{...}: let domains = import ./hosts.nix {}; importedRedirects = import ./redirects.nix {}; mkRedirect = { key, value, }: { name = key; value = { forceSSL = false; enableACME = false; locations."/".return = "301 ${value}"; }; }; mkVirtHost = { domain, root, url, }: { name = "${domain}"; value = { forceSSL = true; enableACME = true; root = "${root}"; }; }; mkNixSyncRepository = { domain, root, url, }: { name = "${domain}"; value = { path = "${root}"; uri = "${url}"; }; }; virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains); nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains); redirects = builtins.listToAttrs (builtins.map mkRedirect importedRedirects); in { security.acme = { acceptTerms = true; defaults = { email = "admin@vhack.eu"; webroot = "/var/lib/acme/acme-challenge"; }; }; networking.firewall = { allowedTCPPorts = [80 443]; }; services.nginx = { enable = true; # The merge here is fine, as no domain should be specified twice virtualHosts = virtHosts // redirects; }; services.nix-sync = { enable = true; repositories = nixSyncRepositories; }; }