diff options
Diffstat (limited to 'host/Spacebar-nginx/containers/spacebar-server/import.nix')
| -rw-r--r-- | host/Spacebar-nginx/containers/spacebar-server/import.nix | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/host/Spacebar-nginx/containers/spacebar-server/import.nix b/host/Spacebar-nginx/containers/spacebar-server/import.nix new file mode 100644 index 0000000..7be8e2d --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/import.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + lib, + secrets, + spacebar-server, + containerName, + rootDomain, + ... +}: + +{ + containers."${containerName}" = import ./container.nix { + inherit pkgs lib spacebar-server rootDomain; + }; + + security.acme.certs."${rootDomain}" = { + domain = "${rootDomain}"; + extraDomainNames = [ "*.${rootDomain}" ]; + group = "nginx"; + dnsProvider = "cloudflare"; + credentialsFile = pkgs.writeTextFile { + name = "cloudflare-credentials"; + text = '' + # Cloudflare API credentials used by lego + # https://go-acme.github.io/lego/dns/cloudflare/ + CLOUDFLARE_DNS_API_TOKEN=${secrets.secret_keys.cloudflare_dns} + ''; + }; + }; + + services.nginx.virtualHosts."*.${rootDomain}" = { + serverName = "*.${rootDomain}"; + useACMEHost = "${rootDomain}"; + forceSSL = true; + locations."/" = { + proxyPass = "http://${containerName}.containers"; + }; + }; + services.nginx.virtualHosts."${rootDomain}" = { + serverName = "${rootDomain}"; + useACMEHost = "${rootDomain}"; + forceSSL = true; + locations."/" = { + proxyPass = "http://${containerName}.containers"; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} \ No newline at end of file |