dotfiles/common/systemModules/nginx.nix

{ config, ... }:
{
  services = {
    nginx = {
      enable = true;
      logError = "syslog:server=unix:/dev/log warn";
      # recommendedTlsSettings = true;
      # recommendedGzipSettings = true;
      # recommendedProxySettings = true;
      # recommendedOptimisation = true;
      virtualHosts = {
        "vw.sadan.zip" = {
          forceSSL = true;
          useACMEHost = "sadan.zip";
          locations = {
            "/" = {
              proxyPass = "http://localhost:3231";
            };
          };
        };
      };
    };
    adguardhome = {
      port = 3115;
      enable = true;
    };
  };
  networking = {
    firewall = {
      enable = true;
    };
  };
  sops = {
    secrets = {
      cloudflare_env = {
        format = "dotenv";
        sopsFile = ./cloudflare.env;
      };
    };
  };
  security = {
    acme = {
      certs = {
        "sadan.zip" = {
          dnsProvider = "cloudflare";
          email = "certs@sadan.zip";
          environmentFile = config.sops.secrets.cloudflare_env.path;
        };
      };
      defaults = {
        # If the local dns server hasnt started yet, then this will fail for any domain configured with tailscale magic dns
        dnsResolver = "1.1.1.1:53";
      };
      acceptTerms = true;
    };
  };
}
pray 2025-02-23 14:31:53 -05:00			`{ config, ... }:`
			`{`
			`services = {`
			`nginx = {`
			`enable = true;`
guh 2025-02-23 22:06:20 -05:00			`logError = "syslog:server=unix:/dev/log warn";`
remove things 2025-02-23 22:27:45 -05:00			`# recommendedTlsSettings = true;`
			`# recommendedGzipSettings = true;`
			`# recommendedProxySettings = true;`
			`# recommendedOptimisation = true;`
this should not do anything 2025-02-23 22:37:55 -05:00			`virtualHosts = {`
			`"vw.sadan.zip" = {`
			`forceSSL = true;`
			`useACMEHost = "sadan.zip";`
			`locations = {`
			`"/" = {`
			`proxyPass = "http://localhost:3231";`
			`};`
			`};`
			`};`
			`};`
pray 2025-02-23 14:31:53 -05:00			`};`
enable adguard home 2025-02-23 21:19:17 -05:00			`adguardhome = {`
			`port = 3115;`
			`enable = true;`
firewall guhh 2025-02-23 22:14:37 -05:00			`};`
			`};`
			`networking = {`
			`firewall = {`
			`enable = true;`
enable adguard home 2025-02-23 21:19:17 -05:00			`};`
pray 2025-02-23 14:31:53 -05:00			`};`
			`sops = {`
			`secrets = {`
			`cloudflare_env = {`
			`format = "dotenv";`
			`sopsFile = ./cloudflare.env;`
			`};`
			`};`
			`};`
			`security = {`
			`acme = {`
			`certs = {`
attempt v2 2025-02-23 18:39:21 -05:00			`"sadan.zip" = {`
pray 2025-02-23 14:31:53 -05:00			`dnsProvider = "cloudflare";`
add email 2025-02-23 14:39:42 -05:00			`email = "certs@sadan.zip";`
pray 2025-02-23 14:31:53 -05:00			`environmentFile = config.sops.secrets.cloudflare_env.path;`
			`};`
			`};`
i swear to got if its my tailscale config 2025-02-23 18:56:32 -05:00			`defaults = {`
because the docs clearly say the parameters are seperated by spaces 2025-02-23 19:06:19 -05:00			`# If the local dns server hasnt started yet, then this will fail for any domain configured with tailscale magic dns`
i swear to got if its my tailscale config 2025-02-23 18:56:32 -05:00			`dnsResolver = "1.1.1.1:53";`
			`};`
pray 2025-02-23 14:31:53 -05:00			`acceptTerms = true;`
			`};`
			`};`
			`}`