summary refs log tree commit diff stats
path: root/system/services/nginx/default.nix
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-08-02 22:39:02 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-08-02 23:13:29 +0200
commit30e649a6d43c4ef2473a1820930cbe7d43e28432 (patch)
treef34df66d41344a9289628d9c8f9e002614f97c16 /system/services/nginx/default.nix
parentbuild(flake): Update (diff)
downloadnixos-server-30e649a6d43c4ef2473a1820930cbe7d43e28432.tar.gz
nixos-server-30e649a6d43c4ef2473a1820930cbe7d43e28432.zip
refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`
Nix-sync was sort-of mixed into the nginx configuration, thus separating
it completely seemed reasonable.
Diffstat (limited to 'system/services/nginx/default.nix')
-rw-r--r--system/services/nginx/default.nix79
1 files changed, 0 insertions, 79 deletions
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
deleted file mode 100644
index b804754..0000000
--- a/system/services/nginx/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{lib, ...}: let
-  domains = import ./hosts.nix {};
-  importedRedirects = import ./redirects.nix {};
-  mkRedirect = {
-    key,
-    value,
-  }: {
-    name = key;
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 ${value}";
-    };
-  };
-  mkVirtHost = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value =
-      lib.recursiveUpdate {
-        forceSSL = true;
-        enableACME = true;
-        root = "/etc/nginx/websites/${domain}/${root}";
-      }
-      extraSettings;
-  };
-
-  mkNixSyncRepository = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value = {
-      path = "/etc/nginx/websites/${domain}/${root}";
-      uri = "${url}";
-      inherit extraSettings;
-    };
-  };
-
-  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
-  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
-  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
-in {
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "admin@vhack.eu";
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [80 443];
-  };
-  services.nginx = {
-    enable = true;
-    # The merge here is fine, as no domain should be specified twice
-    virtualHosts =
-      {
-        "gallery.s-schoeffel.de" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "/srv/gallery.s-schoeffel.de";
-        };
-      }
-      // virtHosts
-      // redirects;
-  };
-
-  services.nix-sync = {
-    enable = true;
-    repositories = nixSyncRepositories;
-  };
-}