jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
b7c4e38148a9f9bd9f2236f486129589e2ba39f8
NixOS/modules/websites/portfolio.nix
Danilo Reyes 17cd7ba593 websites init + docu revision
2026-02-06 08:13:37 -06:00

94 lines
2.5 KiB
Nix
Raw Blame History

{
lib,
config,
...
}:
let
cfg = config.my.websites.portfolio;
issoCfg = config.my.servers.isso;
hugoHeaders = ''
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
hugoLocations = {
"/" = {
extraConfig = ''
try_files $uri $uri/ /index.html;
'';
};
"~* \\.html$" = {
extraConfig = ''
try_files $uri $uri/ /index.html;
'';
};
"~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|xml)$" = {
extraConfig = ''
expires 1y;
add_header Cache-Control "public, max-age=31536000, immutable";
'';
};
"~ /\\.(?!well-known).*" = {
extraConfig = ''
return 404;
'';
};
"= /js/script.js" = {
proxyPass = "https://analytics.lebubu.org";
extraConfig = ''
proxy_set_header Host analytics.lebubu.org;
rewrite ^ /js/script.file-downloads.hash.outbound-links.js break;
'';
};
"= /api/event" = {
proxyPass = "https://analytics.lebubu.org";
extraConfig = ''
proxy_set_header Host analytics.lebubu.org;
'';
};
};
in
{
options.my.websites.portfolio = {
enableProxy = lib.mkEnableOption "portfolio and blog static sites";
};
config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
services.nginx.virtualHosts = {
"www.danilo-reyes.com" = {
forceSSL = true;
enableACME = true;
globalRedirect = "danilo-reyes.com";
};
"www.blog.danilo-reyes.com" = {
forceSSL = true;
enableACME = true;
globalRedirect = "blog.danilo-reyes.com";
};
"danilo-reyes.com" = {
forceSSL = true;
enableACME = true;
root = "/var/www/html/portfolio";
locations = hugoLocations;
extraConfig = hugoHeaders;
};
"blog.danilo-reyes.com" = {
forceSSL = true;
enableACME = true;
root = "/var/www/html/blog";
locations = hugoLocations // {
"^~ /isso" = {
proxyPass = "http://${issoCfg.ip}:${toString issoCfg.port}";
extraConfig = ''
rewrite ^/isso/?(.*)$ /$1 break;
proxy_set_header Host $host;
'';
};
};
extraConfig = hugoHeaders;
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink