From 30e649a6d43c4ef2473a1820930cbe7d43e28432 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Fri, 2 Aug 2024 22:39:02 +0200
Subject: refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`

Nix-sync was sort-of mixed into the nginx configuration, thus separating
it completely seemed reasonable.
---
 system/services/nginx/default.nix | 79 ---------------------------------------
 1 file changed, 79 deletions(-)
 delete mode 100644 system/services/nginx/default.nix

(limited to 'system/services/nginx/default.nix')

diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
deleted file mode 100644
index b804754..0000000
--- a/system/services/nginx/default.nix
+++ /dev/null
@@ -1,79 +0,0 @@
-{lib, ...}: let
-  domains = import ./hosts.nix {};
-  importedRedirects = import ./redirects.nix {};
-  mkRedirect = {
-    key,
-    value,
-  }: {
-    name = key;
-    value = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 ${value}";
-    };
-  };
-  mkVirtHost = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value =
-      lib.recursiveUpdate {
-        forceSSL = true;
-        enableACME = true;
-        root = "/etc/nginx/websites/${domain}/${root}";
-      }
-      extraSettings;
-  };
-
-  mkNixSyncRepository = {
-    domain,
-    root ? "",
-    url,
-    extraSettings ? {},
-  }: {
-    name = "${domain}";
-    value = {
-      path = "/etc/nginx/websites/${domain}/${root}";
-      uri = "${url}";
-      inherit extraSettings;
-    };
-  };
-
-  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
-  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
-  redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects);
-in {
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "admin@vhack.eu";
-      webroot = "/var/lib/acme/acme-challenge";
-    };
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [80 443];
-  };
-  services.nginx = {
-    enable = true;
-    # The merge here is fine, as no domain should be specified twice
-    virtualHosts =
-      {
-        "gallery.s-schoeffel.de" = {
-          forceSSL = true;
-          enableACME = true;
-          root = "/srv/gallery.s-schoeffel.de";
-        };
-      }
-      // virtHosts
-      // redirects;
-  };
-
-  services.nix-sync = {
-    enable = true;
-    repositories = nixSyncRepositories;
-  };
-}
-- 
cgit 1.4.1