]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - systems/zoldene/certificates.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Configure nginx and containers / virtualisation for zoldene
[perso/Immae/Config/Nix.git] / systems / zoldene / certificates.nix
diff --git a/systems/zoldene/certificates.nix b/systems/zoldene/certificates.nix
new file mode 100644 (file)
index 0000000..d6ffd12
--- /dev/null
+++ b/systems/zoldene/certificates.nix
@@ -0,0 +1,23 @@
+{ ... }:
+{
+  disko.devices.zpool.zfast.datasets."root/persist/var/lib/acme" =
+    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/acme"; options.mountpoint = "legacy"; };
+
+  environment.persistence."/persist/zfast".directories = [
+    {
+      directory = "/var/lib/acme";
+      user = "root";
+      group = "root";
+      mode = "0755";
+    }
+  ];
+
+  users.users.nginx.extraGroups = [ "acme" ];
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+  };
+
+}
My infrastructure configuration