default.nix (2104B)
1 extra: 2 { config, lib, pkgs, ... }: 3 let port = "1080"; 4 sname = "sheetzen.com"; 5 sheetzen = (import (pkgs.fetchzip { 6 url = "https://jb55.com/s/88985bb218b54734.tgz"; 7 sha256 = "16pa11g2na9pgj7ici69yci4hlr1zh3nvpnx4ipcj0w19ylw926l"; 8 }) {}); 9 in 10 { 11 services.nginx.httpConfig = lib.mkIf config.services.nginx.enable '' 12 server { 13 listen 80; 14 server_name ${sname} www.${sname}; 15 16 location /.well-known/acme-challenge { 17 root /var/www/challenges; 18 } 19 20 location / { 21 return 301 https://${sname}$request_uri; 22 } 23 } 24 25 server { 26 listen 443 ssl; 27 server_name ${sname}; 28 root ${sheetzen}/share/sheetzen/frontend; 29 index index.html; 30 31 ssl_certificate /var/lib/acme/${sname}/fullchain.pem; 32 ssl_certificate_key /var/lib/acme/${sname}/key.pem; 33 34 location = / { 35 try_files index.html /index.html; 36 } 37 38 location / { 39 try_files $uri $uri/ @proxy; 40 } 41 42 location @proxy { 43 proxy_pass http://localhost:${port}; 44 proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; 45 proxy_redirect off; 46 proxy_buffering off; 47 proxy_intercept_errors on; 48 proxy_set_header Host $host; 49 proxy_set_header X-Real-IP $remote_addr; 50 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 51 } 52 53 } 54 ''; 55 56 systemd.services.sheetzen = { 57 enable = true; 58 59 description = "sheetzen"; 60 61 wantedBy = [ "multi-user.target" ]; 62 after = [ "postgresql.target" ]; 63 64 environment = { 65 PGHOST = "127.0.0.1"; 66 PGPORT = "5432"; 67 PGUSER = "jb55"; 68 PGPASS = ""; 69 PGDATABASE = "sheetzen"; 70 ENV = "Production"; 71 JWT_KEYFILE = "${sheetzen}/share/sheetzen/credentials/token-key.json"; 72 CREDENTIAL_PATH = "${sheetzen}/share/sheetzen/credentials/SocialTracker.json"; 73 PORT = "${port}"; 74 }; 75 76 serviceConfig.ExecStart = "${sheetzen}/bin/sheetzend"; 77 unitConfig.OnFailure = "systemd-failure-emailer@%n.service"; 78 }; 79 }