Philipp
5792e478af
This replaces caddy and the port exposure, this is more efficent and easier to manage in the future.
60 lines
1.2 KiB
Nix
60 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
with lib.${namespace};
|
|
let
|
|
cfg = config.${namespace}.services.ente-auth;
|
|
in
|
|
{
|
|
options.${namespace}.services.ente-auth = {
|
|
enable = mkEnableOption "Ente-Auth";
|
|
|
|
package = mkOption {
|
|
description = "The package of Ente-Auth to use.";
|
|
type = types.package;
|
|
default = pkgs.awesome-flake.ente-web-auth;
|
|
};
|
|
|
|
domain = mkOption {
|
|
description = "The domain to serve ente-auth on.";
|
|
type = types.nullOr types.str;
|
|
default = "ente.stahl.sh";
|
|
};
|
|
|
|
nginx = {
|
|
enable = mkEnableOption {
|
|
description = "Enable nginx for this service.";
|
|
type = types.bool;
|
|
default = true;
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
networking.firewall.allowedTCPPorts = mkIf cfg.nginx.enable [
|
|
80
|
|
443
|
|
];
|
|
|
|
awesome-flake.services.acme.enable = mkIf cfg.nginx.enable true;
|
|
|
|
services.nginx = mkIf cfg.nginx.enable {
|
|
enable = true;
|
|
|
|
virtualHosts."${cfg.domain}" = {
|
|
forceSSL = true;
|
|
useACMEHost = "stahl.sh";
|
|
locations."/" = {
|
|
root = "${cfg.package}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
}
|