hosts/these/configuration.nix

   1 { pkgs, ... }:
   2
   3 {
   4   imports = [
   5     ../../hardware/hetzner-cloud/cx21.nix
   6     ../../secrets
   7     ../../pass
   8     ../../lemmy/staging
   9     ../../lemmy/dev
  10     ../../maint-mode
  11     ../../git
  12   ];
  13
  14   networking.hostName = "these";
  15
  16   services.nginx = {
  17     recommendedProxySettings = true;
  18     recommendedTlsSettings = true;
  19
  20     virtualHosts = {
  21       "breaking.awful.systems" = {
  22         forceSSL = true;
  23         enableACME = true;
  24       };
  25
  26       "making.awful.systems" = {
  27         forceSSL = true;
  28         enableACME = true;
  29       };
  30
  31     };
  32   };
  33
  34   security.acme = {
  35     acceptTerms = true;
  36     defaults.email = "self@awful.systems";
  37   };
  38
  39   networking.firewall.allowedTCPPorts = [ 443 ];
  40 }