From 211237d9be195ab752f908268c5650362b33aa61 Mon Sep 17 00:00:00 2001 From: Danila Fedorin Date: Tue, 11 Apr 2023 02:53:15 +0000 Subject: [PATCH] Remove module in favor of letting system configure nginx --- flake.lock | 8 ++++---- flake.nix | 28 +++++++++++++------------- lib.nix | 14 ++++++++++++- module.nix | 58 ------------------------------------------------------ 4 files changed, 31 insertions(+), 77 deletions(-) delete mode 100644 module.nix diff --git a/flake.lock b/flake.lock index 8007138..36116b8 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "blog-source": { "flake": false, "locked": { - "lastModified": 1676875795, - "narHash": "sha256-MnzRvG3Ct7D+zU1vwpLGMAe5Zoz/Y0WQRnZh7Ts40/s=", + "lastModified": 1681105957, + "narHash": "sha256-9cjA5X5ZP4FkT48L2kHoujyB9l4WRnagdo5Sa+mKxHY=", "ref": "master", - "rev": "cc2b5ef918ad8da4c1fe84be34e42a53627f9c7b", - "revCount": 628, + "rev": "a71c0c4e74d881af8631b17947ebe4bcb5c4ce0e", + "revCount": 634, "submodules": true, "type": "git", "url": "https://dev.danilafe.com/Web-Projects/blog-static.git" diff --git a/flake.nix b/flake.nix index df037a5..ccce0dd 100644 --- a/flake.nix +++ b/flake.nix @@ -13,18 +13,18 @@ }; outputs = { self, blog-source, nixpkgs, flake-utils, katex-html, resume }: - let - buildersFor = system: import ./lib.nix { - inherit blog-source; - pkgs = import nixpkgs { inherit system; }; - katex-html = katex-html.defaultPackage.${system}; - resume = resume.defaultPackage.${system}; - }; - in - { - inherit buildersFor; - nixosModule = (import ./module.nix); - } // flake-utils.lib.eachDefaultSystem (system: { - defaultPackage = (buildersFor system).english { host = "danilafe.com"; }; - }); + flake-utils.lib.eachDefaultSystem (system: + let + lib = import ./lib.nix { + inherit blog-source; + pkgs = import nixpkgs { inherit system; }; + katex-html = katex-html.defaultPackage.${system}; + resume = resume.defaultPackage.${system}; + }; + in + { + inherit lib; + defaultPackage = lib.english { host = "danilafe.com"; }; + } + ); } diff --git a/lib.nix b/lib.nix index 6e88a9b..31ba09b 100644 --- a/lib.nix +++ b/lib.nix @@ -1,4 +1,4 @@ -{ blog-source, pkgs, katex-html, resume }: +{ pkgs, blog-source, katex-html, resume }: with pkgs; with lib; @@ -29,4 +29,16 @@ in src = blog-source; path = "."; }; + virtualHostFor = package: + { + "${package.host}" = mkMerge [ + { + root = package; + } + (mkIf (package.ssl) { + forceSSL = true; + enableACME = true; + }) + ]; + }; } diff --git a/module.nix b/module.nix deleted file mode 100644 index f6e33de..0000000 --- a/module.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.services.danilafe-blog; - sslForSite = package: package.ssl; - anySsl = any sslForSite cfg.sites; - virtualHost = package: - { - virtualHosts."${package.host}" = mkMerge [ - { - root = package; - } - (mkIf (sslForSite package) { - addSSL = true; - enableACME = true; - acmeRoot = cfg.challengePath; - }) - ]; - }; - service = package: - { - # Workaround for new configuration setting all of /var to be readonly. - # See https://github.com/NixOS/nixpkgs/issues/139310 - "acme-${package.host}".serviceConfig = { - ReadWritePaths = [ cfg.challengePath ]; - }; - }; - virtualHosts = map virtualHost cfg.sites; - services = map service (filter sslForSite cfg.sites); -in - { - options.services.danilafe-blog = { - enable = mkEnableOption "Daniel's blog service"; - sites = mkOption { - type = types.listOf types.package; - default = {}; - description = "List of versions of this blog that should be enabled."; - }; - challengePath = mkOption { - type = types.str; - description = "The location for ACME challenges."; - }; - }; - - config.services.nginx = mkIf cfg.enable (mkMerge (virtualHosts ++ [ - { - # Always enable nginx. - enable = true; - recommendedGzipSettings = true; - } - ])); - config.systemd.services = mkIf cfg.enable (mkMerge services); - config.security.acme = mkIf (cfg.enable && anySsl) { - # If any site uses SSL, enable ACME and accept terms. - defaults.email = "danila.fedorin@gmail.com"; - acceptTerms = true; - }; - }