1 files changed, 24 insertions, 15 deletions

diff --git a/modules/by-name/ng/nginx/module.nix b/modules/by-name/ng/nginx/module.nix
index 30406fe..39919c9 100644
--- a/modules/by-name/ng/nginx/module.nix
+++ b/modules/by-name/ng/nginx/module.nix
@@ -3,20 +3,13 @@
   config,
   ...
 }: let
-  importedRedirects = import ./redirects.nix {};
-  mkRedirect = {
-    key,
-    value,
-  }: {
-    name = key;
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 ${value}";
-    };
+  mkRedirect = _: value: {
+    forceSSL = true;
+    enableACME = true;
+    locations."/".return = "301 ${value}";
   };
 
-  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
+  redirects = builtins.mapAttrs mkRedirect cfg.redirects;
 
   cfg = config.vhack.nginx;
 in {
@@ -33,12 +26,28 @@ in {
         really be useful for tests.
       '';
     };
+
+    redirects = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {};
+      description = ''
+        An attrset of redirects to add.
+        The keys are the domain that should than be redirected to the url specified as
+        value.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
     vhack.persist.directories = [
       "/var/lib/acme"
     ];
+
+    users = {
+      users.acme.uid = config.vhack.constants.ids.uids.acme;
+      groups.acme.gid = config.vhack.constants.ids.gids.acme;
+    };
+
     security.acme = {
       acceptTerms = true;
       defaults = {
@@ -56,8 +65,9 @@ in {
     };
     services.nginx = {
       enable = true;
-      # The merge here is fine, as no domain should be specified twice
-      #virtualHosts =
+      virtualHosts = redirects;
+
+      # FIXME(@bpeetz): Migrate to a host. <2024-12-25>
       #  {
       #    "gallery.s-schoeffel.de" = {
       #      forceSSL = true;
@@ -65,7 +75,6 @@ in {
       #      root = "/srv/gallery.s-schoeffel.de";
       #    };
       #  }
-      #  // redirects;
     };
   };
 }