diff options
author | lassulus <lass@aidsballs.de> | 2016-04-13 16:32:04 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-04-13 16:32:04 +0200 |
commit | de6e888da9ed85ebbe35fa23569fbd8617734798 (patch) | |
tree | 255d8ab908096a56f0a492e8f400677576bcad32 /lass/4lib/default.nix | |
parent | 4c4ac83e1fb21611e947c40d612d51bbab91257e (diff) |
l websites: use lists in helpers
Diffstat (limited to 'lass/4lib/default.nix')
-rw-r--r-- | lass/4lib/default.nix | 53 |
1 files changed, 13 insertions, 40 deletions
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 22a8c3c6e..7949154a0 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,31 +7,6 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - manageCert = domain: - { - security.acme = { - certs."${domain}" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/challenges/${domain}"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - }; - }; - - krebs.nginx.servers."${domain}" = { - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/${domain}/; - '') - ]; - }; - }; - manageCerts = domains: let domain = head domains; @@ -60,11 +35,11 @@ rec { }; }; - ssl = domain: + ssl = domains: { imports = [ - ( manageCert domain ) - ( activateACME domain ) + ( manageCerts domains ) + ( activateACME (head domains) ) ]; }; @@ -79,13 +54,12 @@ rec { }; }; - servePage = domain: - { + servePage = domains: + let + domain = head domains; + in { krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; + server-names = domains; locations = [ (nameValuePair "/" '' root /srv/http/${domain}; @@ -94,13 +68,12 @@ rec { }; }; - serveOwncloud = domain: - { + serveOwncloud = domains: + let + domain = head domains; + in { krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; + server-names = domains; extraConfig = '' # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; |