Rewrite module to set more specific config attributes
This commit is contained in:
parent
1d16448fbf
commit
ec3261394b
34
module.nix
34
module.nix
|
|
@ -4,9 +4,9 @@ let
|
||||||
cfg = config.services.danilafe-blog;
|
cfg = config.services.danilafe-blog;
|
||||||
sslForDomain = domain: (cfg.ssl == true) || (cfg.ssl."${domain}" or false);
|
sslForDomain = domain: (cfg.ssl == true) || (cfg.ssl."${domain}" or false);
|
||||||
anySsl = any (mapAttrsToList (domain: pkg: sslForDomain domain) cfg.domains);
|
anySsl = any (mapAttrsToList (domain: pkg: sslForDomain domain) cfg.domains);
|
||||||
virtualHost = domain: package: mkMerge [
|
virtualHost = domain: package:
|
||||||
{
|
{
|
||||||
services.nginx.virtualHosts."${domain}" = mkMerge [
|
virtualHosts."${domain}" = mkMerge [
|
||||||
{
|
{
|
||||||
root = package;
|
root = package;
|
||||||
}
|
}
|
||||||
|
|
@ -16,16 +16,17 @@ let
|
||||||
acmeRoot = cfg.challengePath;
|
acmeRoot = cfg.challengePath;
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
}
|
};
|
||||||
(mkIf (sslForDomain domain) {
|
service = domain:
|
||||||
|
{
|
||||||
# Workaround for new configuration setting all of /var to be readonly.
|
# Workaround for new configuration setting all of /var to be readonly.
|
||||||
# See https://github.com/NixOS/nixpkgs/issues/139310
|
# See https://github.com/NixOS/nixpkgs/issues/139310
|
||||||
systemd.services."acme-${cfg.domain}".serviceConfig = {
|
"acme-${domain}".serviceConfig = {
|
||||||
ReadWritePaths = [ cfg.challengePath ];
|
ReadWritePaths = [ cfg.challengePath ];
|
||||||
};
|
};
|
||||||
})
|
};
|
||||||
];
|
virtualHosts = mapAttrsToList virtualHost cfg.domains;
|
||||||
virtualHosts = []; # mapAttrsToList virtualHost cfg.domains;
|
services = map service (filter sslForDomain (attrNames cfg.domains));
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.danilafe-blog = {
|
options.services.danilafe-blog = {
|
||||||
|
|
@ -45,16 +46,17 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable (mkMerge (virtualHosts ++ [
|
config.services.nginx = mkIf cfg.enable (mkMerge (virtualHosts ++ [
|
||||||
{
|
{
|
||||||
# Always enable nginx.
|
# Always enable nginx.
|
||||||
services.nginx.enable = true;
|
enable = true;
|
||||||
services.nginx.recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
}
|
}
|
||||||
(mkIf anySsl {
|
|
||||||
# If any domain uses SSL, enable ACME and accept terms.
|
|
||||||
security.acme.email = "danila.fedorin@gmail.com";
|
|
||||||
security.acme.acceptTerms = true;
|
|
||||||
})
|
|
||||||
]));
|
]));
|
||||||
|
config.systemd.services = mkIf cfg.enable (mkMerge services);
|
||||||
|
config.security.acme = mkIf (cfg.enable && anySsl) {
|
||||||
|
# If any domain uses SSL, enable ACME and accept terms.
|
||||||
|
security.acme.email = "danila.fedorin@gmail.com";
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue