diff options
author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-08-02 22:39:02 +0200 |
---|---|---|
committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-08-02 23:13:29 +0200 |
commit | 30e649a6d43c4ef2473a1820930cbe7d43e28432 (patch) | |
tree | f34df66d41344a9289628d9c8f9e002614f97c16 /system/services/nginx/default.nix | |
parent | build(flake): Update (diff) | |
download | nixos-server-30e649a6d43c4ef2473a1820930cbe7d43e28432.tar.gz nixos-server-30e649a6d43c4ef2473a1820930cbe7d43e28432.zip |
refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`
Nix-sync was sort-of mixed into the nginx configuration, thus separating it completely seemed reasonable.
Diffstat (limited to 'system/services/nginx/default.nix')
-rw-r--r-- | system/services/nginx/default.nix | 79 |
1 files changed, 0 insertions, 79 deletions
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix deleted file mode 100644 index b804754..0000000 --- a/system/services/nginx/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{lib, ...}: let - domains = import ./hosts.nix {}; - importedRedirects = import ./redirects.nix {}; - mkRedirect = { - key, - value, - }: { - name = key; - value = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 ${value}"; - }; - }; - mkVirtHost = { - domain, - root ? "", - url, - extraSettings ? {}, - }: { - name = "${domain}"; - value = - lib.recursiveUpdate { - forceSSL = true; - enableACME = true; - root = "/etc/nginx/websites/${domain}/${root}"; - } - extraSettings; - }; - - mkNixSyncRepository = { - domain, - root ? "", - url, - extraSettings ? {}, - }: { - name = "${domain}"; - value = { - path = "/etc/nginx/websites/${domain}/${root}"; - uri = "${url}"; - inherit extraSettings; - }; - }; - - virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains); - nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains); - redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects); -in { - security.acme = { - acceptTerms = true; - defaults = { - email = "admin@vhack.eu"; - webroot = "/var/lib/acme/acme-challenge"; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - }; - services.nginx = { - enable = true; - # The merge here is fine, as no domain should be specified twice - virtualHosts = - { - "gallery.s-schoeffel.de" = { - forceSSL = true; - enableACME = true; - root = "/srv/gallery.s-schoeffel.de"; - }; - } - // virtHosts - // redirects; - }; - - services.nix-sync = { - enable = true; - repositories = nixSyncRepositories; - }; -} |