aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-16 23:23:05 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-17 00:04:47 +0200
commit7df420c27ebe7daaa4fd099c457ce9a9075b840e (patch)
treeec41e01e9331652c09dc4f2ed4186ce5952c3882
parent52f45eb051df228955add90ca62de66a7ed8af34 (diff)
downloadNix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.gz
Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.zst
Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.zip
Add certificate creation and handling to websites
-rw-r--r--modules/websites/default.nix51
-rw-r--r--nixops/modules/certificates.nix2
-rw-r--r--nixops/modules/task/default.nix2
-rw-r--r--nixops/modules/websites/aten/default.nix18
-rw-r--r--nixops/modules/websites/capitaines/default.nix20
-rw-r--r--nixops/modules/websites/chloe/default.nix18
-rw-r--r--nixops/modules/websites/connexionswing/default.nix21
-rw-r--r--nixops/modules/websites/emilia/default.nix16
-rw-r--r--nixops/modules/websites/ftp/denisejerome.nix13
-rw-r--r--nixops/modules/websites/ftp/florian.nix17
-rw-r--r--nixops/modules/websites/ftp/immae.nix6
-rw-r--r--nixops/modules/websites/ftp/jerome.nix12
-rw-r--r--nixops/modules/websites/ftp/leila.nix19
-rw-r--r--nixops/modules/websites/ftp/nassime.nix12
-rw-r--r--nixops/modules/websites/ftp/papa.nix12
-rw-r--r--nixops/modules/websites/ftp/release.nix3
-rw-r--r--nixops/modules/websites/ftp/temp.nix3
-rw-r--r--nixops/modules/websites/ludivine/default.nix18
-rw-r--r--nixops/modules/websites/piedsjaloux/default.nix18
-rw-r--r--nixops/modules/websites/tellesflorian/default.nix2
-rw-r--r--nixops/modules/websites/tools/cloud.nix3
-rw-r--r--nixops/modules/websites/tools/dav/default.nix3
-rw-r--r--nixops/modules/websites/tools/db.nix3
-rw-r--r--nixops/modules/websites/tools/diaspora.nix2
-rw-r--r--nixops/modules/websites/tools/ether.nix2
-rw-r--r--nixops/modules/websites/tools/git/default.nix3
-rw-r--r--nixops/modules/websites/tools/mastodon.nix2
-rw-r--r--nixops/modules/websites/tools/mediagoblin.nix2
-rw-r--r--nixops/modules/websites/tools/peertube.nix2
-rw-r--r--nixops/modules/websites/tools/tools/default.nix13
30 files changed, 150 insertions, 168 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index 6a18c8a..b76aeea 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -3,6 +3,9 @@ let
3 cfg = config.services.websites; 3 cfg = config.services.websites;
4in 4in
5{ 5{
6 options.services.websitesCerts = mkOption {
7 description = "Default websites configuration for certificates as accepted by acme";
8 };
6 options.services.websites = with types; mkOption { 9 options.services.websites = with types; mkOption {
7 default = {}; 10 default = {};
8 description = "Each type of website to enable will target a distinct httpd server"; 11 description = "Each type of website to enable will target a distinct httpd server";
@@ -72,6 +75,16 @@ in
72 type = attrsOf (submodule { 75 type = attrsOf (submodule {
73 options = { 76 options = {
74 certName = mkOption { type = string; }; 77 certName = mkOption { type = string; };
78 addToCerts = mkOption {
79 type = bool;
80 default = false;
81 description = "Use these to certificates. Is ignored (considered true) if certMainHost is not null";
82 };
83 certMainHost = mkOption {
84 type = nullOr string;
85 description = "Use that host as 'main host' for acme certs";
86 default = null;
87 };
75 hosts = mkOption { type = listOf string; }; 88 hosts = mkOption { type = listOf string; };
76 root = mkOption { type = nullOr path; }; 89 root = mkOption { type = nullOr path; };
77 extraConfig = mkOption { type = listOf lines; default = []; }; 90 extraConfig = mkOption { type = listOf lines; default = []; };
