padreug
ef87fc5906
Introduced separate configuration files for Nginx and pict-rs, enabling a streamlined setup for web services. The Nginx configuration includes reverse proxy settings, automatic SSL certificate generation with Let's Encrypt, and fail2ban for security. The pict-rs configuration facilitates image service management with CORS support. Updated the shared configuration to import these new files, improving modularity and maintainability of the NixOS setup.
48 lines
No EOL
934 B
Nix
48 lines
No EOL
934 B
Nix
{ config, pkgs, domain, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./nginx.nix
|
|
./pict-rs.nix
|
|
];
|
|
|
|
# Set hostname (passed as parameter)
|
|
networking.hostName = domain;
|
|
|
|
# System packages
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
git
|
|
htop
|
|
];
|
|
|
|
# Enable SSH
|
|
services.openssh.enable = true;
|
|
|
|
# Configure domain-specific virtual hosts
|
|
services.nginx.virtualHosts = {
|
|
# Web-app service
|
|
"app.${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
root = "/var/src/web-app-dist";
|
|
locations."/" = {
|
|
index = "index.html";
|
|
tryFiles = "$uri $uri/ /index.html";
|
|
};
|
|
};
|
|
|
|
# LNbits service (adjust port as needed)
|
|
"lnbits.${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:5000";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
# NixOS release version
|
|
system.stateVersion = "25.05";
|
|
} |