diff options
Diffstat (limited to 'nix/machines/vm-synology/web.nix')
-rw-r--r-- | nix/machines/vm-synology/web.nix | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/nix/machines/vm-synology/web.nix b/nix/machines/vm-synology/web.nix new file mode 100644 index 0000000..f9c34cc --- /dev/null +++ b/nix/machines/vm-synology/web.nix @@ -0,0 +1,60 @@ +{ ... }: { + # container for excalidraw + virtualisation.oci-containers.containers.excalidraw = { + autoStart = true; + image = "excalidraw/excalidraw:latest"; + environment = { TZ = "America/Los_Angeles"; }; + ports = [ "127.0.0.1:3030:80" ]; + extraOptions = [ "--pull=always" ]; + }; + + security.acme = { + defaults.email = "acme@fcuny.net"; + acceptTerms = true; + }; + + services.nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + virtualHosts = { + "test.fcuny.net" = { + # make it the default site: if a request goes through nginx + # without a host header, this will be the default site we serve + # for that request. + default = true; + forceSSL = true; + enableACME = true; + locations = { + "/" = { root = "/srv/www/fcuny.net"; }; + "/.well-known/acme-challenge" = { + root = "/var/lib/acme/acme-challenges"; + }; + }; + }; + "git.fcuny.net" = { + forceSSL = true; + enableACME = true; + locations = { + "/.well-known/acme-challenge" = { + root = "/var/lib/acme/acme-challenges"; + }; + }; + }; + "draw.fcuny.net" = { + forceSSL = true; + enableACME = true; + locations = { + "/".proxyPass = "http://127.0.0.1:3030"; + "/.well-known/acme-challenge" = { + root = "/var/lib/acme/acme-challenges"; + }; + }; + }; + }; + }; +} |