blog-static-flake/module.nix

59 lines
1.6 KiB
Nix
Raw Normal View History

2021-10-22 19:34:28 -07:00
{ lib, config, ... }:
with lib;
let
cfg = config.services.danilafe-blog;
2021-10-23 00:51:13 -07:00
sslForSite = package: package.ssl;
anySsl = any sslForSite cfg.sites;
virtualHost = package:
2021-10-22 19:34:28 -07:00
{
2021-10-23 00:51:13 -07:00
virtualHosts."${package.host}" = mkMerge [
2021-10-22 19:34:28 -07:00
{
root = package;
}
2021-10-23 00:51:13 -07:00
(mkIf (sslForSite package) {
2021-10-22 19:34:28 -07:00
addSSL = true;
enableACME = true;
acmeRoot = cfg.challengePath;
})
];
};
2021-10-23 00:51:13 -07:00
service = package:
{
2021-10-22 19:34:28 -07:00
# Workaround for new configuration setting all of /var to be readonly.
# See https://github.com/NixOS/nixpkgs/issues/139310
2021-10-23 00:51:13 -07:00
"acme-${package.host}".serviceConfig = {
2021-10-22 19:34:28 -07:00
ReadWritePaths = [ cfg.challengePath ];
};
};
2021-10-23 00:51:13 -07:00
virtualHosts = map virtualHost cfg.sites;
services = map service (filter sslForSite cfg.sites);
2021-10-22 19:34:28 -07:00
in
{
options.services.danilafe-blog = {
enable = mkEnableOption "Daniel's blog service";
2021-10-23 00:51:13 -07:00
sites = mkOption {
type = types.listOf types.package;
2021-10-22 23:12:30 -07:00
default = {};
2021-10-23 00:51:13 -07:00
description = "List of versions of this blog that should be enabled.";
2021-10-22 19:34:28 -07:00
};
challengePath = mkOption {
type = types.str;
2021-10-22 19:46:56 -07:00
description = "The location for ACME challenges.";
2021-10-22 19:34:28 -07:00
};
};
config.services.nginx = mkIf cfg.enable (mkMerge (virtualHosts ++ [
2021-10-22 19:34:28 -07:00
{
# Always enable nginx.
enable = true;
recommendedGzipSettings = true;
2021-10-22 19:34:28 -07:00
}
]));
config.systemd.services = mkIf cfg.enable (mkMerge services);
config.security.acme = mkIf (cfg.enable && anySsl) {
2021-10-23 00:51:13 -07:00
# If any site uses SSL, enable ACME and accept terms.
2022-03-27 21:46:10 -07:00
defaults.email = "danila.fedorin@gmail.com";
2021-10-22 23:14:13 -07:00
acceptTerms = true;
2021-10-22 22:51:52 -07:00
};
2021-10-22 19:34:28 -07:00
}