@@ -145,4 +158,42 @@ in
145 ++ [ (redirectVhost icfg.ips) ]; 158 ++ [ (redirectVhost icfg.ips) ];
146 }) 159 })
147 ) cfg; 160 ) cfg;
161
162 config.security.acme.certs = let
163 typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg;
164 flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
165 attrValues v.vhostConfs
166 ) typesToManage);
167 groupedCerts = attrsets.filterAttrs
168 (_: group: builtins.any (v: v.addToCerts || !isNull v.certMainHost) group)
169 (lists.groupBy (v: v.certName) flatVhosts);
170 groupToDomain = group:
171 let
172 nonNull = builtins.filter (v: !isNull v.certMainHost) group;
173 domains = lists.unique (map (v: v.certMainHost) nonNull);
174 in
175 if builtins.length domains == 0
176 then null
177 else assert (builtins.length domains == 1); (elemAt domains 0);
178 extraDomains = group:
179 let
180 mainDomain = groupToDomain group;
181 in
182 lists.remove mainDomain (
183 lists.unique (
184 lists.flatten (map (c: optionals (c.addToCerts || !isNull c.certMainHost) c.hosts) group)
185 )
186 );
187 in attrsets.mapAttrs (k: g:
188 if (!isNull (groupToDomain g))
189 then config.services.websitesCerts // {
190 domain = groupToDomain g;
191 extraDomains = builtins.listToAttrs (
192 map (d: attrsets.nameValuePair d null) (extraDomains g));
193 }
194 else {
195 extraDomains = builtins.listToAttrs (
196 map (d: attrsets.nameValuePair d null) (extraDomains g));
197 }
198 ) groupedCerts;
148} 199}
diff --git a/nixops/modules/certificates.nix b/nixops/modules/certificates.nix
index 08f84fd..d648ff7 100644
--- a/nixops/modules/certificates.nix
+++ b/nixops/modules/certificates.nix
@@ -15,6 +15,8 @@
15 }; 15 };
16 16
17 config = { 17 config = {
18 services.websitesCerts = config.services.myCertificates.certConfig;
19
18 security.acme.preliminarySelfsigned = true; 20 security.acme.preliminarySelfsigned = true;
19 21
20 security.acme.certs = { 22 security.acme.certs = {
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index feb3be8..426aa68 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -101,10 +101,10 @@ in {
101 SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" 101 SetEnv TASKD_LDAP_FILTER "${env.ldap.search}"
102 ''; 102 '';
103 }]; 103 }];
104 security.acme.certs."eldiron".extraDomains.${fqdn} = null;
105 services.websites.tools.modules = [ "proxy_fcgi" "sed" ]; 104 services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
106 services.websites.tools.vhostConfs.task = { 105 services.websites.tools.vhostConfs.task = {
107 certName = "eldiron"; 106 certName = "eldiron";
107 addToCerts = true;
108 hosts = [ "task.immae.eu" ]; 108 hosts = [ "task.immae.eu" ];
109 root = "/run/current-system/webapps/_task"; 109 root = "/run/current-system/webapps/_task";
110 extraConfig = [ '' 110 extraConfig = [ ''
diff --git a/nixops/modules/websites/aten/default.nix b/nixops/modules/websites/aten/default.nix
index fd002a5..a9e75b6 100644
--- a/nixops/modules/websites/aten/default.nix
+++ b/nixops/modules/websites/aten/default.nix
@@ -25,13 +25,6 @@ in {
25 secrets.keys = aten_prod.keys; 25 secrets.keys = aten_prod.keys;
26 services.webstats.sites = [ { name = "aten.pro"; } ]; 26 services.webstats.sites = [ { name = "aten.pro"; } ];
27 27
28 security.acme.certs."aten" = config.services.myCertificates.certConfig // {
29 domain = "aten.pro";
30 extraDomains = {
31 "www.aten.pro" = null;
32 };
33 };
34
35 services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart; 28 services.myPhpfpm.preStart.aten_prod = aten_prod.phpFpm.preStart;
