refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`

Nix-sync was sort-of mixed into the nginx configuration, thus separating
it completely seemed reasonable.

1 files changed, 61 insertions, 0 deletions

diff --git a/modules/nixos/vhack/nix-sync/default.nix b/modules/nixos/vhack/nix-sync/default.nix
new file mode 100644
index 0000000..a624e0e
--- /dev/null
+++ b/modules/nixos/vhack/nix-sync/default.nix
@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.nix-sync;
+
+  mkNixSyncRepository = {
+    domain,
+    root ? "",
+    url,
+    extraSettings ? {},
+  }: {
+    name = "${domain}";
+    value = {
+      path = "/etc/nginx/websites/${domain}/${root}";
+      uri = "${url}";
+      inherit extraSettings;
+    };
+  };
+  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
+
+  mkVirtHost = {
+    domain,
+    root ? "",
+    url,
+    extraSettings ? {},
+  }: {
+    name = "${domain}";
+    value =
+      lib.recursiveUpdate {
+        forceSSL = true;
+        enableACME = true;
+        root = "/etc/nginx/websites/${domain}/${root}";
+      }
+      extraSettings;
+  };
+  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
+
+  domains = import ./hosts.nix {};
+in {
+  imports = [
+    ./module.nix
+  ];
+
+  options.vhack.nix-sync = {
+    enable = lib.mkEnableOption ''
+      a website git ops solution.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nix-sync = {
+      enable = true;
+      repositories = nixSyncRepositories;
+    };
+
+    vhack.nginx.enable = true;
+    services.nginx.virtualHosts = virtHosts;
+  };
+}