diff --git a/modules/nixos/guests/website/default.nix b/modules/nixos/guests/website/default.nix index 40553db..5d15f5a 100755 --- a/modules/nixos/guests/website/default.nix +++ b/modules/nixos/guests/website/default.nix @@ -16,43 +16,34 @@ in autostart = true; config = { system.stateVersion = "25.05"; - networking.firewall.allowedTCPPorts = [ 22 - 8080 + 80 ]; - services.openssh = { enable = true; settings.PasswordAuthentication = false; }; - environment.etc."website".source = websitePkg; - users.users.root.openssh.authorizedKeys.keys = flake.config.people.users.${user0}.sshKeys; - - systemd = { - network = { - enable = true; - networks."10-enp" = { - matchConfig.Name = "enp0s3"; - addresses = [ - { Address = "${serviceCfg.interface.ip}/24"; } - ]; - gateway = [ serviceCfg.interface.gate ]; - }; - }; - - services.website = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - ExecStart = "${pkgs.miniserve}/bin/miniserve /etc/website --index index.html -p 8080"; - Restart = "always"; - }; + systemd.network = { + enable = true; + networks."10-enp" = { + matchConfig.Name = "enp0s3"; + addresses = [ + { Address = "${serviceCfg.interface.ip}/24"; } + ]; + gateway = [ serviceCfg.interface.gate ]; }; }; - + services.caddy = { + enable = true; + virtualHosts.":80".extraConfig = '' + root * /etc/website + file_server + try_files {path} /index.html + ''; + }; microvm = { vcpu = 2; mem = 3072; @@ -75,23 +66,17 @@ in }; }; }; - services.caddy = { - enable = true; virtualHosts.${host}.extraConfig = '' - reverse_proxy ${serviceCfg.interface.ip}:8080 - + reverse_proxy ${serviceCfg.interface.ip}:80 tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} ''; }; - security.acme.certs.${host} = { dnsProvider = instances.web.dns.provider0; environmentFile = config.sops.secrets."dns/${instances.web.dns.provider0}".path; }; - systemd.tmpfiles.rules = [ "d ${serviceCfg.mntPaths.path0} 0755 microvm wheel - -" ]; - }