{ config, pkgs, ... }: { imports = [ ../../common ../../common/lxc.nix ]; networking.hostName = "nginx"; system.stateVersion = "21.11"; networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; package = pkgs.nginxMainline; virtualHosts."asraphiel.dev" = { forceSSL = true; http2 = true; enableACME = true; root = "/etc/main"; }; virtualHosts."git.asraphiel.dev" = { forceSSL = true; enableACME = true; http2 = true; locations."/" = { proxyPass = "http://gitea.lxd:3000/"; proxyWebsockets = true; }; }; virtualHosts."vault.asraphiel.dev" = { forceSSL = true; enableACME = true; http2 = true; locations."/" = { proxyPass = "http://vault.lxd:8200/"; proxyWebsockets = true; }; }; }; security.acme.email = "acme@voidcorp.nl"; security.acme.acceptTerms = true; environment.etc."main/index.html" = { enable = true; source = ./index.html; }; }