mirror of
https://github.com/thegeneralist01/config.git
synced 2026-05-30 08:37:01 +02:00
52 lines
1.2 KiB
Nix
52 lines
1.2 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
./acme
|
|
./dns.nix
|
|
./jellyfin
|
|
./plex
|
|
];
|
|
|
|
# Nginx
|
|
services.nginx = {
|
|
enable = true;
|
|
enableQuicBPF = true;
|
|
|
|
experimentalZstdSettings = true;
|
|
recommendedUwsgiSettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedProxySettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
|
|
statusPage = true;
|
|
validateConfigFile = true;
|
|
|
|
# Domain-specific virtual hosts live in the service modules below.
|
|
};
|
|
|
|
# Cloudflare
|
|
environment.systemPackages = [ pkgs.cloudflared ];
|
|
|
|
age.secrets.cftcert.file = ./cert.pem.age;
|
|
age.secrets.cftcredentials.file = ./credentials.age;
|
|
|
|
services.cloudflared = {
|
|
enable = true;
|
|
certificateFile = config.age.secrets.cftcert.path;
|
|
|
|
tunnels = {
|
|
"site" = {
|
|
ingress = {
|
|
"cache.thegeneralist01.com" = "http://localhost:80";
|
|
"git.thegeneralist01.com" = "http://localhost:3000";
|
|
};
|
|
default = "http_status:404";
|
|
|
|
credentialsFile = config.age.secrets.cftcredentials.path;
|
|
certificateFile = config.age.secrets.cftcert.path;
|
|
};
|
|
};
|
|
};
|
|
}
|