diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 18:54:51 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-25 20:02:11 +0100 |
| commit | 94816c9c63899b936764c9ece659fb6a1044e6e1 (patch) | |
| tree | ceb93831b394d2425506979436d4da0c08d7333e /modules/by-name/ng/nginx/module.nix | |
| parent | fix(modules/nix-sync/internal): Fix syntax errors in shell-script (diff) | |
| download | nixos-server-94816c9c63899b936764c9ece659fb6a1044e6e1.tar.gz nixos-server-94816c9c63899b936764c9ece659fb6a1044e6e1.zip | |
feat(modules/nginx): Modularise the redirects and migrate them to server2
The redirects always have an implicit dependency on the DNS config of the running host. As such, simply stating them for all host is never a possibility and setting them per host the only viable option.
Diffstat (limited to 'modules/by-name/ng/nginx/module.nix')
| -rw-r--r-- | modules/by-name/ng/nginx/module.nix | 47 |
1 files changed, 25 insertions, 22 deletions
diff --git a/modules/by-name/ng/nginx/module.nix b/modules/by-name/ng/nginx/module.nix index 1e9b626..39919c9 100644 --- a/modules/by-name/ng/nginx/module.nix +++ b/modules/by-name/ng/nginx/module.nix @@ -3,20 +3,13 @@ config, ... }: let - importedRedirects = import ./redirects.nix {}; - mkRedirect = { - key, - value, - }: { - name = key; - value = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 ${value}"; - }; + mkRedirect = _: value: { + forceSSL = true; + enableACME = true; + locations."/".return = "301 ${value}"; }; - redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects); + redirects = builtins.mapAttrs mkRedirect cfg.redirects; cfg = config.vhack.nginx; in { @@ -33,6 +26,16 @@ in { really be useful for tests. ''; }; + + redirects = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = '' + An attrset of redirects to add. + The keys are the domain that should than be redirected to the url specified as + value. + ''; + }; }; config = lib.mkIf cfg.enable { @@ -62,16 +65,16 @@ in { }; services.nginx = { enable = true; - # The merge here is fine, as no domain should be specified twice - virtualHosts = - { - "gallery.s-schoeffel.de" = { - forceSSL = true; - enableACME = true; - root = "/srv/gallery.s-schoeffel.de"; - }; - } - // redirects; + virtualHosts = redirects; + + # FIXME(@bpeetz): Migrate to a host. <2024-12-25> + # { + # "gallery.s-schoeffel.de" = { + # forceSSL = true; + # enableACME = true; + # root = "/srv/gallery.s-schoeffel.de"; + # }; + # } }; }; } |