{ config, lib, pkgs, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; virtualHosts."noms.ing" = { enableACME = true; forceSSL = true; locations."/".root = ../../pkgs/nomsing; }; virtualHosts."meow.noms.ing" = { enableACME = true; forceSSL = true; locations."/".root = ../../pkgs/nomsing; }; virtualHosts."webring.noms.ing" = { enableACME = true; forceSSL = true; locations."~ (.*)".extraConfig = '' fastcgi_pass unix:${config.services.fcgiwrap.instances.nomsing.socket.address}; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME ${lib.getExe pkgs.nomsring}; fastcgi_param PATH_INFO $1; ''; }; }; services.fcgiwrap.instances.nomsing = { socket = { user = "nomsring"; group = "users"; mode = "0622"; }; }; users.users.nomsring = { isSystemUser = true; group = "users"; }; }