+ nix.binaryCaches = [ "https://hydra.iohk.io" "https://cache.nixos.org" ];
+ nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
+
+ myServices.monitoring.enable = true;
+ myServices.certificates.enable = true;
+ security.acme.certs."${name}-immae" = config.myServices.certificates.certConfig // {
+ user = "immae";
+ domain = "dilion.immae.eu";
+ };
+ security.acme.certs."${name}" = {
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ extraDomains = {
+ "dilion.immae.dev" = null;
+ "caldance.cs.immae.dev" = null;
+ "zulip.carpentier.earth" = null;
+ "zulip.tof.carpentier.earth" = null;
+ "zulip.dine.carpentier.earth" = null;
+ "zulip.quentin.carpentier.earth" = null;
+ "zulip.agnes.carpentier.earth" = null;
+
+ "ofn.nc.immae.dev" = null;
+
+ "bookstack.cc.immae.dev" = null;
+ };
+ };
+ services.nginx = {
+ enable = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+ upstreams = {
+ caldance.servers."caldance:3031" = {};
+ };
+ virtualHosts = {
+ "dilion.immae.dev" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ root = "/home/immae/www";
+ };
+ "caldance.cs.immae.dev" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".extraConfig = ''
+ uwsgi_pass caldance;
+ '';
+ locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/";
+ locations."/media/".alias = "/var/lib/caldance/caldance/media/";
+ extraConfig = ''
+ auth_basic "Authentification requise";
+ auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
+ '';
+ };
+ "bookstack.cc.immae.dev" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:4003";
+ };
+ "ofn.nc.immae.dev" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:3000";
+ };
+ "zulip.carpentier.earth" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:4002";
+ };
+ "zulip.tof.carpentier.earth" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:4002";
+ };
+ "zulip.dine.carpentier.earth" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:4002";
+ };
+ "zulip.quentin.carpentier.earth" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:4002";
+ };
+ "zulip.agnes.carpentier.earth" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".proxyPass = "http://localhost:4002";
+ };
+ };
+ };