efim
/
planning-poker-gwargh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: allow setting tls on nixos

This commit is contained in:
efim 2023-10-09 03:22:58 +00:00
parent 7dbcc63394
commit e4edffd69f
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
flake.nix
View File

@ -72,6 +72,12 @@
default = true; default = true;
description = "Whether to use Nginx to proxy requests."; description = "Whether to use Nginx to proxy requests.";
}; };
useHostTls = lib.mkOption {
type = lib.types.bool;
default = false;
description =
"Whether virtual host should enable NixOS ACME certs";
};
}; };
config.users = lib.mkIf cfg.enable { config.users = lib.mkIf cfg.enable {
groups."${backendName}" = { }; groups."${backendName}" = { };
@ -99,8 +105,10 @@
Group = "${backendName}"; Group = "${backendName}";
}; };
}; };
config.services.nginx.virtualHosts.${cfg.host}.locations."/api" = config.services.nginx.virtualHosts.${cfg.host} = {
lib.mkIf cfg.enable { forceSSL = cfg.useHostTls;
enableACME = cfg.useHostTls;
locations."/api" = lib.mkIf cfg.enable {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
# this is config for websocket # this is config for websocket
proxyWebsockets = true; proxyWebsockets = true;
@ -112,6 +120,7 @@
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
''; '';
}; };
};
}; };
}); });
# see https://serokell.io/blog/practical-nix-flakes # see https://serokell.io/blog/practical-nix-flakes