summaryrefslogtreecommitdiff
path: root/sys/web/nginx.nix
diff options
context:
space:
mode:
Diffstat (limited to 'sys/web/nginx.nix')
-rw-r--r--sys/web/nginx.nix37
1 files changed, 23 insertions, 14 deletions
diff --git a/sys/web/nginx.nix b/sys/web/nginx.nix
index db2d27d..a971eb2 100644
--- a/sys/web/nginx.nix
+++ b/sys/web/nginx.nix
@@ -6,6 +6,11 @@ in
{
options.local.web = {
enable = mkEnableOption "web server";
+
+ ownedCerts = mkOption {
+ type = with lib.types; listOf str;
+ default = [ ];
+ };
};
config = mkIf cfg.enable {
@@ -21,25 +26,29 @@ in
clientMaxBodySize = "42M";
- virtualHosts = {
- ${domains.host.www} = {
- serverAliases = [ domains.host.main ];
- useACMEHost = domains.host.main;
- forceSSL = true;
- };
- };
+ virtualHosts = { };
};
+ local.certs = listToAttrs (map
+ (name: {
+ inherit name;
+ value.enable = true;
+ })
+ cfg.ownedCerts);
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
security = {
- acme.certs.${domains.host.main} = {
- inherit (config.services.nginx) group;
- };
+ acme.certs = listToAttrs (map
+ (name: {
+ name = domains.${name}.main;
+ value = {
+ group = mkDefault config.services.nginx.group;
+ };
+ })
+ cfg.ownedCerts);
dhparams.params.nginx = { };
};
-
- networking.firewall.allowedTCPPorts = [ 80 443 ];
-
- local.certs.host.enable = true;
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 09:19:44 +0000