Add discourse on dilion (via docker)

diff --git a/modules/private/system/dilion.nix b/modules/private/system/dilion.nix
index 4860d07c228b2e19ef49b4db6d679ba384673125..d8bad6b72ed9632bf633bd63734d4a3b25db7dce 100644 (file)
--- a/modules/private/system/dilion.nix
+++ b/modules/private/system/dilion.nix
@@ -107,6 +107,36 @@
   nix.binaryCaches = [ "https://hydra.iohk.io" "https://cache.nixos.org" ];
   nix.binaryCachePublicKeys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
 
+  myServices.certificates.enable = true;
+  security.acme.certs."${name}" = {
+    user = config.services.nginx.user;
+    group = config.services.nginx.group;
+    extraDomains = {
+      "discourse.immae.eu" = null;
+      "discourse.cip-ca.fr" = null;
+    };
+  };
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "discourse.immae.eu" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:18031";
+      };
+      "discourse.cip-ca.fr" = {
+        acmeRoot = config.myServices.certificates.webroot;
+        useACMEHost = name;
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:18031";
+      };
+    };
+  };
+
   # This value determines the NixOS release with which your system is
   # to be compatible, in order to avoid breaking some software such as
   # database servers. You should change this only after NixOS release