X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=virtual%2Fmodules%2Fwebsites.nix;h=cbd7de07926b4083694ba690e2c36c86774d653b;hb=f8bde3d6d31da84b5e81bdfc4f96efdf6bec3df2;hp=62f45d9a016e8b69e268cf3a8912f1987f6e0625;hpb=42429ef0756d9ee41cf0ff0b38210edb3b1637e5;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/virtual/modules/websites.nix b/virtual/modules/websites.nix index 62f45d9..cbd7de0 100644 --- a/virtual/modules/websites.nix +++ b/virtual/modules/websites.nix @@ -1,6 +1,61 @@ -{ lib, pkgs, config, mylibs, ... }: +{ lib, pkgs, config, mylibs, myconfig, ... }: let cfg = config.services.myWebsites; + makeService = name: cfg: let + toVhost = vhostConf: { + enableSSL = true; + sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; + sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; + sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem"; + logFormat = "combinedVhost"; + listen = [ + { ip = cfg.ip; port = 443; } + ]; + hostName = builtins.head vhostConf.hosts; + serverAliases = builtins.tail vhostConf.hosts or []; + documentRoot = vhostConf.root; + extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; + }; + in rec { + enable = true; + listen = [ + { ip = cfg.ip; port = 443; } + ]; + stateDir = "/run/httpd_${name}"; + logPerVirtualHost = true; + multiProcessingModule = "worker"; + adminAddr = "httpd@immae.eu"; + logFormat = "combinedVhost"; + extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); + extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; + virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs; + }; + makeServiceOptions = name: ip: { + enable = lib.mkEnableOption "enable websites in ${name}"; + ip = lib.mkOption { + type = lib.types.string; + default = ip; + description = "${name} ip to listen to"; + }; + modules = lib.mkOption { + type = lib.types.listOf (lib.types.str); + default = []; + }; + extraConfig = lib.mkOption { + type = lib.types.listOf (lib.types.lines); + default = []; + }; + vhostConfs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options = { + certName = lib.mkOption { type = lib.types.string; }; + hosts = lib.mkOption { type = lib.types.listOf lib.types.string; }; + root = lib.mkOption { type = lib.types.nullOr lib.types.path; }; + extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; }; + }; + }); + }; + }; in { imports = [ @@ -9,16 +64,16 @@ in ./websites/aten.nix ./websites/piedsjaloux.nix ./websites/connexionswing.nix + # built using: + # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix + # And removed users / groups + ./websites/apache/httpd_prod.nix + ./websites/apache/httpd_inte.nix ]; options.services.myWebsites = { - production = { - enable = lib.mkEnableOption "enable websites in production"; - }; - - integration = { - enable = lib.mkEnableOption "enable websites in integration"; - }; + production = makeServiceOptions "production" myconfig.ips.production; + integration = makeServiceOptions "integration" myconfig.ips.integration; apacheConfig = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule { @@ -111,5 +166,15 @@ in ''; }; }; + + # FIXME: logrotate + # FIXME: ipv6 + services.httpdProd = makeService "production" config.services.myWebsites.production; + services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); + services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); + + services.httpdInte = makeService "integration" config.services.myWebsites.integration; + services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); + services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); }; }