From 2b766df421b359b2d2cd10c32f3fa04611b22999 Mon Sep 17 00:00:00 2001
From: Soispha <soispha@vhack.eu>
Date: Fri, 28 Jul 2023 17:57:10 +0200
Subject: Refactor(system/services/nginx): Reduce encrypted stuff to a minimum

---
 system/services/nginx/default.nix |  40 ++++++++++++++++++++++++++++++++++----
 system/services/nginx/hosts.nix   | Bin 976 -> 298 bytes
 2 files changed, 36 insertions(+), 4 deletions(-)

(limited to 'system')

diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
index 404c167..8544475 100644
--- a/system/services/nginx/default.nix
+++ b/system/services/nginx/default.nix
@@ -1,7 +1,33 @@
-{...}: {
-  imports = [
-    ./hosts.nix
-  ];
+{...}: let
+  domains = import ./hosts.nix {};
+  mkVirtHost = {
+    domain,
+    root,
+    url,
+  }: {
+    name = "${domain}";
+    value = {
+      forceSSL = true;
+      enableACME = true;
+      root = "${root}";
+    };
+  };
+
+  mkNixSyncRepository = {
+    domain,
+    root,
+    url,
+  }: {
+    name = "${domain}";
+    value = {
+      path = "${root}";
+      uri = "${url}";
+    };
+  };
+
+  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
+  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
+in {
   security.acme = {
     acceptTerms = true;
     defaults = {
@@ -15,5 +41,11 @@
   };
   services.nginx = {
     enable = true;
+    virtualHosts = virtHosts;
+  };
+
+  services.nix-sync = {
+    enable = true;
+    repositories = nixSyncRepositories;
   };
 }
diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix
index 1590756..b209b69 100644
Binary files a/system/services/nginx/hosts.nix and b/system/services/nginx/hosts.nix differ
-- 
cgit 1.4.1