nixos-config/config/services/nix-serve.nix

24 lines
859 B
Nix

{ lib, config, ... }:
let
listenIPs = (import ../../utils/getInternalIP.nix config).listenIPs;
listenStatements = lib.concatStringsSep "\n" (builtins.map (ip: "listen ${ip}:443 http3;") listenIPs) + ''
add_header Alt-Svc 'h3=":443"';
'';
in {
services.nix-serve = {
bindAddress = "127.0.0.1";
enable = true;
secretKeyFile = "/run/secrets/nix-serve/privkey";
};
sops.secrets."services/nix-serve/privkey" = { };
services.nginx.virtualHosts."cache.int.chir.rs" = {
listenAddresses = listenIPs;
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
proxyWebsockets = true;
};
extraConfig = listenStatements;
};
}