diff options
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/vhack/nginx/redirects.nix (renamed from system/services/nginx/redirects.nix) | 0 | ||||
-rw-r--r-- | modules/nixos/vhack/nix-sync/hosts.nix (renamed from system/services/nginx/hosts.nix) | 0 | ||||
-rw-r--r-- | system/services/nginx/default.nix | 79 |
3 files changed, 0 insertions, 79 deletions
diff --git a/system/services/nginx/redirects.nix b/modules/nixos/vhack/nginx/redirects.nix index a021e72..a021e72 100644 --- a/system/services/nginx/redirects.nix +++ b/modules/nixos/vhack/nginx/redirects.nix diff --git a/system/services/nginx/hosts.nix b/modules/nixos/vhack/nix-sync/hosts.nix index 98dbbf1..98dbbf1 100644 --- a/system/services/nginx/hosts.nix +++ b/modules/nixos/vhack/nix-sync/hosts.nix diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix deleted file mode 100644 index b804754..0000000 --- a/system/services/nginx/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{lib, ...}: let - domains = import ./hosts.nix {}; - importedRedirects = import ./redirects.nix {}; - mkRedirect = { - key, - value, - }: { - name = key; - value = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 ${value}"; - }; - }; - mkVirtHost = { - domain, - root ? "", - url, - extraSettings ? {}, - }: { - name = "${domain}"; - value = - lib.recursiveUpdate { - forceSSL = true; - enableACME = true; - root = "/etc/nginx/websites/${domain}/${root}"; - } - extraSettings; - }; - - mkNixSyncRepository = { - domain, - root ? "", - url, - extraSettings ? {}, - }: { - name = "${domain}"; - value = { - path = "/etc/nginx/websites/${domain}/${root}"; - uri = "${url}"; - inherit extraSettings; - }; - }; - - virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains); - nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains); - redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects); -in { - security.acme = { - acceptTerms = true; - defaults = { - email = "admin@vhack.eu"; - webroot = "/var/lib/acme/acme-challenge"; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - }; - services.nginx = { - enable = true; - # The merge here is fine, as no domain should be specified twice - virtualHosts = - { - "gallery.s-schoeffel.de" = { - forceSSL = true; - enableACME = true; - root = "/srv/gallery.s-schoeffel.de"; - }; - } - // virtHosts - // redirects; - }; - - services.nix-sync = { - enable = true; - repositories = nixSyncRepositories; - }; -} |