host/Spacebar-nginx/containers/spacebar-server-dev-nix/import.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

{ 
  config,
  pkgs,
  lib,
  secrets,
  spacebar-server,
  containerName,
  rootDomain,
  ...
}:

{
  containers."${containerName}" = import ./container.nix {
    inherit pkgs lib spacebar-server;
  };

  security.acme.certs."${rootDomain}" = {
    domain = "${rootDomain}";
    extraDomainNames = [ "*.${rootDomain}" ];
    group = "nginx";
    dnsProvider = "cloudflare";
    credentialsFile = pkgs.writeTextFile {
      name = "cloudflare-credentials";
      text = ''
        # Cloudflare API credentials used by lego
        # https://go-acme.github.io/lego/dns/cloudflare/
        CLOUDFLARE_DNS_API_TOKEN=${secrets.secret_keys.cloudflare_dns}
      '';
    };
  };

  services.nginx.virtualHosts."*.${rootDomain}" = {
    serverName = "*.${rootDomain}";
    useACMEHost = "${rootDomain}";
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://${containerName}.containers";
    };
  };
  services.nginx.virtualHosts."${rootDomain}" = {
    serverName = "${rootDomain}";
    useACMEHost = "${rootDomain}";
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://${containerName}.containers";
    };
  };

  system.stateVersion = "22.11"; # DO NOT EDIT!
}