Remove module in favor of letting system configure nginx
This commit is contained in:
parent
d44e5fc12f
commit
211237d9be
|
@ -3,11 +3,11 @@
|
||||||
"blog-source": {
|
"blog-source": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1676875795,
|
"lastModified": 1681105957,
|
||||||
"narHash": "sha256-MnzRvG3Ct7D+zU1vwpLGMAe5Zoz/Y0WQRnZh7Ts40/s=",
|
"narHash": "sha256-9cjA5X5ZP4FkT48L2kHoujyB9l4WRnagdo5Sa+mKxHY=",
|
||||||
"ref": "master",
|
"ref": "master",
|
||||||
"rev": "cc2b5ef918ad8da4c1fe84be34e42a53627f9c7b",
|
"rev": "a71c0c4e74d881af8631b17947ebe4bcb5c4ce0e",
|
||||||
"revCount": 628,
|
"revCount": 634,
|
||||||
"submodules": true,
|
"submodules": true,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://dev.danilafe.com/Web-Projects/blog-static.git"
|
"url": "https://dev.danilafe.com/Web-Projects/blog-static.git"
|
||||||
|
|
28
flake.nix
28
flake.nix
|
@ -13,18 +13,18 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, blog-source, nixpkgs, flake-utils, katex-html, resume }:
|
outputs = { self, blog-source, nixpkgs, flake-utils, katex-html, resume }:
|
||||||
let
|
flake-utils.lib.eachDefaultSystem (system:
|
||||||
buildersFor = system: import ./lib.nix {
|
let
|
||||||
inherit blog-source;
|
lib = import ./lib.nix {
|
||||||
pkgs = import nixpkgs { inherit system; };
|
inherit blog-source;
|
||||||
katex-html = katex-html.defaultPackage.${system};
|
pkgs = import nixpkgs { inherit system; };
|
||||||
resume = resume.defaultPackage.${system};
|
katex-html = katex-html.defaultPackage.${system};
|
||||||
};
|
resume = resume.defaultPackage.${system};
|
||||||
in
|
};
|
||||||
{
|
in
|
||||||
inherit buildersFor;
|
{
|
||||||
nixosModule = (import ./module.nix);
|
inherit lib;
|
||||||
} // flake-utils.lib.eachDefaultSystem (system: {
|
defaultPackage = lib.english { host = "danilafe.com"; };
|
||||||
defaultPackage = (buildersFor system).english { host = "danilafe.com"; };
|
}
|
||||||
});
|
);
|
||||||
}
|
}
|
||||||
|
|
14
lib.nix
14
lib.nix
|
@ -1,4 +1,4 @@
|
||||||
{ blog-source, pkgs, katex-html, resume }:
|
{ pkgs, blog-source, katex-html, resume }:
|
||||||
|
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with lib;
|
with lib;
|
||||||
|
@ -29,4 +29,16 @@ in
|
||||||
src = blog-source;
|
src = blog-source;
|
||||||
path = ".";
|
path = ".";
|
||||||
};
|
};
|
||||||
|
virtualHostFor = package:
|
||||||
|
{
|
||||||
|
"${package.host}" = mkMerge [
|
||||||
|
{
|
||||||
|
root = package;
|
||||||
|
}
|
||||||
|
(mkIf (package.ssl) {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
58
module.nix
58
module.nix
|
@ -1,58 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.services.danilafe-blog;
|
|
||||||
sslForSite = package: package.ssl;
|
|
||||||
anySsl = any sslForSite cfg.sites;
|
|
||||||
virtualHost = package:
|
|
||||||
{
|
|
||||||
virtualHosts."${package.host}" = mkMerge [
|
|
||||||
{
|
|
||||||
root = package;
|
|
||||||
}
|
|
||||||
(mkIf (sslForSite package) {
|
|
||||||
addSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
acmeRoot = cfg.challengePath;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
|
||||||
service = package:
|
|
||||||
{
|
|
||||||
# Workaround for new configuration setting all of /var to be readonly.
|
|
||||||
# See https://github.com/NixOS/nixpkgs/issues/139310
|
|
||||||
"acme-${package.host}".serviceConfig = {
|
|
||||||
ReadWritePaths = [ cfg.challengePath ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
virtualHosts = map virtualHost cfg.sites;
|
|
||||||
services = map service (filter sslForSite cfg.sites);
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.danilafe-blog = {
|
|
||||||
enable = mkEnableOption "Daniel's blog service";
|
|
||||||
sites = mkOption {
|
|
||||||
type = types.listOf types.package;
|
|
||||||
default = {};
|
|
||||||
description = "List of versions of this blog that should be enabled.";
|
|
||||||
};
|
|
||||||
challengePath = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
description = "The location for ACME challenges.";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config.services.nginx = mkIf cfg.enable (mkMerge (virtualHosts ++ [
|
|
||||||
{
|
|
||||||
# Always enable nginx.
|
|
||||||
enable = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
}
|
|
||||||
]));
|
|
||||||
config.systemd.services = mkIf cfg.enable (mkMerge services);
|
|
||||||
config.security.acme = mkIf (cfg.enable && anySsl) {
|
|
||||||
# If any site uses SSL, enable ACME and accept terms.
|
|
||||||
defaults.email = "danila.fedorin@gmail.com";
|
|
||||||
acceptTerms = true;
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user