cfg = config.services.websites;
in
{
+ options.services.websitesCerts = mkOption {
+ description = "Default websites configuration for certificates as accepted by acme";
+ };
options.services.websites = with types; mkOption {
default = {};
description = "Each type of website to enable will target a distinct httpd server";
type = attrsOf (submodule {
options = {
certName = mkOption { type = string; };
+ addToCerts = mkOption {
+ type = bool;
+ default = false;
+ description = "Use these to certificates. Is ignored (considered true) if certMainHost is not null";
+ };
+ certMainHost = mkOption {
+ type = nullOr string;
+ description = "Use that host as 'main host' for acme certs";
+ default = null;
+ };
hosts = mkOption { type = listOf string; };
root = mkOption { type = nullOr path; };
extraConfig = mkOption { type = listOf lines; default = []; };
++ [ (redirectVhost icfg.ips) ];
})
) cfg;
+
+ config.security.acme.certs = let
+ typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg;
+ flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
+ attrValues v.vhostConfs
+ ) typesToManage);
+ groupedCerts = attrsets.filterAttrs
+ (_: group: builtins.any (v: v.addToCerts || !isNull v.certMainHost) group)
+ (lists.groupBy (v: v.certName) flatVhosts);
+ groupToDomain = group:
+ let
+ nonNull = builtins.filter (v: !isNull v.certMainHost) group;
+ domains = lists.unique (map (v: v.certMainHost) nonNull);
+ in
+ if builtins.length domains == 0
+ then null
+ else assert (builtins.length domains == 1); (elemAt domains 0);
+ extraDomains = group:
+ let
+ mainDomain = groupToDomain group;
+ in
+ lists.remove mainDomain (
+ lists.unique (
+ lists.flatten (map (c: optionals (c.addToCerts || !isNull c.certMainHost) c.hosts) group)
+ )
+ );
+ in attrsets.mapAttrs (k: g:
+ if (!isNull (groupToDomain g))
+ then config.services.websitesCerts // {
+ domain = groupToDomain g;
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ else {
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ ) groupedCerts;
}
};
config = {
+ services.websitesCerts = config.services.myCertificates.certConfig;
+
security.acme.preliminarySelfsigned = true;
security.acme.certs = {
SetEnv TASKD_LDAP_FILTER "${env.ldap.search}"
'';
}];
- security.acme.certs."eldiron".extraDomains.${fqdn} = null;
services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
services.websites.tools.vhostConfs.task = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "task.immae.eu" ];
root = "/run/current-system/webapps/_task";
extraConfig = [ ''
secrets.keys = aten_prod.keys;
services.webstats.sites = [ { name = "aten.pro"; } ];
- security.acme.certs."aten" = config.services.myCertificates.certConfig // {
- domain = "aten.pro";
- extraDomains = {
- "www.aten.pro" = null;
- };
- };
-
services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
'';
services.websites.production.modules = aten_prod.apache.modules;
services.websites.production.vhostConfs.aten = {
- certName = "aten";
- hosts = [ "aten.pro" "www.aten.pro" ];
- root = aten_prod.apache.root;
- extraConfig = [ aten_prod.apache.vhostConf ];
+ certName = "aten";
+ certMainHost = "aten.pro";
+ hosts = [ "aten.pro" "www.aten.pro" ];
+ root = aten_prod.apache.root;
+ extraConfig = [ aten_prod.apache.vhostConf ];
};
})
(lib.mkIf cfg.integration.enable {
secrets.keys = aten_dev.keys;
- security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
services.websites.integration.modules = aten_dev.apache.modules;
services.websites.integration.vhostConfs.aten = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "dev.aten.pro" ];
root = aten_dev.apache.root;
extraConfig = [ aten_dev.apache.vhostConf ];
};
config = lib.mkIf cfg.production.enable {
- security.acme.certs."capitaines" = config.services.myCertificates.certConfig // {
- domain = "mastodon.capitaines.fr";
- extraDomains = { "capitaines.fr" = null; };
- };
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
ln -s ${siteDir} $out/webapps/${webappName}
'';
services.websites.production.vhostConfs.capitaines_mastodon = {
- certName = "capitaines";
- hosts = [ "mastodon.capitaines.fr" ];
- root = root;
- extraConfig = [
+ certName = "capitaines";
+ certMainHost = "mastodon.capitaines.fr";
+ hosts = [ "mastodon.capitaines.fr" ];
