diff options
Diffstat (limited to 'makefu/2configs/nginx/euer.blog.nix')
| -rw-r--r-- | makefu/2configs/nginx/euer.blog.nix | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index e97050ec4..c6724c617 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -5,14 +5,40 @@ let sec = toString <secrets>; ssl_cert = "${sec}/wildcard.krebsco.de.crt"; ssl_key = "${sec}/wildcard.krebsco.de.key"; - hostname = krebs.build.host.name; + hostname = config.krebs.build.host.name; + user = config.services.nginx.user; + group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + internal-ip = head config.krebs.build.host.nets.retiolum.addrs4; + base-dir = "/var/www/blog.euer"; in { + # Prepare Blog directory + systemd.services.prepare-euer-blog = { + wantedBy = [ "local-fs.target" ]; + before = [ "nginx.service" ]; + serviceConfig = { + # do nothing if the base dir already exists + ExecStart = pkgs.writeScript "prepare-euer-blog-service" '' + #!/bin/sh + if ! test -d "${base-dir}" ;then + mkdir -p "${base-dir}" + chown ${user}:${group} "${base-dir}" + chmod 700 "${base-dir}" + fi + ''; + Type = "oneshot"; + RemainAfterExit = "yes"; + TimeoutSec = "0"; + }; + }; + krebs.nginx = { enable = mkDefault true; servers = { euer-blog = { - listen = [ "80" "443 ssl" ]; - server-names = [ "euer.krebsco.de" "euer.blog.krebsco.de" "blog.${hostname}" ]; + listen = [ "${external-ip}:80" "${external-ip}:443 ssl" + "${internal-ip}:80" "${internal-ip}:443 ssl" ]; + server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ]; extraConfig = '' gzip on; gzip_buffers 4 32k; @@ -22,7 +48,7 @@ in { default_type text/plain; ''; locations = singleton (nameValuePair "/" '' - root /var/www/euer.blog/; + root ${base-dir}; ''); }; }; |