+ ) cfg.env;
+
+ config.services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ "httpd${icfg.httpdName}" {
+ paths = icfg.watchPaths;
+ waitTime = 5;
+ }
+ ) cfg.env;
+
+ config.security.acme.certs = let
+ typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;
+ flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
+ attrValues v.vhostConfs
+ ) typesToManage);
+ groupedCerts = attrsets.filterAttrs
+ (_: group: builtins.any (v: v.addToCerts || !isNull v.certMainHost) group)
+ (lists.groupBy (v: v.certName) flatVhosts);
+ groupToDomain = group:
+ let
+ nonNull = builtins.filter (v: !isNull v.certMainHost) group;
+ domains = lists.unique (map (v: v.certMainHost) nonNull);
+ in
+ if builtins.length domains == 0
+ then null
+ else assert (builtins.length domains == 1); (elemAt domains 0);
+ extraDomains = group:
+ let
+ mainDomain = groupToDomain group;
+ in
+ lists.remove mainDomain (
+ lists.unique (
+ lists.flatten (map (c: optionals (c.addToCerts || !isNull c.certMainHost) c.hosts) group)
+ )
+ );
+ in attrsets.mapAttrs (k: g:
+ if (!isNull (groupToDomain g))
+ then cfg.certs // {
+ domain = groupToDomain g;
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ else {
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ ) groupedCerts;
+
+ config.systemd.services = let
+ package = httpdName: config.services.httpd.${httpdName}.package.out;
+ cfgFile = httpdName: config.services.httpd.${httpdName}.configFile;
+ serviceChange = attrsets.mapAttrs' (name: icfg:
+ attrsets.nameValuePair
+ "httpd${icfg.httpdName}" {
+ stopIfChanged = false;
+ serviceConfig.ExecStart =
+ lib.mkForce "@${package icfg.httpdName}/bin/httpd httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf";
+ serviceConfig.ExecStop =
+ lib.mkForce "${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -k graceful-stop";
+ serviceConfig.ExecReload =
+ lib.mkForce "${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -k graceful";
+ }
+ ) cfg.env;
+ serviceReload = attrsets.mapAttrs' (name: icfg:
+ attrsets.nameValuePair
+ "httpd${icfg.httpdName}-config-reload" {
+ wants = [ "httpd${icfg.httpdName}.service" ];
+ wantedBy = [ "multi-user.target" ];
+ restartTriggers = [ (cfgFile icfg.httpdName) ];
+ # commented, because can cause extra delays during activate for this config:
+ # services.nginx.virtualHosts."_".locations."/".proxyPass = "http://blabla:3000";
+ # stopIfChanged = false;
+ serviceConfig.Type = "oneshot";
+ serviceConfig.TimeoutSec = 60;
+ script = ''
+ if ${pkgs.systemd}/bin/systemctl -q is-active httpd${icfg.httpdName}.service ; then
+ ${package icfg.httpdName}/bin/httpd -f /etc/httpd/httpd_${icfg.httpdName}.conf -t && \
+ ${pkgs.systemd}/bin/systemctl reload httpd${icfg.httpdName}.service
+ fi
+ '';
+ serviceConfig.RemainAfterExit = true;
+ }
+ ) cfg.env;
+ in
+ serviceChange // serviceReload;