+ root = root;
+ extraConfig = [
''
ErrorDocument 404 /index.html
<Directory ${root}>
};
services.websites.production.vhostConfs.capitaines = {
- certName = "capitaines";
- hosts = [ "capitaines.fr" ];
- root = "/run/current-system/webapps/_www";
+ certName = "capitaines";
+ addToCerts = true;
+ hosts = [ "capitaines.fr" ];
+ root = "/run/current-system/webapps/_www";
extraConfig = [ ''
<Directory /run/current-system/webapps/_www>
DirectoryIndex index.htm
secrets.keys = chloe_prod.keys;
services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
- security.acme.certs."chloe" = config.services.myCertificates.certConfig // {
- domain = "osteopathe-cc.fr";
- extraDomains = {
- "www.osteopathe-cc.fr" = null;
- };
- };
-
services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
services.myPhpfpm.poolPhpConfigs.chloe_prod = ''
'';
services.websites.production.modules = chloe_prod.apache.modules;
services.websites.production.vhostConfs.chloe = {
- certName = "chloe";
- hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
- root = chloe_prod.apache.root;
- extraConfig = [ chloe_prod.apache.vhostConf ];
+ certName = "chloe";
+ certMainHost = "osteopathe-cc.fr";
+ hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
+ root = chloe_prod.apache.root;
+ extraConfig = [ chloe_prod.apache.vhostConf ];
};
})
(lib.mkIf cfg.integration.enable {
secrets.keys = chloe_dev.keys;
- security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
services.myPhpfpm.poolPhpConfigs.chloe_dev = ''
services.websites.integration.modules = chloe_dev.apache.modules;
services.websites.integration.vhostConfs.chloe = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["chloe.immae.eu" ];
root = chloe_dev.apache.root;
extraConfig = [ chloe_dev.apache.vhostConf ];
secrets.keys = connexionswing_prod.keys;
services.webstats.sites = [ { name = "connexionswing.com"; } ];
- security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
- domain = "connexionswing.com";
- extraDomains = {
- "www.connexionswing.com" = null;
- "sandetludo.com" = null;
- "www.sandetludo.com" = null;
- };
- };
-
services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
'';
services.websites.production.modules = connexionswing_prod.apache.modules;
services.websites.production.vhostConfs.connexionswing = {
- certName = "connexionswing";
- hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
- root = connexionswing_prod.apache.root;
- extraConfig = [ connexionswing_prod.apache.vhostConf ];
+ certName = "connexionswing";
+ certMainHost = "connexionswing.com";
+ hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
+ root = connexionswing_prod.apache.root;
+ extraConfig = [ connexionswing_prod.apache.vhostConf ];
};
})
(lib.mkIf cfg.integration.enable {
secrets.keys = connexionswing_dev.keys;
- security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
- security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
services.websites.integration.modules = connexionswing_dev.apache.modules;
services.websites.integration.vhostConfs.connexionswing = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
root = connexionswing_dev.apache.root;
extraConfig = [ connexionswing_dev.apache.vhostConf ];
};
config = lib.mkIf cfg.production.enable {
- security.acme.certs."emilia" = config.services.myCertificates.certConfig // {
- domain = "saison-photo.org";
- extraDomains = {
- "www.saison-photo.org" = null;
- };
- };
-
system.activationScripts.emilia = ''
install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
'';
ln -s ${siteDir} $out/webapps/${webappName}
'';
services.websites.production.vhostConfs.emilia = {
- certName = "emilia";
- hosts = [ "saison-photo.org" "www.saison-photo.org" ];
- root = root;
- extraConfig = [
+ certName = "emilia";
+ certMainHost = "saison-photo.org";
+ hosts = [ "saison-photo.org" "www.saison-photo.org" ];
+ root = root;
+ extraConfig = [
''
<Directory ${root}>
DirectoryIndex pause.html
config = lib.mkIf cfg.production.enable {
services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
- security.acme.certs."denisejerome" = config.services.myCertificates.certConfig // {
- domain = "denisejerome.piedsjaloux.fr";
- };
-
services.websites.production.vhostConfs.denisejerome = {
- certName = "denisejerome";
