Configure nginx and containers / virtualisation for zoldene

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2024-02-11 00:28:56 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2024-02-24 12:22:45 +0100
commit: d3a40bd942537c35e3eb6cf9282798d704720290 (patch)
tree: ecee4d3a7d8bd48706ff79f98c2da3994bc48e56 /systems/zoldene/certificates.nix
parent: ce983e8b05d17adbf6b8228b990e5a512835ca56 (diff)
download: Nix-d3a40bd942537c35e3eb6cf9282798d704720290.tar.gz
Nix-d3a40bd942537c35e3eb6cf9282798d704720290.tar.zst
Nix-d3a40bd942537c35e3eb6cf9282798d704720290.zip
1 files changed, 23 insertions, 0 deletions
diff --git a/systems/zoldene/certificates.nix b/systems/zoldene/certificates.nix
new file mode 100644
index 0000000..d6ffd12
--- /dev/null
+++ b/systems/zoldene/certificates.nix
@@ -0,0 +1,23 @@
+{ ... }:
+{
+  disko.devices.zpool.zfast.datasets."root/persist/var/lib/acme" =
+    { type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/acme"; options.mountpoint = "legacy"; };
+  environment.persistence."/persist/zfast".directories = [
+    {
+      directory = "/var/lib/acme";
+      user = "root";
+      group = "root";
+      mode = "0755";
+    }
+  ];
+  users.users.nginx.extraGroups = [ "acme" ];
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2024-02-11 00:28:56 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2024-02-24 12:22:45 +0100
commit	d3a40bd942537c35e3eb6cf9282798d704720290 (patch)
tree	ecee4d3a7d8bd48706ff79f98c2da3994bc48e56 /systems/zoldene/certificates.nix
parent	ce983e8b05d17adbf6b8228b990e5a512835ca56 (diff)
download	Nix-d3a40bd942537c35e3eb6cf9282798d704720290.tar.gz Nix-d3a40bd942537c35e3eb6cf9282798d704720290.tar.zst Nix-d3a40bd942537c35e3eb6cf9282798d704720290.zip

diff --git a/systems/zoldene/certificates.nix b/systems/zoldene/certificates.nix new file mode 100644 index 0000000..d6ffd12 --- /dev/null +++ b/systems/zoldene/certificates.nix
@@ -0,0 +1,23 @@
	1	{ ... }:
	2	{
	3	disko.devices.zpool.zfast.datasets."root/persist/var/lib/acme" =
	4	{ type = "zfs_fs"; mountpoint = "/persist/zfast/var/lib/acme"; options.mountpoint = "legacy"; };
	5
	6	environment.persistence."/persist/zfast".directories = [
	7	{
	8	directory = "/var/lib/acme";
	9	user = "root";
	10	group = "root";
	11	mode = "0755";
	12	}
	13	];
	14
	15	users.users.nginx.extraGroups = [ "acme" ];
	16	services.nginx = {
	17	enable = true;
	18	recommendedOptimisation = true;
	19	recommendedGzipSettings = true;
	20	recommendedProxySettings = true;
	21	};
	22
	23	}