Browse Source

Try derive hosts from derivation, too

master
Danila Fedorin 10 months ago
parent
commit
540887a5e9
  1. 17
      lib.nix
  2. 26
      module.nix

17
lib.nix

@ -5,17 +5,14 @@ with pkgs;
let
requiredPackages = import ./required-packages.nix { inherit pkgs nodejs; };
website = settings: stdenv.mkDerivation {
inherit (settings) src ssl host;
name = "blog-static";
version = settings.source.rev;
src = settings.source;
ssl = settings.ssl;
version = settings.src.rev;
urlSub =
let
regexEscape = lib.escape [ "/" "(" ")" "[" "]" "+" "*" "\\" ];
in
if (settings ? replaceUrl)
then (with settings.replaceUrl; "s/${regexEscape from}/${regexEscape to}/g")
else "";
with settings.replaceUrl; "s/${regexEscape from}/${regexEscape to}/g";
publicPath = settings.path;
extraFlags = if settings.drafts then " -D " else "";
builder = ./build/builder.sh;
@ -29,13 +26,14 @@ let
(ruby.withPackages (ps: [ ps.nokogiri ]))
];
};
wrapHost = ssl: host: (if ssl then "https" else "http") + "//${host}";
wrapHost = ssl: host: (if ssl then "https" else "http") + "://${host}";
in
{
english = settings: website {
inherit (settings) host;
ssl = settings.ssl or false;
drafts = settings.drafts or false;
source = blog-source;
src = blog-source;
path = ".";
replaceUrl = {
from = "https://danilafe.com";
@ -43,9 +41,10 @@ in
};
};
russian = settings: website {
inherit (settings) host;
ssl = settings.ssl or false;
drafts = settings.drafts or false;
source = blog-source-localized;
src = blog-source-localized;
path = "ru";
replaceUrl = {
from = "https://ru.danilafe.com";

26
module.nix

@ -2,39 +2,39 @@
with lib;
let
cfg = config.services.danilafe-blog;
sslForDomain = domain: package: package.ssl;
anySsl = any id (mapAttrsToList sslForDomain cfg.domains);
virtualHost = domain: package:
sslForSite = package: package.ssl;
anySsl = any sslForSite cfg.sites;
virtualHost = package:
{
virtualHosts."${domain}" = mkMerge [
virtualHosts."${package.host}" = mkMerge [
{
root = package;
}
(mkIf (sslForDomain domain package) {
(mkIf (sslForSite package) {
addSSL = true;
enableACME = true;
acmeRoot = cfg.challengePath;
})
];
};
service = domain: package:
service = package:
{
# Workaround for new configuration setting all of /var to be readonly.
# See https://github.com/NixOS/nixpkgs/issues/139310
"acme-${domain}".serviceConfig = {
"acme-${package.host}".serviceConfig = {
ReadWritePaths = [ cfg.challengePath ];
};
};
virtualHosts = mapAttrsToList virtualHost cfg.domains;
services = mapAttrsToList service (filterAttrs sslForDomain cfg.domains);
virtualHosts = map virtualHost cfg.sites;
services = map service (filter sslForSite cfg.sites);
in
{
options.services.danilafe-blog = {
enable = mkEnableOption "Daniel's blog service";
domains = mkOption {
type = types.attrsOf types.package;
sites = mkOption {
type = types.listOf types.package;
default = {};
description = "Attribute set where keys are domains and values are packages to host there.";
description = "List of versions of this blog that should be enabled.";
};
challengePath = mkOption {
type = types.str;
@ -51,7 +51,7 @@ in
]));
config.systemd.services = mkIf cfg.enable (mkMerge services);
config.security.acme = mkIf (cfg.enable && anySsl) {
# If any domain uses SSL, enable ACME and accept terms.
# If any site uses SSL, enable ACME and accept terms.
email = "danila.fedorin@gmail.com";
acceptTerms = true;
};

Loading…
Cancel
Save