From 5bf105b94f3c63bc738b788b2b651985eed96c11 Mon Sep 17 00:00:00 2001
From: Jasper Ras <jaspert.ras@gmail.com>
Date: Sat, 29 Mar 2025 12:54:20 +0100
Subject: dynamic nodes

---
 nodes/snorlax/nginx.nix | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 nodes/snorlax/nginx.nix

(limited to 'nodes/snorlax/nginx.nix')

diff --git a/nodes/snorlax/nginx.nix b/nodes/snorlax/nginx.nix
new file mode 100644
index 0000000..bb09cd2
--- /dev/null
+++ b/nodes/snorlax/nginx.nix
@@ -0,0 +1,25 @@
+{ ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "jras.nl" = {
+        onlySSL = true;
+        kTLS = true;
+        enableACME = true;
+        root = "/persist/srv/www/jras.nl";
+      };
+    };
+  };
+
+  security.acme.defaults.email = "jaspert.ras@gmail.com";
+  security.acme.acceptTerms = true;
+
+  systemd.tmpfiles.rules = [
+    "L /var/lib/acme - - - - /persist/var/lib/acme"
+  ];
+}
-- 
cgit v1.2.3