+        alias /etc/os-release;
+      '';
+      # needed for acmeFallback in sync-containers, or other machines not reachable globally
+      locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
+    };
+  };
+}
author	makefu <github@syntax-fehler.de>	2024-01-14 21:45:31 +0100
committer	makefu <github@syntax-fehler.de>	2024-01-14 21:45:31 +0100
commit	9b553ebec7cb3315d5d7ad551ba942005e0da501 (patch)
tree	a4efff47471b575d8ed90aa0ae1afd56d5ced281 /krebs/2configs/nginx.nix
parent	2ca25d5fc3b5bcabe15b0934208b5f5201420eb2 (diff)
parent	9368e6d78abbe1523a2a54279fd4e9db01a4f610 (diff)