Remove module in favor of letting system configure nginx

2023-04-11 02:53:15 +00:00 · 2023-04-11 02:53:15 +00:00 · 211237d9be
commit 211237d9be
parent d44e5fc12f
4 changed files with 31 additions and 77 deletions
--- a/flake.lock
+++ b/flake.lock
@ -3,11 +3,11 @@
    "blog-source": {
      "flake": false,
      "locked": {
-        "lastModified": 1676875795,
+        "lastModified": 1681105957,
-        "narHash": "sha256-MnzRvG3Ct7D+zU1vwpLGMAe5Zoz/Y0WQRnZh7Ts40/s=",
+        "narHash": "sha256-9cjA5X5ZP4FkT48L2kHoujyB9l4WRnagdo5Sa+mKxHY=",
        "ref": "master",
-        "rev": "cc2b5ef918ad8da4c1fe84be34e42a53627f9c7b",
+        "rev": "a71c0c4e74d881af8631b17947ebe4bcb5c4ce0e",
-        "revCount": 628,
+        "revCount": 634,
        "submodules": true,
        "type": "git",
        "url": "https://dev.danilafe.com/Web-Projects/blog-static.git"
--- a/flake.nix
+++ b/flake.nix
@ -13,8 +13,9 @@
  };
  outputs = { self, blog-source, nixpkgs, flake-utils, katex-html, resume }:
    flake-utils.lib.eachDefaultSystem (system:
      let
-      buildersFor = system: import ./lib.nix {
+        lib = import ./lib.nix {
          inherit blog-source;
          pkgs = import nixpkgs { inherit system; };
          katex-html = katex-html.defaultPackage.${system};
@ -22,9 +23,8 @@
        };
      in
        {
-	inherit buildersFor;
+          inherit lib;
-        nixosModule = (import ./module.nix);
+          defaultPackage = lib.english { host = "danilafe.com"; };
-      } // flake-utils.lib.eachDefaultSystem (system: {
+        }
-        defaultPackage = (buildersFor system).english { host = "danilafe.com"; };
+    );
      });
 }
--- a/lib.nix
+++ b/lib.nix
@ -1,4 +1,4 @@
-{ blog-source, pkgs, katex-html, resume }:
+{ pkgs, blog-source, katex-html, resume }:
 with pkgs;
 with lib;
@ -29,4 +29,16 @@ in
      src = blog-source;
      path = ".";
    };
    virtualHostFor = package:
      {
        "${package.host}" = mkMerge [
          {
            root = package;
          }
          (mkIf (package.ssl) {
            forceSSL = true;
            enableACME = true;
          })
        ];
      };
  }
--- a/module.nix
+++ b/module.nix
@ -1,58 +0,0 @@
 { lib, config, ... }:
 with lib;
 let
  cfg = config.services.danilafe-blog;
  sslForSite = package: package.ssl;
  anySsl = any sslForSite cfg.sites;
  virtualHost = package:
    {
      virtualHosts."${package.host}" = mkMerge [
        {
          root = package;
        }
        (mkIf (sslForSite package) {
          addSSL = true;
          enableACME = true;
          acmeRoot = cfg.challengePath;
        })
      ];
    };
  service = package:
    {
      # Workaround for new configuration setting all of /var to be readonly.
      # See https://github.com/NixOS/nixpkgs/issues/139310
      "acme-${package.host}".serviceConfig = {
        ReadWritePaths = [ cfg.challengePath ];
      };
    };
  virtualHosts = map virtualHost cfg.sites;
  services = map service (filter sslForSite cfg.sites);
 in
  {
    options.services.danilafe-blog = {
      enable = mkEnableOption "Daniel's blog service";
      sites = mkOption {
        type = types.listOf types.package;
        default = {};
        description = "List of versions of this blog that should be enabled.";
      };
      challengePath = mkOption {
        type = types.str;
        description = "The location for ACME challenges.";
      };
    };
    config.services.nginx = mkIf cfg.enable (mkMerge (virtualHosts ++ [
      {
        # Always enable nginx.
        enable = true;
        recommendedGzipSettings = true;
      }
    ]));
    config.systemd.services = mkIf cfg.enable (mkMerge services);
    config.security.acme = mkIf (cfg.enable && anySsl) {
      # If any site uses SSL, enable ACME and accept terms.
      defaults.email = "danila.fedorin@gmail.com";
      acceptTerms = true;
    };
  }