refactoring for iServer and isWorkstation: part 3

2025-03-13 14:33:43 -03:00 · 2025-03-13 14:33:43 -03:00 · 6addea64c4
commit 6addea64c4
parent 021ab24e79
36 changed files with 236 additions and 227 deletions
--- a/hosts/alexandria/nginx.nix
+++ b/hosts/alexandria/nginx.nix
@ -0,0 +1,37 @@
+{ config, ... }:
+
+{
+  services.nginx = {
+    enable = true;
+    group = "hosted";
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "baduhai@proton.me";
+      dnsResolver = "1.1.1.1:53";
+      dnsProvider = "cloudflare";
+      credentialsFile = config.age.secrets.cloudflare.path;
+    };
+    certs."baduhai.dev" = {
+      extraDomainNames = [ "*.baduhai.dev" ];
+    };
+  };
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_forward" = 1;
+    "net.ipv6.conf.all.forwarding" = 1;
+  };
+
+  age.secrets.cloudflare = {
+    file = ../../../secrets/cloudflare.age;
+    owner = "nginx";
+    group = "hosted";
+  };
+
+}