dynamic nodes

author: Jasper Ras <jaspert.ras@gmail.com> 2025-03-29 12:54:20 +0100
committer: Jasper Ras <jaspert.ras@gmail.com> 2025-03-29 12:54:20 +0100
commit: 5bf105b94f3c63bc738b788b2b651985eed96c11 (patch)
tree: c8b98b552fede2854fdc9ebf59f8a030ebd7e3cd /nodes/snorlax/nginx.nix
parent: 5b41ca762c6a44fa7a77e5f5324bcecf8a47f4c7 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/nodes/snorlax/nginx.nix b/nodes/snorlax/nginx.nix
new file mode 100644
index 0000000..bb09cd2
--- /dev/null
+++ b/nodes/snorlax/nginx.nix
@@ -0,0 +1,25 @@
+{ ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "jras.nl" = {
+        onlySSL = true;
+        kTLS = true;
+        enableACME = true;
+        root = "/persist/srv/www/jras.nl";
+      };
+    };
+  };
+
+  security.acme.defaults.email = "jaspert.ras@gmail.com";
+  security.acme.acceptTerms = true;
+
+  systemd.tmpfiles.rules = [
+    "L /var/lib/acme - - - - /persist/var/lib/acme"
+  ];
+}
author	Jasper Ras <jaspert.ras@gmail.com>	2025-03-29 12:54:20 +0100
committer	Jasper Ras <jaspert.ras@gmail.com>	2025-03-29 12:54:20 +0100
commit	5bf105b94f3c63bc738b788b2b651985eed96c11 (patch)
tree	c8b98b552fede2854fdc9ebf59f8a030ebd7e3cd /nodes/snorlax/nginx.nix
parent	5b41ca762c6a44fa7a77e5f5324bcecf8a47f4c7 (diff)