29 lines
No EOL
975 B
Nix
29 lines
No EOL
975 B
Nix
{pkgs, lib, config, ...}: {
|
|
networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 80 443 ];
|
|
|
|
# Generate a test cert
|
|
# sudo openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 \
|
|
# -nodes -keyout test-ssl.key -out test-ssl.crt -subj "/CN=test-ssl" \
|
|
# -addext "subjectAltName=DNS:test-ssl,DNS:*.test-ssl,IP:10.100.0.2"
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
httpConfig = ''
|
|
index index.html;
|
|
server {
|
|
listen 80 default_server;
|
|
server_name _;
|
|
server_name_in_redirect off;
|
|
root /var/www/test;
|
|
}
|
|
server {
|
|
listen 443 ssl;
|
|
server_name _;
|
|
server_name_in_redirect off;
|
|
root /var/www/test-ssl;
|
|
ssl_certificate /etc/ssl/nginx/test-ssl.crt;
|
|
ssl_certificate_key /etc/ssl/nginx/test-ssl.key;
|
|
}
|
|
'';
|
|
};
|
|
} |