- hosts = ["denisejerome.piedsjaloux.fr" ];
- root = varDir;
- extraConfig = [
+ certName = "denisejerome";
+ certMainHost = "denisejerome.piedsjaloux.fr";
+ hosts = ["denisejerome.piedsjaloux.fr" ];
+ root = varDir;
+ extraConfig = [
''
Use Stats denisejerome.piedsjaloux.fr
config = lib.mkMerge [
(lib.mkIf cfg.production.enable {
security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
- security.acme.certs."florian" = config.services.myCertificates.certConfig // {
- domain = "tellesflorian.com";
- extraDomains = {
- "www.tellesflorian.com" = null;
- };
- };
services.websites.production.modules = adminer.apache.modules;
services.websites.production.vhostConfs.florian = {
- certName = "florian";
- hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
- root = "${varDir}/tellesflorian.com";
- extraConfig = [
+ certName = "florian";
+ certMainHost = "tellesflorian.com";
+ hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
+ root = "${varDir}/tellesflorian.com";
+ extraConfig = [
adminer.apache.vhostConf
''
ServerAdmin ${env.server_admin}
(lib.mkIf cfg.integration.enable {
security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
- security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null;
services.websites.integration.modules = adminer.apache.modules;
services.websites.integration.vhostConfs.florian = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "florian.immae.eu" ];
root = "${varDir}/florian.immae.eu";
extraConfig = [
config = lib.mkIf cfg.production.enable {
services.webstats.sites = [ { name = "www.immae.eu"; } ];
- security.acme.certs."eldiron".extraDomains."www.immae.eu" = null;
-
services.myPhpfpm.poolConfigs.immae = ''
listen = /run/phpfpm/immae.sock
user = wwwrun
services.websites.production.modules = [ "proxy_fcgi" ];
services.websites.production.vhostConfs.immae = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "www.immae.eu" ];
root = varDir;
extraConfig = [
];
};
- security.acme.certs."eldiron".extraDomains."bouya.org" = null;
- security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
services.websites.production.vhostConfs.bouya = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "bouya.org" "www.bouya.org" ];
root = null;
extraConfig = [ ''
services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
- security.acme.certs."naturaloutil" = config.services.myCertificates.certConfig // {
- domain = "naturaloutil.immae.eu";
- };
secrets.keys = [{
dest = "webapps/prod-naturaloutil";
'';
services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
services.websites.production.vhostConfs.naturaloutil = {
- certName = "naturaloutil";
- hosts = ["naturaloutil.immae.eu" ];
- root = varDir;
- extraConfig = [
+ certName = "naturaloutil";
+ certMainHost = "naturaloutil.immae.eu";
+ hosts = ["naturaloutil.immae.eu" ];
+ root = varDir;
+ extraConfig = [
adminer.apache.vhostConf
''
Use Stats naturaloutil.immae.eu
};
config = (lib.mkIf cfg.production.enable {
- security.acme.certs."leila" = config.services.myCertificates.certConfig // {
- domain = "leila.bouya.org";
- extraDomains = {
- "chorale.leila.bouya.org" = null;
- "chorale-vocanta.fr.nf" = null;
- "www.chorale-vocanta.fr.nf" = null;
- };
- };
-
services.myPhpfpm.poolConfigs.leila = ''
listen = /run/phpfpm/leila.sock
user = wwwrun
services.websites.production.modules = [ "proxy_fcgi" ];
services.websites.production.vhostConfs.leila_chorale = {
certName = "leila";
+ addToCerts = true;
hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
root = "${varDir}/Chorale";
extraConfig = [
];
};
services.websites.production.vhostConfs.leila = {
- certName = "leila";
- hosts = [ "leila.bouya.org" ];
- root = varDir;
- extraConfig = [
+ certName = "leila";
+ certMainHost = "leila.bouya.org";
+ hosts = [ "leila.bouya.org" ];
+ root = varDir;
+ extraConfig = [
''
Use Stats leila.bouya.org
<Directory ${varDir}/Chorale>
services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
- security.acme.certs."nassime" = config.services.myCertificates.certConfig // {
- domain = "nassime.bouya.org";
- };
services.websites.production.vhostConfs.nassime = {
- certName = "nassime";
- hosts = ["nassime.bouya.org" ];
- root = varDir;
- extraConfig = [
+ certName = "nassime";
+ certMainHost = "nassime.bouya.org";
