45 lines
1 KiB
Nix
45 lines
1 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
with lib; {
|
|
users.groups.syncthingnginx.members = ["acme" "syncthing" "nginx"];
|
|
security.acme.certs."cloud.posixlycorrect.com".group = "syncthingnginx";
|
|
|
|
networking.firewall.allowedTCPPorts = [22000];
|
|
networking.firewall.allowedUDPPorts = [22000 21027];
|
|
|
|
services = {
|
|
nginx = {
|
|
virtualHosts."cloud.posixlycorrect.com" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
extraConfig = ''
|
|
proxy_headers_hash_max_size 512;
|
|
proxy_headers_hash_bucket_size 128;
|
|
'';
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8384";
|
|
};
|
|
};
|
|
};
|
|
|
|
syncthing = {
|
|
enable = true;
|
|
systemService = true;
|
|
overrideFolders = false;
|
|
overrideDevices = false;
|
|
openDefaultPorts = false;
|
|
key = "/var/lib/acme/cloud.posixlycorrect.com/key.pem";
|
|
cert = "/var/lib/acme/cloud.posixlycorrect.com/cert.pem";
|
|
guiAddress = "127.0.0.1:8384";
|
|
settings = {
|
|
options = {
|
|
urAccepted = -1;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|