diff --git a/nix/configuration.nix b/nix/configuration.nix index 49131ac..bdc5787 100644 --- a/nix/configuration.nix +++ b/nix/configuration.nix @@ -36,9 +36,11 @@ settings.PasswordAuthentication = false; }; - # Enable the volpe service services.volpe = { enable = true; - domain = "69.61.19.180"; + domain = "blog.jan-leila.com"; + extraDomains = ["volpe.jan-leila.com"]; + enableACME = true; + acmeEmail = "leyla@jan-leila.com"; }; -} \ No newline at end of file +} diff --git a/nix/module.nix b/nix/module.nix index 06fe4d9..c71a02b 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -13,21 +13,52 @@ in { domain = lib.mkOption { type = lib.types.str; default = "localhost"; - description = "Domain name for nginx virtual host."; + description = "Primary domain name for nginx virtual host."; + }; + + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + description = "Additional domain names (aliases) for the virtual host."; + }; + + enableACME = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Whether to enable ACME (Let's Encrypt) for SSL certificates."; + }; + + acmeEmail = lib.mkOption { + type = lib.types.str; + default = ""; + description = "Email address for ACME certificate registration."; }; }; config = lib.mkIf cfg.enable { services.nginx = { enable = true; + recommendedTlsSettings = cfg.enableACME; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts.${cfg.domain} = { root = "${pkg}"; + serverAliases = cfg.extraDomains; + forceSSL = cfg.enableACME; + enableACME = cfg.enableACME; locations."/" = { tryFiles = "$uri $uri/ /index.html"; }; }; }; + security.acme = lib.mkIf cfg.enableACME { + acceptTerms = true; + defaults.email = cfg.acmeEmail; + }; + networking.firewall.allowedTCPPorts = [80 443]; }; } \ No newline at end of file