Remove module in favor of letting system configure nginx

This commit is contained in:
Danila Fedorin 2023-04-11 02:53:15 +00:00
parent d44e5fc12f
commit 211237d9be
4 changed files with 31 additions and 77 deletions

View File

@ -3,11 +3,11 @@
"blog-source": { "blog-source": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1676875795, "lastModified": 1681105957,
"narHash": "sha256-MnzRvG3Ct7D+zU1vwpLGMAe5Zoz/Y0WQRnZh7Ts40/s=", "narHash": "sha256-9cjA5X5ZP4FkT48L2kHoujyB9l4WRnagdo5Sa+mKxHY=",
"ref": "master", "ref": "master",
"rev": "cc2b5ef918ad8da4c1fe84be34e42a53627f9c7b", "rev": "a71c0c4e74d881af8631b17947ebe4bcb5c4ce0e",
"revCount": 628, "revCount": 634,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://dev.danilafe.com/Web-Projects/blog-static.git" "url": "https://dev.danilafe.com/Web-Projects/blog-static.git"

View File

@ -13,18 +13,18 @@
}; };
outputs = { self, blog-source, nixpkgs, flake-utils, katex-html, resume }: outputs = { self, blog-source, nixpkgs, flake-utils, katex-html, resume }:
let flake-utils.lib.eachDefaultSystem (system:
buildersFor = system: import ./lib.nix { let
inherit blog-source; lib = import ./lib.nix {
pkgs = import nixpkgs { inherit system; }; inherit blog-source;
katex-html = katex-html.defaultPackage.${system}; pkgs = import nixpkgs { inherit system; };
resume = resume.defaultPackage.${system}; katex-html = katex-html.defaultPackage.${system};
}; resume = resume.defaultPackage.${system};
in };
{ in
inherit buildersFor; {
nixosModule = (import ./module.nix); inherit lib;
} // flake-utils.lib.eachDefaultSystem (system: { defaultPackage = lib.english { host = "danilafe.com"; };
defaultPackage = (buildersFor system).english { host = "danilafe.com"; }; }
}); );
} }

14
lib.nix
View File

@ -1,4 +1,4 @@
{ blog-source, pkgs, katex-html, resume }: { pkgs, blog-source, katex-html, resume }:
with pkgs; with pkgs;
with lib; with lib;
@ -29,4 +29,16 @@ in
src = blog-source; src = blog-source;
path = "."; path = ".";
}; };
virtualHostFor = package:
{
"${package.host}" = mkMerge [
{
root = package;
}
(mkIf (package.ssl) {
forceSSL = true;
enableACME = true;
})
];
};
} }

View File

@ -1,58 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.services.danilafe-blog;
sslForSite = package: package.ssl;
anySsl = any sslForSite cfg.sites;
virtualHost = package:
{
virtualHosts."${package.host}" = mkMerge [
{
root = package;
}
(mkIf (sslForSite package) {
addSSL = true;
enableACME = true;
acmeRoot = cfg.challengePath;
})
];
};
service = package:
{
# Workaround for new configuration setting all of /var to be readonly.
# See https://github.com/NixOS/nixpkgs/issues/139310
"acme-${package.host}".serviceConfig = {
ReadWritePaths = [ cfg.challengePath ];
};
};
virtualHosts = map virtualHost cfg.sites;
services = map service (filter sslForSite cfg.sites);
in
{
options.services.danilafe-blog = {
enable = mkEnableOption "Daniel's blog service";
sites = mkOption {
type = types.listOf types.package;
default = {};
description = "List of versions of this blog that should be enabled.";
};
challengePath = mkOption {
type = types.str;
description = "The location for ACME challenges.";
};
};
config.services.nginx = mkIf cfg.enable (mkMerge (virtualHosts ++ [
{
# Always enable nginx.
enable = true;
recommendedGzipSettings = true;
}
]));
config.systemd.services = mkIf cfg.enable (mkMerge services);
config.security.acme = mkIf (cfg.enable && anySsl) {
# If any site uses SSL, enable ACME and accept terms.
defaults.email = "danila.fedorin@gmail.com";
acceptTerms = true;
};
}