40 lines
953 B
Nix
40 lines
953 B
Nix
{ config, ... }:
|
|
{
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "andrea.ciceri@autistici.org";
|
|
certs = {
|
|
"aciceri.dev" = {
|
|
reloadServices = [ "nginx.service" ];
|
|
domain = "aciceri.dev";
|
|
extraDomainNames = [
|
|
"*.sisko.zt.aciceri.dev"
|
|
"*.sisko.wg.aciceri.dev"
|
|
];
|
|
dnsProvider = "cloudflare";
|
|
# dnsResolver = "1.1.1.1:53";
|
|
dnsPropagationCheck = true;
|
|
group = config.services.nginx.group;
|
|
environmentFile = config.age.secrets.cloudflare-dyndns-api-token.path;
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
statusPage = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
};
|
|
|
|
environment.persistence."/persist".directories = [
|
|
"/var/lib/acme"
|
|
];
|
|
}
|