26 lines
605 B
Nix
26 lines
605 B
Nix
{config, ...}: let
|
|
domain = config.services.nginx.domain;
|
|
in {
|
|
services.tlaternet-webserver = {
|
|
enable = true;
|
|
listen = {
|
|
addr = "127.0.0.1";
|
|
port = 8000;
|
|
};
|
|
};
|
|
|
|
# Set up SSL
|
|
services.nginx.virtualHosts."${domain}" = let
|
|
inherit (config.services.tlaternet-webserver.listen) addr port;
|
|
in {
|
|
serverAliases = ["www.${domain}"];
|
|
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
|
'';
|
|
|
|
locations."/".proxyPass = "http://${addr}:${toString port}";
|
|
};
|
|
}
|