summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/nixos/vhack/default.nix2
-rw-r--r--modules/nixos/vhack/nginx/default.nix68
-rw-r--r--modules/nixos/vhack/nginx/redirects.nix (renamed from system/services/nginx/redirects.nix)0
-rw-r--r--modules/nixos/vhack/nix-sync/default.nix61
-rw-r--r--modules/nixos/vhack/nix-sync/hosts.nix (renamed from system/services/nginx/hosts.nix)0
-rw-r--r--modules/nixos/vhack/nix-sync/module.nix (renamed from system/services/nix-sync/default.nix)0
-rw-r--r--system/services/default.nix2
-rw-r--r--system/services/nginx/default.nix79
8 files changed, 131 insertions, 81 deletions
diff --git a/modules/nixos/vhack/default.nix b/modules/nixos/vhack/default.nix
index 1c98f58..cb0131f 100644
--- a/modules/nixos/vhack/default.nix
+++ b/modules/nixos/vhack/default.nix
@@ -2,6 +2,8 @@
   imports = [
     ./etesync
     ./git-server
+    ./nginx
+    ./nix-sync
     ./peertube
   ];
 }
diff --git a/modules/nixos/vhack/nginx/default.nix b/modules/nixos/vhack/nginx/default.nix
new file mode 100644
index 0000000..6a82147
--- /dev/null
+++ b/modules/nixos/vhack/nginx/default.nix
@@ -0,0 +1,68 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  importedRedirects = import ./redirects.nix {};
+  mkRedirect = {
+    key,
+    value,
+  }: {
+    name = key;
+    value = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".return = "301 ${value}";
+    };
+  };
+
+  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
+
+  cfg = config.vhack.nginx;
+in {
+  options.vhack.nginx = {
+    enable = lib.mkEnableOption ''
+      a default nginx config.
+    '';
+
+    selfsign = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to selfsign the acme certificates. This should only
+        really be useful for tests.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "admin@vhack.eu";
+        webroot = "/var/lib/acme/acme-challenge";
+
+        # Avoid spamming the acme server, if we run in a test, and only really want self-signed
+        # certificates
+        server = lib.mkIf cfg.selfsign "https://127.0.0.1";
+      };
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [80 443];
+    };
+    services.nginx = {
+      enable = true;
+      # The merge here is fine, as no domain should be specified twice
+      virtualHosts =
+        {
+          "gallery.s-schoeffel.de" = {
+            forceSSL = true;
+            enableACME = true;
+            root = "/srv/gallery.s-schoeffel.de";
+          };
+        }
+        // redirects;
+    };
+  };
+}
diff --git a/system/services/nginx/redirects.nix b/modules/nixos/vhack/nginx/redirects.nix
index a021e72..a021e72 100644
--- a/system/services/nginx/redirects.nix
+++ b/modules/nixos/vhack/nginx/redirects.nix
diff --git a/modules/nixos/vhack/nix-sync/default.nix b/modules/nixos/vhack/nix-sync/default.nix
new file mode 100644
index 0000000..a624e0e
--- /dev/null
+++ b/modules/nixos/vhack/nix-sync/default.nix
@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.nix-sync;
+
+  mkNixSyncRepository = {
+    domain,
+    root ? "",
+    url,
+    extraSettings ? {},
+  }: {
+    name = "${domain}";
+    value = {
+      path = "/etc/nginx/websites/${domain}/${root}";
+      uri = "${url}";
+      inherit extraSettings;
+    };
+  };
+  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
+
+  mkVirtHost = {
+    domain,
+    root ? "",
+    url,
+    extraSettings ? {},
+  }: {
+    name = "${domain}";
+    value =
+      lib.recursiveUpdate {
+        forceSSL = true;
+        enableACME = true;
+        root = "/etc/nginx/websites/${domain}/${root}";
+      }
+      extraSettings;
+  };
+  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
+
+  domains = import ./hosts.nix {};
+in {
+  imports = [
+    ./module.nix
+  ];
+
+  options.vhack.nix-sync = {
+    enable = lib.mkEnableOption ''
+      a website git ops solution.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nix-sync = {
+      enable = true;
+      repositories = nixSyncRepositories;
+    };
+
+    vhack.nginx.enable = true;
+    services.nginx.virtualHosts = virtHosts;
+  };
+}
diff --git a/system/services/nginx/hosts.nix b/modules/nixos/vhack/nix-sync/hosts.nix
index 98dbbf1..98dbbf1 100644
--- a/system/services/nginx/hosts.nix
+++ b/modules/nixos/vhack/nix-sync/hosts.nix
diff --git a/system/services/nix-sync/default.nix b/modules/nixos/vhack/nix-sync/module.nix
index a3ab0af..a3ab0af 100644
--- a/system/services/nix-sync/default.nix
+++ b/modules/nixos/vhack/nix-sync/module.nix
diff --git a/system/services/default.nix b/system/services/default.nix
index 8b8151a..3155272 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -10,9 +10,7 @@
     ./minecraft
     ./miniflux
     ./murmur
-    ./nginx
     ./nix
-    ./nix-sync
     ./openssh
     ./restic
     ./rust-motd
diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
deleted file mode 100644
index b804754..0000000
--- a/system/services/nginx/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{lib, ...}: let
-  domains = import ./hosts.nix {};
-  importedRedirects = import ./redirects.nix {};
-  mkRedirect = {
-    key,
-    value,
-  }: {
-    name = key;
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 ${value}";
-    };
-  };
-  mkVirtHost = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value =
-      lib.recursiveUpdate {
-        forceSSL = true;
-        enableACME = true;
-        root = "/etc/nginx/websites/${domain}/${root}";
-      }
-      extraSettings;
-  };
-
-  mkNixSyncRepository = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value = {
-      path = "/etc/nginx/websites/${domain}/${root}";
-      uri = "${url}";
-      inherit extraSettings;
-    };
-  };
-
-  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
-  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
-  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
-in {
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "admin@vhack.eu";
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [80 443];
-  };
-  services.nginx = {
-    enable = true;
-    # The merge here is fine, as no domain should be specified twice
-    virtualHosts =
-      {
-        "gallery.s-schoeffel.de" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "/srv/gallery.s-schoeffel.de";
-        };
-      }
-      // virtHosts
-      // redirects;
-  };
-
-  services.nix-sync = {
-    enable = true;
-    repositories = nixSyncRepositories;
-  };
-}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-28 22:54:29 +0000