44 lines
783 B
Nix
44 lines
783 B
Nix
{
|
|
var,
|
|
config,
|
|
secrets,
|
|
...
|
|
}:
|
|
{
|
|
services = {
|
|
nginx = {
|
|
# recommendedTlsSettings = true;
|
|
# recommendedProxySettings = true;
|
|
# recommendedOptimisation = true;
|
|
|
|
enable = true;
|
|
virtualHosts.default = {
|
|
serverName = "_";
|
|
default = true;
|
|
rejectSSL = true;
|
|
locations."/".return = "444";
|
|
};
|
|
privateVirtualHosts."roam.lan" = {
|
|
locations."/" = { };
|
|
};
|
|
virtualHosts."roam.hdohmen.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = { };
|
|
};
|
|
};
|
|
|
|
openssh = {
|
|
enable = true;
|
|
settings.PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
};
|
|
}
|