msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f4924eeb5944e323b33c5a5698c118748be96adf
sydnix/modules/nixos/deertopia/nginx.nix
Madeleine Sydney f4924eeb59 refactor: Modularise Nginx vhosts
2025-01-20 03:37:22 -07:00

120 lines
3.2 KiB
Nix
Raw Blame History

{ config, lib, options, pkgs, ... }:
let
cfg = config.sydnix.deertopia.nginx;
in
{
options.sydnix.deertopia.nginx = {
enable = lib.mkEnableOption "Nginx";
root = lib.mkOption {
type = lib.types.path;
description = "deertopia.net's root directory.";
default = "/persist/deertopia.net";
};
group = lib.mkOption {
type = lib.types.str;
description =
"The owning group of deertopia.net's root directory.";
default = "nginx";
};
user = lib.mkOption {
type = lib.types.str;
description =
"The owning user of deertopia.net's root directory.";
default = "nginx";
};
vhosts = lib.mkOption {
# NOTE: `name` shouldn't contain spaces.
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
enable = lib.mkOption {
description = "Enable ${name}.deertopia.net.";
default = true;
type = lib.types.boolean;
};
directory = lib.mkOption {
description = "Host's root directory.";
type = lib.types.str;
default = "${cfg.root}/${name}";
};
vhostName = lib.mkOption {
type = lib.types.str;
default = "${name}.deertopia.net";
};
vhost = lib.mkOption {
description = ''
Virtual host settings, passed directly to the NixOS's Nginx
module.
'';
type = lib.types.anything;
};
};
}));
};
};
config = lib.mkIf cfg.enable {
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
];
# With this section, virtual hosts declared through the Nginx NixOS module
# will automatically request ACME SSL certificates and configure systemd
# timers to renew the certificate if required. See the article on the NixOS
# wiki, from which I've nabbed the following snippet:
# https://nixos.wiki/wiki/Nginx#Let.27s_Encrypt_certificates
security.acme = {
acceptTerms = true;
defaults.email = "lomiskiam@gmail.com";
};
services.nginx.virtualHosts =
builtins.listToAttrs
(builtins.map
(k: {
name = cfg.vhosts.${k}.vhostName;
value = cfg.vhosts.${k}.vhost // {
root = cfg.vhosts.${k}.directory;
};
})
(builtins.attrNames cfg.vhosts));
# services.nginx.virtualHosts."deertopia.net" = {
# root = "${cfg.www.root}/www";
# # addSSL = true;
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# index = "index.html";
# };
# };
system.activationScripts.initialiseDeertopiaRoot.text =
let
directories =
builtins.catAttrs "directory" (builtins.attrValues cfg.vhosts);
inherit (cfg) root group user;
in ''
mkdir -p "${root}"
chown -R "${user}:${group}" "${root}"
chmod -R 775 "${root}"
dirs=(${builtins.concatStringsSep " " (map (x: "'${x}'") directories)})
for i in "''${dirs[@]}"; do
mkdir -p "$i"
chown -R "${user}:${group}" "$i"
chmod -R 775 "$i"
done
'';
};
}
Reference in New Issue View Git Blame Copy Permalink