diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 18:54:51 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 20:02:11 +0100 |
| commit | 94816c9c63899b936764c9ece659fb6a1044e6e1 (patch) | |
| tree | ceb93831b394d2425506979436d4da0c08d7333e | |
| parent | fix(modules/nix-sync/internal): Fix syntax errors in shell-script (diff) | |
| download | nixos-server-94816c9c63899b936764c9ece659fb6a1044e6e1.tar.gz nixos-server-94816c9c63899b936764c9ece659fb6a1044e6e1.zip | |
feat(modules/nginx): Modularise the redirects and migrate them to server2
The redirects always have an implicit dependency on the DNS config of the running host. As such, simply stating them for all host is never a possibility and setting them per host the only viable option.
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 7 | ||||
| -rw-r--r-- | modules/by-name/ng/nginx/module.nix | 47 | ||||
| -rw-r--r-- | modules/by-name/ng/nginx/redirects.nix | 6 |
3 files changed, 31 insertions, 29 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index f385b55..6d412fa 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -20,7 +20,12 @@ domain = "git.foss-syndicate.org"; gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532"; }; - nginx.enable = true; + nginx = { + enable = true; + redirects = { + "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server"; + }; + }; openssh.enable = true; persist = { enable = true; diff --git a/modules/by-name/ng/nginx/module.nix b/modules/by-name/ng/nginx/module.nix index 1e9b626..39919c9 100644 --- a/modules/by-name/ng/nginx/module.nix +++ b/modules/by-name/ng/nginx/module.nix @@ -3,20 +3,13 @@ config, ... }: let - importedRedirects = import ./redirects.nix {}; - mkRedirect = { - key, - value, - }: { - name = key; - value = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 ${value}"; - }; + mkRedirect = _: value: { + forceSSL = true; + enableACME = true; + locations."/".return = "301 ${value}"; }; - redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects); + redirects = builtins.mapAttrs mkRedirect cfg.redirects; cfg = config.vhack.nginx; in { @@ -33,6 +26,16 @@ in { really be useful for tests. ''; }; + + redirects = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = '' + An attrset of redirects to add. + The keys are the domain that should than be redirected to the url specified as + value. + ''; + }; }; config = lib.mkIf cfg.enable { @@ -62,16 +65,16 @@ in { }; services.nginx = { enable = true; - # The merge here is fine, as no domain should be specified twice - virtualHosts = - { - "gallery.s-schoeffel.de" = { - forceSSL = true; - enableACME = true; - root = "/srv/gallery.s-schoeffel.de"; - }; - } - // redirects; + virtualHosts = redirects; + + # FIXME(@bpeetz): Migrate to a host. <2024-12-25> + # { + # "gallery.s-schoeffel.de" = { + # forceSSL = true; + # enableACME = true; + # root = "/srv/gallery.s-schoeffel.de"; + # }; + # } }; }; } diff --git a/modules/by-name/ng/nginx/redirects.nix b/modules/by-name/ng/nginx/redirects.nix deleted file mode 100644 index a021e72..0000000 --- a/modules/by-name/ng/nginx/redirects.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: [ - { - key = "source.vhack.eu"; - value = "https://codeberg.org/vhack.eu/nixos-server"; - } -] |