about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--users/tazjin/nixos/koptevo/default.nix2
-rw-r--r--users/tazjin/nixos/modules/homepage.nix69
2 files changed, 41 insertions, 30 deletions
diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix
index e5199f34e7de..ec490e453c70 100644
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@@ -98,6 +98,8 @@ in
     openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
   };
 
+  users.users.nginx.extraGroups = [ "acme" ];
+
   age.secrets =
     let
       secretFile = name: depot.users.tazjin.secrets."${name}.age";
diff --git a/users/tazjin/nixos/modules/homepage.nix b/users/tazjin/nixos/modules/homepage.nix
index b109fbefd3be..65191d6e7087 100644
--- a/users/tazjin/nixos/modules/homepage.nix
+++ b/users/tazjin/nixos/modules/homepage.nix
@@ -1,6 +1,38 @@
 # serve tazjin's website & blog
 { depot, config, lib, pkgs, ... }:
 
+let
+  extraConfig = ''
+    location = /en/rss.xml {
+      return 301 https://tazj.in/feed.atom;
+    }
+
+    ${depot.users.tazjin.blog.oldRedirects}
+    location /blog/ {
+      alias ${depot.users.tazjin.blog.rendered}/;
+
+      if ($request_uri ~ ^/(.*)\.html$) {
+        return 302 /$1;
+      }
+
+      try_files $uri $uri.html $uri/ =404;
+    }
+
+    location = /predlozhnik {
+      return 302 https://predlozhnik.ru;
+    }
+
+    # redirect for easier entry on a TV
+    location = /tv {
+      return 302 https://tazj.in/blobs/play.html;
+    }
+
+    # Temporary place for serving static files.
+    location /blobs/ {
+      alias /var/lib/tazjins-blobs/;
+    }
+  '';
+in
 {
   config = {
     services.nginx.virtualHosts."tazj.in" = {
@@ -8,37 +40,14 @@
       forceSSL = true;
       root = depot.users.tazjin.homepage;
       serverAliases = [ "www.tazj.in" ];
+      inherit extraConfig;
+    };
 
-      extraConfig = ''
-        location = /en/rss.xml {
-          return 301 https://tazj.in/feed.atom;
-        }
-
-        ${depot.users.tazjin.blog.oldRedirects}
-        location /blog/ {
-          alias ${depot.users.tazjin.blog.rendered}/;
-
-          if ($request_uri ~ ^/(.*)\.html$) {
-            return 302 /$1;
-          }
-
-          try_files $uri $uri.html $uri/ =404;
-        }
-
-        location = /predlozhnik {
-          return 302 https://predlozhnik.ru;
-        }
-
-        # redirect for easier entry on a TV
-        location = /tv {
-          return 302 https://tazj.in/blobs/play.html;
-        }
-
-        # Temporary place for serving static files.
-        location /blobs/ {
-          alias /var/lib/tazjins-blobs/;
-        }
-      '';
+    services.nginx.virtualHosts."y.tazj.in" = {
+      enableSSL = true;
+      useACMEHost = "y.tazj.in";
+      root = depot.users.tazjin.homepage;
+      inherit extraConfig;
     };
 
     services.nginx.virtualHosts."git.tazj.in" = {