+ hosts = ["nassime.bouya.org" ];
+ root = varDir;
+ extraConfig = [
''
Use Stats nassime.bouya.org
ServerAdmin ${env.server_admin}
config = lib.mkIf cfg.production.enable {
security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
- security.acme.certs."papa" = config.services.myCertificates.certConfig // {
- domain = "surveillance.maison.bbc.bouya.org";
- };
services.cron = {
systemCronJobs = let
};
services.websites.production.vhostConfs.papa = {
- certName = "papa";
- hosts = [ "surveillance.maison.bbc.bouya.org" ];
- root = varDir;
- extraConfig = [
+ certName = "papa";
+ certMainHost = "surveillance.maison.bbc.bouya.org";
+ hosts = [ "surveillance.maison.bbc.bouya.org" ];
+ root = varDir;
+ extraConfig = [
''
Use Apaxy "${varDir}" "title .duplicity-ignore"
<Directory ${varDir}>
config = lib.mkIf cfg.production.enable {
services.webstats.sites = [ { name = "release.immae.eu"; } ];
- security.acme.certs."eldiron".extraDomains."release.immae.eu" = null;
-
services.websites.production.vhostConfs.release = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "release.immae.eu" ];
root = varDir;
extraConfig = [
};
config = lib.mkIf cfg.production.enable {
- security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null;
-
services.websites.production.modules = [ "headers" ];
services.websites.production.vhostConfs.temp = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "temp.immae.eu" ];
root = varDir;
extraConfig = [
secrets.keys = ludivinecassal_prod.keys;
services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
- security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // {
- domain = "ludivinecassal.com";
- extraDomains = {
- "www.ludivinecassal.com" = null;
- };
- };
-
services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
'';
services.websites.production.modules = ludivinecassal_prod.apache.modules;
services.websites.production.vhostConfs.ludivine = {
- certName = "ludivinecassal";
- hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
- root = ludivinecassal_prod.apache.root;
- extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
+ certName = "ludivinecassal";
+ certMainHost = "ludivinecassal.com";
+ hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
+ root = ludivinecassal_prod.apache.root;
+ extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
};
})
(lib.mkIf cfg.integration.enable {
secrets.keys = ludivinecassal_dev.keys;
- security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps;
services.websites.integration.modules = ludivinecassal_dev.apache.modules;
services.websites.integration.vhostConfs.ludivine = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "ludivine.immae.eu" ];
root = ludivinecassal_dev.apache.root;
extraConfig = [ ludivinecassal_dev.apache.vhostConf ];
secrets.keys = piedsjaloux_prod.keys;
services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
- security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // {
- domain = "piedsjaloux.fr";
- extraDomains = {
- "www.piedsjaloux.fr" = null;
- };
- };
-
services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
'';
services.websites.production.modules = piedsjaloux_prod.apache.modules;
services.websites.production.vhostConfs.piedsjaloux = {
- certName = "piedsjaloux";
- hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
- root = piedsjaloux_prod.apache.root;
- extraConfig = [ piedsjaloux_prod.apache.vhostConf ];
+ certName = "piedsjaloux";
+ certMainHost = "piedsjaloux.fr";
+ hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
+ root = piedsjaloux_prod.apache.root;
+ extraConfig = [ piedsjaloux_prod.apache.vhostConf ];
};
})
(lib.mkIf cfg.integration.enable {
secrets.keys = piedsjaloux_dev.keys;
- security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
services.websites.integration.modules = piedsjaloux_dev.apache.modules;
services.websites.integration.vhostConfs.piedsjaloux = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "piedsjaloux.immae.eu" ];
root = piedsjaloux_dev.apache.root;
extraConfig = [ piedsjaloux_dev.apache.vhostConf ];
config = lib.mkIf cfg.integration.enable {
secrets.keys = tellesflorian_dev.keys;
- security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null;
services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart;
