-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, mylibs, myconfig, ... }:
let
cfg = config.services.myWebsites;
+ makeService = name: cfg: let
+ toVhost = vhostConf: {
+ enableSSL = true;
+ sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
+ sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
+ sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+ logFormat = "combinedVhost";
+ listen = [
+ { ip = cfg.ip; port = 443; }
+ ];
+ hostName = builtins.head vhostConf.hosts;
+ serverAliases = builtins.tail vhostConf.hosts or [];
+ documentRoot = vhostConf.root;
+ extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig;
+ };
+ in rec {
+ enable = true;
+ listen = [
+ { ip = cfg.ip; port = 443; }
+ ];
+ stateDir = "/run/httpd_${name}";
+ logPerVirtualHost = true;
+ multiProcessingModule = "worker";
+ adminAddr = "httpd@immae.eu";
+ logFormat = "combinedVhost";
+ extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules);
+ extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig;
+ virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs;
+ };
+ makeServiceOptions = name: ip: {
+ enable = lib.mkEnableOption "enable websites in ${name}";
+ ip = lib.mkOption {
+ type = lib.types.string;
+ default = ip;
+ description = "${name} ip to listen to";
+ };
+ modules = lib.mkOption {
+ type = lib.types.listOf (lib.types.str);
+ default = [];
+ };
+ extraConfig = lib.mkOption {
+ type = lib.types.listOf (lib.types.lines);
+ default = [];
+ };
+ vhostConfs = lib.mkOption {
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {
+ certName = lib.mkOption { type = lib.types.string; };
+ hosts = lib.mkOption { type = lib.types.listOf lib.types.string; };
+ root = lib.mkOption { type = lib.types.nullOr lib.types.path; };
+ extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; };
+ };
+ });
+ };
+ };
in
{
imports = [
./websites/aten.nix
./websites/piedsjaloux.nix
./websites/connexionswing.nix
+ # built using:
+ # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix
+ # And removed users / groups
+ ./websites/apache/httpd_prod.nix
+ ./websites/apache/httpd_inte.nix
];
options.services.myWebsites = {
- production = {
- enable = lib.mkEnableOption "enable websites in production";
- };
-
- integration = {
- enable = lib.mkEnableOption "enable websites in integration";
- };
+ production = makeServiceOptions "production" myconfig.ips.production;
+ integration = makeServiceOptions "integration" myconfig.ips.integration;
apacheConfig = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
'';
};
};
+
+ # FIXME: logrotate
+ # FIXME: ipv6
+ services.httpdProd = makeService "production" config.services.myWebsites.production;
+ services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
+ services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
+
+ services.httpdInte = makeService "integration" config.services.myWebsites.integration;
+ services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig);
+ services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig));
};
}