refactored system

2026-01-22 00:13:33 +01:00 · 2026-01-22 00:13:33 +01:00 · 386d889455
commit 386d889455
parent 6a62e2f23f
55 changed files with 336 additions and 580 deletions
--- a/system/web-server/default.nix
+++ b/system/web-server/default.nix
@ -1,64 +1,16 @@
-{ config, pkgs, ... }:
+{ ... }:

 {
-  nixpkgs.config.allowUnfree = true;
+  imports = [
+    ./nginx.nix
+    ./letsencrypt.nix

-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    virtualHosts = {
-
-      "${config.networking.domain}" = {
-        onlySSL = true;
-        useACMEHost = config.networking.domain;
-        locations."/" = {
-          return = "200 'This domain used for e-mail hosting only.'";
-          extraConfig = ''
-            add_header Content-Type text/plain;
-          '';
-        };
-      };
-
-      "${config.networking.fqdn}-80" = {
-        serverAliases = [
-          "*.ktiu.net"
-          "*.t9e.me"
-        ];
-        locations."/.well-known/acme-challenge" = {
-          root = "/var/lib/acme/.challenges";
-        };
-        locations."/" = {
-          return = "301 https://$host$request_uri";
-        };
-      };
-
-      "${config.networking.fqdn}" = {
-        onlySSL = true;
-        useACMEHost = config.networking.domain;
-        locations."/" = {
-          return = "404";
-        };
-      };
-
-    };
-
-  };
-
-  security.acme = {
-
-    acceptTerms = true;
-    defaults.email = "till@ktiu.net";
-
-    certs."${config.networking.domain}" = {
-      domain = config.networking.domain;
-      webroot = "/var/lib/acme/.challenges";
-      group = config.services.nginx.group;
-      extraDomainNames = [ config.networking.fqdn ];
-    };
-  };
+    ./forgejo.nix
+    ./outline.nix
+    ./radicale.nix

+    # ./ksh.nix
+    ./ksh-map.nix
+    ./oopsidenfiy.nix
+  ];
 }