From 94816c9c63899b936764c9ece659fb6a1044e6e1 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Wed, 25 Dec 2024 18:54:51 +0100
Subject: feat(modules/nginx): Modularise the redirects and migrate them to
 server2

The redirects always have an implicit dependency on the DNS config of
the running host. As such, simply stating them for all host is never a
possibility and setting them per host the only viable option.
---
 hosts/by-name/server2/configuration.nix |  7 ++++-
 modules/by-name/ng/nginx/module.nix     | 47 ++++++++++++++++++---------------
 modules/by-name/ng/nginx/redirects.nix  |  6 -----
 3 files changed, 31 insertions(+), 29 deletions(-)
 delete mode 100644 modules/by-name/ng/nginx/redirects.nix

diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index f385b55..6d412fa 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -20,7 +20,12 @@
       domain = "git.foss-syndicate.org";
       gitolite.adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz cardno:000F_18F83532";
     };
-    nginx.enable = true;
+    nginx = {
+      enable = true;
+      redirects = {
+        "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server";
+      };
+    };
     openssh.enable = true;
     persist = {
       enable = true;
diff --git a/modules/by-name/ng/nginx/module.nix b/modules/by-name/ng/nginx/module.nix
index 1e9b626..39919c9 100644
--- a/modules/by-name/ng/nginx/module.nix
+++ b/modules/by-name/ng/nginx/module.nix
@@ -3,20 +3,13 @@
   config,
   ...
 }: let
-  importedRedirects = import ./redirects.nix {};
-  mkRedirect = {
-    key,
-    value,
-  }: {
-    name = key;
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 ${value}";
-    };
+  mkRedirect = _: value: {
+    forceSSL = true;
+    enableACME = true;
+    locations."/".return = "301 ${value}";
   };
 
-  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
+  redirects = builtins.mapAttrs mkRedirect cfg.redirects;
 
   cfg = config.vhack.nginx;
 in {
@@ -33,6 +26,16 @@ in {
         really be useful for tests.
       '';
     };
+
+    redirects = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      default = {};
+      description = ''
+        An attrset of redirects to add.
+        The keys are the domain that should than be redirected to the url specified as
+        value.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -62,16 +65,16 @@ in {
     };
     services.nginx = {
       enable = true;
-      # The merge here is fine, as no domain should be specified twice
-      virtualHosts =
-        {
-          "gallery.s-schoeffel.de" = {
-            forceSSL = true;
-            enableACME = true;
-            root = "/srv/gallery.s-schoeffel.de";
-          };
-        }
-        // redirects;
+      virtualHosts = redirects;
+
+      # FIXME(@bpeetz): Migrate to a host. <2024-12-25>
+      #  {
+      #    "gallery.s-schoeffel.de" = {
+      #      forceSSL = true;
+      #      enableACME = true;
+      #      root = "/srv/gallery.s-schoeffel.de";
+      #    };
+      #  }
     };
   };
 }
diff --git a/modules/by-name/ng/nginx/redirects.nix b/modules/by-name/ng/nginx/redirects.nix
deleted file mode 100644
index a021e72..0000000
--- a/modules/by-name/ng/nginx/redirects.nix
+++ /dev/null
@@ -1,6 +0,0 @@
-{...}: [
-  {
-    key = "source.vhack.eu";
-    value = "https://codeberg.org/vhack.eu/nixos-server";
-  }
-]
-- 
cgit 1.4.1