feat (hosts/mystra): nginx configuration

2026-02-17 13:29:37 +01:00 · 2026-02-17 13:29:37 +01:00 · e21d82c393
commit e21d82c393
parent 45dc878b70
2 changed files with 40 additions and 18 deletions
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@ -1,30 +1,26 @@
-{ pkgs, ... }:
+{ ... }:
 {
  imports = [
    ./hardware-configuration.nix
    ./disk-config.nix
-    ../../nixos/common.nix
+    ../../nixos/server.nix
  ];
-  boot.loader.grub = {
+  services.nginx = {
-    efiSupport = true;
+    enable = true;
-    efiInstallAsRemovable = true;
+    virtualHosts."henri-saudubray.fr" = {
      enableACME = true;
      forceSSL = true;
      root = "/home/hms/www";
    };
  };
-  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  environment.systemPackages = [
+  security.acme = {
-    pkgs.curl
+    acceptTerms = true;
-    pkgs.gitMinimal
+    defaults.email = "henri.saudubray@proton.me";
-  ];
+  };
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
  ];
  users.users.hms.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
  ];
  networking.hostName = "mystra";
  system.stateVersion = "25.11";
--- a/nixos/server.nix
+++ b/nixos/server.nix
@ -0,0 +1,26 @@
 { pkgs, ... }:
 {
  imports = [
    ./common.nix
  ];
  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
  services.openssh.enable = true;
  environment.systemPackages = [
    pkgs.curl
    pkgs.gitMinimal
  ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
  ];
  users.users.hms.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
  ];
 }