dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2026-01-11 17:35:25 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos-config/modules/nixos/linux/vira.nix
Sridhar Ratnakumar 4fe4e73c52 Update vira
2025-09-06 16:56:39 -04:00

67 lines
2 KiB
Nix
Raw Blame History

{ flake, pkgs, ... }:
let
inherit (flake) inputs;
in
{
imports = [
inputs.vira.nixosModules.vira
];
services.vira = {
enable = true;
stateDir = "/var/lib/vira";
hostname = "127.0.0.1"; # Cuz, nginx reverse proxy
port = 5001;
https = false; # Cuz, nginx reverse proxy
basePath = "/vira/"; # Cuz, nginx reverse proxy
package = inputs.vira.packages.${pkgs.system}.default;
initialState = {
repositories = {
devour-flake = "https://github.com/srid/devour-flake.git";
mealmacro = "https://github.com/srid/mealmacro.git";
};
};
};
# Configure nginx reverse proxy for vira with SSL
services.nginx.virtualHosts."pureintent" = {
forceSSL = true;
enableACME = false;
sslCertificate = "/var/lib/acme/pureintent/cert.pem";
sslCertificateKey = "/var/lib/acme/pureintent/key.pem";
locations."/vira/" = {
proxyPass = "http://127.0.0.1:5001/";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
# Generate self-signed certificate for nginx
systemd.services.nginx-self-signed-cert = {
description = "Generate self-signed certificate for nginx";
wantedBy = [ "multi-user.target" ];
before = [ "nginx.service" ];
script = ''
mkdir -p /var/lib/acme/pureintent
if [ ! -f /var/lib/acme/pureintent/cert.pem ] || [ ! -f /var/lib/acme/pureintent/key.pem ]; then
${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 -keyout /var/lib/acme/pureintent/key.pem -out /var/lib/acme/pureintent/cert.pem -days 365 -nodes -subj "/C=US/ST=Local/L=Local/O=Local/CN=pureintent"
chmod 600 /var/lib/acme/pureintent/key.pem
chmod 644 /var/lib/acme/pureintent/cert.pem
chown -R nginx:nginx /var/lib/acme/pureintent
fi
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}
Reference in a new issue View git blame Copy permalink