diff options
| author | Soispha <soispha@vhack.eu> | 2023-07-28 17:57:10 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-07-28 18:02:03 +0200 |
| commit | 2b766df421b359b2d2cd10c32f3fa04611b22999 (patch) | |
| tree | f7a003bcfe2a8024c2404c2620b84ff46f49bc23 | |
| parent | chore(version): v0.5.1 (diff) | |
| download | nixos-server-2b766df421b359b2d2cd10c32f3fa04611b22999.tar.gz nixos-server-2b766df421b359b2d2cd10c32f3fa04611b22999.zip | |
Refactor(system/services/nginx): Reduce encrypted stuff to a minimum
| -rw-r--r-- | system/services/nginx/default.nix | 40 | ||||
| -rw-r--r-- | system/services/nginx/hosts.nix | bin | 976 -> 298 bytes |
2 files changed, 36 insertions, 4 deletions
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix index 404c167..8544475 100644 --- a/system/services/nginx/default.nix +++ b/system/services/nginx/default.nix @@ -1,7 +1,33 @@ -{...}: { - imports = [ - ./hosts.nix - ]; +{...}: let + domains = import ./hosts.nix {}; + mkVirtHost = { + domain, + root, + url, + }: { + name = "${domain}"; + value = { + forceSSL = true; + enableACME = true; + root = "${root}"; + }; + }; + + mkNixSyncRepository = { + domain, + root, + url, + }: { + name = "${domain}"; + value = { + path = "${root}"; + uri = "${url}"; + }; + }; + + virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains); + nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains); +in { security.acme = { acceptTerms = true; defaults = { @@ -15,5 +41,11 @@ }; services.nginx = { enable = true; + virtualHosts = virtHosts; + }; + + services.nix-sync = { + enable = true; + repositories = nixSyncRepositories; }; } diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix index 1590756..b209b69 100644 --- a/system/services/nginx/hosts.nix +++ b/system/services/nginx/hosts.nix Binary files differ |