1
0
Fork 0
permafrost/modules/foundry.nix
2024-12-27 21:50:05 -08:00

51 lines
1.6 KiB
Nix

{ lib, config, ... }:
let
cfg = config.permafrost.foundry;
ACMEEnabled = config.permafrost.nginx.enableACME;
in
{
options.permafrost.foundry = {
enable = lib.mkEnableOption "foundry nixos module";
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
permafrost.nginx.enable = lib.mkDefault true;
}
{
# permafrost.nginx.certDomains = lib.mkIf ACMEEnabled [ "scarlet.zynh.me" ];
services.nginx.virtualHosts."scarlet.zynh.me" = {
forceSSL = lib.mkIf ACMEEnabled true;
serverName = "scarlet.zynh.me";
useACMEHost = lib.mkIf ACMEEnabled "permafrost";
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
extraConfig = /* nginx */ ''
# Set proxy headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# These are important to support WebSockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
'';
proxyPass = "http://localhost:30000";
};
};
}
{
permafrost.nginx.certDomains = lib.mkIf ACMEEnabled [ "ddbimporter.zynh.me" ];
services.nginx.virtualHosts."ddbimporter.zynh.me" = {
# TODO: Force ssl
# addSSL = true;
useACMEHost = lib.mkIf ACMEEnabled "permafrost";
serverName = "ddbimporter.zynh.me";
locations."/".proxyPass = "http://localhost:3232";
};
}
]);
}