services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps;
services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool;
services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules;
services.websites.integration.vhostConfs.tellesflorian = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["app.tellesflorian.com" ];
root = tellesflorian_dev.apache.root;
extraConfig = [
};
config = lib.mkIf cfg.enable {
- security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null;
-
services.websites.tools.modules = [ "proxy_fcgi" ];
services.websites.tools.vhostConfs.cloud = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["cloud.immae.eu" ];
root = apacheRoot;
extraConfig = [
};
config = lib.mkIf cfg.enable {
- security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
-
secrets.keys = davical.keys;
services.websites.tools.modules = davical.apache.modules;
services.websites.tools.vhostConfs.dav = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["dav.immae.eu" ];
root = null;
extraConfig = [
};
config = lib.mkIf cfg.enable {
- security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null;
-
services.websites.tools.modules = adminer.apache.modules;
services.websites.tools.vhostConfs.db-1 = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["db-1.immae.eu" ];
root = null;
extraConfig = [ adminer.apache.vhostConf ];
services.websites.tools.modules = [
"headers" "proxy" "proxy_http"
];
- security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
'';
services.websites.tools.vhostConfs.diaspora = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "diaspora.immae.eu" ];
root = root;
extraConfig = [ ''
services.websites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
- security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
services.websites.tools.vhostConfs.etherpad-lite = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "ether.immae.eu" ];
root = null;
extraConfig = [ ''
};
config = lib.mkIf cfg.enable {
- security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
-
secrets.keys = mantisbt.keys;
services.websites.tools.modules =
gitweb.apache.modules ++
services.websites.tools.vhostConfs.git = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["git.immae.eu" ];
root = gitweb.apache.root;
extraConfig = [
services.websites.tools.modules = [
"headers" "proxy" "proxy_wstunnel" "proxy_http"
];
- security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
system.extraSystemBuilderCmds = ''
mkdir -p $out/webapps
ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon
'';
services.websites.tools.vhostConfs.mastodon = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["mastodon.immae.eu" ];
root = root;
extraConfig = [ ''
"proxy" "proxy_http"
];
users.users.wwwrun.extraGroups = [ "mediagoblin" ];
- security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
services.websites.tools.vhostConfs.mgoblin = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["mgoblin.immae.eu" ];
root = null;
extraConfig = [ ''
services.websites.tools.modules = [
"headers" "proxy" "proxy_http" "proxy_wstunnel"
];
- security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
services.websites.tools.vhostConfs.peertube = {
certName = "eldiron";
+ addToCerts = true;
hosts = [ "peertube.immae.eu" ];
root = null;
extraConfig = [ ''
};
config = lib.mkIf cfg.enable {
- security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
- security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
-
secrets.keys =
kanboard.keys
++ ldap.keys
services.websites.integration.vhostConfs.devtools = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["devtools.immae.eu" ];
root = "/var/lib/ftp/devtools.immae.eu";
extraConfig = [
services.websites.tools.vhostConfs.tools = {
certName = "eldiron";
+ addToCerts = true;
hosts = ["tools.immae.eu" ];
root = "/var/lib/ftp/tools.immae.eu";
extraConfig = [
];
};
- security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
services.websites.tools.vhostConfs.outils = {
- certName = "eldiron";
- hosts = [ "outils.immae.eu" ];
- root = null;
+ certName = "eldiron";
+ addToCerts = true;
+ hosts = [ "outils.immae.eu" ];
+ root = null;
extraConfig = [
''
RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1