build: trying out nginx configurations

modules/nixos/caddy.nix

@@ -44,7 +44,7 @@ let
   };
 
   extra = {
-    # Configure Caddy
+    # Extra configurations for Caddy
     services.caddy = {
       # User provided hosts
       virtualHosts = config.services.www.hosts;

modules/nixos/default.nix

@@ -12,6 +12,7 @@
   motd = import ./motd.nix;
   data = import ./data.nix;
   caddy = import ./caddy.nix;
+  nginx = import ./nginx.nix;
   network = import ./network.nix;
   nixpkgs = import ./nixpkgs.nix;
   container = import ./container.nix;

modules/nixos/nginx.nix

@@ -0,0 +1,90 @@
+{ config
+, lib
+, pkgs
+, inputs
+, ...
+}:
+let
+  fallbacks = config:
+    let
+      ipv4 = if config.network.ipv4.address != null then [ "http://${config.network.ipv4.address}" ] else [ ];
+      ipv6 = if config.network.ipv6.address != null then [ "http://${config.network.ipv6.address}" ] else [ ];
+    in
+    [
+      "kolyma.uz"
+      "www.kolyma.uz"
+      "niggerlicious.uz"
+      "www.niggerlicious.uz"
+    ]
+    ++ ipv4
+    ++ ipv6
+    ++ config.services.www.alias;
+
+  default = {
+    # Configure Nginx
+    services.nginx = {
+      # Enable the Nginx web server
+      enable = true;
+
+      # Default virtual host
+      virtualHosts = {
+        "kolyma.uz" = {
+          forceSSL = true;
+          enableACME = true;
+          serverAliases = fallbacks config;
+          root = "${pkgs.personal.gate}/www";
+        };
+      };
+    };
+
+    # Accepting ACME Terms
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "admin@kolyma.uz";
+      };
+    };
+
+    # Ensure the firewall allows HTTP and HTTPS traffic
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedUDPPorts = [ 80 443 ];
+  };
+
+  extra = {
+    # Extra configurations for Nginx
+    services.nginx = {
+      # User provided hosts
+      virtualHosts = config.services.www.hosts;
+    };
+  };
+
+  cfg = lib.mkMerge [
+    default
+    extra
+  ];
+in
+{
+  options = {
+    services.www = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Enable the web server/proxy";
+      };
+
+      alias = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
+        default = [ ];
+        description = "List of extra aliases to host.";
+      };
+
+      hosts = lib.mkOption {
+        type = lib.types.attrsOf lib.types.anything;
+        default = { };
+        description = "List of hosted container instances.";
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.www.enable cfg;
+}

nixos/kolyma-2/services/default.nix

@@ -10,5 +10,8 @@
 
     # Web server & proxy virtual hosts via caddy
     ./caddy.nix
+
+    # GitLab server
+    ./gitlab.nix
   ];
 }

nixos/kolyma-2/services/gitlab.nix

@@ -0,0 +1,26 @@
+{ outputs, pkgs, ... }: {
+  services.gitlab = {
+    enable = true;
+    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
+    initialRootPasswordFile = pkgs.writeText "rootPassword" "dakqdvp4ovhksxer";
+    secrets = {
+      secretFile = pkgs.writeText "secret" "xlHvN7tfexeTbFVHbkVKESQbyTZXG9v1TZ1me9Txa4GtxUMeKI";
+      otpFile = pkgs.writeText "otpsecret" "ME5h5Wh4NUjlvSqIM2tbBs9v44BVJb0BMrpGjOInGGJeJ6U7rE";
+      dbFile = pkgs.writeText "dbsecret" "HNWvNMIv9APPn9jl7K02Jh7EEpqtmPPrfgF7o0wUx4IrbmOFww";
+      jwsFile = pkgs.runCommand "oidcKeyBase" { } "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      localhost = {
+        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+      };
+    };
+  };
+
+  systemd.services.gitlab-backup.environment.BACKUP = "dump";
+
+}

nixos/kolyma-4/services/default.nix

@@ -6,6 +6,6 @@
     ./container.nix
 
     # Web server & proxy virtual hosts via caddy
-    ./caddy.nix
+    ./www.nix
   ];
 }

nixos/kolyma-4/services/caddy.nix → nixos/kolyma-4/services/www.nix

@@ -1,6 +1,6 @@
 { outputs, ... }: {
   imports = [
-    outputs.nixosModules.caddy
+    outputs.nixosModules.nginx
   ];
 
   # Enable web server & proxy