ctucx.git: nixfiles

ctucx' nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 { node, pkgs, config, ... }:

{

  dns.zones."ctu.cx".subdomains."smart.home".AAAA = [ node.ip6Address ];

  services.nginx = {
    enable = true;
    virtualHosts."smart.${config.networking.domain}" = {
      useACMEHost = "${config.networking.fqdn}";
      forceSSL    = true;
      kTLS        = true;
      extraConfig = ''
        ssl_crl /etc/ctucxCA.crl;
        ssl_client_certificate ${../../../../../secrets/certs/rootCA.crt};
        ssl_verify_client on;
      '';

      locations  = {
        "/" = {
          root  = "${pkgs.buildEnv {
            name  = "mqtt-webui-env";
            paths = [
              pkgs.mqtt-webui
              ./extra-css
              (pkgs.writeTextDir "config.json" (builtins.toJSON (import ./config.nix)))
            ];
          }}/";
        };
        "/mqtt" = {
          proxyPass       = "http://[::1]:9005";
          proxyWebsockets = true;
        };
      };
    };
  };

}