{ flake.modules.nixos.nginx-oliverdavies-uk = { config, ... }: let domain = "oliverdavies.uk"; port = 9098; redirects = builtins.concatStringsSep "\n" ( map (r: "rewrite ^${r.from}/?$ ${r.to} redirect;") (import ./_redirects.nix) ); tome = { root = "/var/www/vhosts/website-tome"; paths = [ "core" "sites/default/files" "themes/custom/opdavies" # TODO: move back to Sculpin. "archive" "automated-testing" "daily/.+" "examples" "homelab" "podcast" "rss/bb.xml" "rss/daily.xml" "testing" ]; }; tomeLocations = builtins.listToAttrs ( map (path: { name = "~ ^/${path}"; value = { root = tome.root; tryFiles = "$uri $uri.html $uri/index.html =404"; }; }) tome.paths ); in { security.acme = { acceptTerms = true; certs.${domain} = { dnsProvider = "cloudflare"; domain = "${domain}"; email = "oliver@oliverdavies.uk"; environmentFile = config.age.secrets.cloudflare.path; extraDomainNames = [ "www.${domain}" ]; webroot = null; }; }; services.nginx = { enable = true; virtualHosts."www.${domain}" = { root = "/var/www/vhosts/website-sculpin"; listen = [ { inherit port; addr = "localhost"; } ]; locations = tomeLocations // { "/".tryFiles = "$uri $uri.html $uri/index.html =404"; }; extraConfig = '' port_in_redirect off; # Remove trailing slashes. rewrite ^/(.*)/$ /$1 permanent; error_page 404 /404; rewrite ^/talks/archive/?$ /talks permanent; rewrite ^/talks/(.*)$ /presentations/$1 permanent; rewrite ^/talks/?$ /presentations permanent; ${redirects} ''; }; }; services.cloudflared = { enable = true; tunnels."c1537889-81ac-4d41-b80d-9657f8db30c7" = { credentialsFile = config.age.secrets.cloudflared.path; default = "http_status:404"; ingress."www.${domain}" = "http://localhost:${toString port}"; }; }; }; }