36 services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps; 29 services.myPhpfpm.serviceDependencies.aten_prod = aten_prod.phpFpm.serviceDeps;
37 services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool; 30 services.myPhpfpm.poolConfigs.aten_prod = aten_prod.phpFpm.pool;
@@ -42,15 +35,15 @@ in {
42 ''; 35 '';
43 services.websites.production.modules = aten_prod.apache.modules; 36 services.websites.production.modules = aten_prod.apache.modules;
44 services.websites.production.vhostConfs.aten = { 37 services.websites.production.vhostConfs.aten = {
45 certName = "aten"; 38 certName = "aten";
46 hosts = [ "aten.pro" "www.aten.pro" ]; 39 certMainHost = "aten.pro";
47 root = aten_prod.apache.root; 40 hosts = [ "aten.pro" "www.aten.pro" ];
48 extraConfig = [ aten_prod.apache.vhostConf ]; 41 root = aten_prod.apache.root;
42 extraConfig = [ aten_prod.apache.vhostConf ];
49 }; 43 };
50 }) 44 })
51 (lib.mkIf cfg.integration.enable { 45 (lib.mkIf cfg.integration.enable {
52 secrets.keys = aten_dev.keys; 46 secrets.keys = aten_dev.keys;
53 security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
54 services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart; 47 services.myPhpfpm.preStart.aten_dev = aten_dev.phpFpm.preStart;
55 services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps; 48 services.myPhpfpm.serviceDependencies.aten_dev = aten_dev.phpFpm.serviceDeps;
56 services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool; 49 services.myPhpfpm.poolConfigs.aten_dev = aten_dev.phpFpm.pool;
@@ -62,6 +55,7 @@ in {
62 services.websites.integration.modules = aten_dev.apache.modules; 55 services.websites.integration.modules = aten_dev.apache.modules;
63 services.websites.integration.vhostConfs.aten = { 56 services.websites.integration.vhostConfs.aten = {
64 certName = "eldiron"; 57 certName = "eldiron";
58 addToCerts = true;
65 hosts = [ "dev.aten.pro" ]; 59 hosts = [ "dev.aten.pro" ];
66 root = aten_dev.apache.root; 60 root = aten_dev.apache.root;
67 extraConfig = [ aten_dev.apache.vhostConf ]; 61 extraConfig = [ aten_dev.apache.vhostConf ];
diff --git a/nixops/modules/websites/capitaines/default.nix b/nixops/modules/websites/capitaines/default.nix
index 0d85266..4bbf488 100644
--- a/nixops/modules/websites/capitaines/default.nix
+++ b/nixops/modules/websites/capitaines/default.nix
@@ -13,20 +13,17 @@ in {
13 }; 13 };
14 14
15 config = lib.mkIf cfg.production.enable { 15 config = lib.mkIf cfg.production.enable {
16 security.acme.certs."capitaines" = config.services.myCertificates.certConfig // {
17 domain = "mastodon.capitaines.fr";
18 extraDomains = { "capitaines.fr" = null; };
19 };
20 system.extraSystemBuilderCmds = '' 16 system.extraSystemBuilderCmds = ''
21 mkdir -p $out/webapps 17 mkdir -p $out/webapps
22 ln -s ${siteDir} $out/webapps/${webappName} 18 ln -s ${siteDir} $out/webapps/${webappName}
23 ''; 19 '';
24 20
25 services.websites.production.vhostConfs.capitaines_mastodon = { 21 services.websites.production.vhostConfs.capitaines_mastodon = {
26 certName = "capitaines"; 22 certName = "capitaines";
27 hosts = [ "mastodon.capitaines.fr" ]; 23 certMainHost = "mastodon.capitaines.fr";
28 root = root; 24 hosts = [ "mastodon.capitaines.fr" ];
29 extraConfig = [ 25 root = root;
26 extraConfig = [
30 '' 27 ''
31 ErrorDocument 404 /index.html 28 ErrorDocument 404 /index.html
32 <Directory ${root}> 29 <Directory ${root}>
@@ -39,9 +36,10 @@ in {
39 }; 36 };
40 37
41 services.websites.production.vhostConfs.capitaines = { 38 services.websites.production.vhostConfs.capitaines = {
42 certName = "capitaines"; 39 certName = "capitaines";
43 hosts = [ "capitaines.fr" ]; 40 addToCerts = true;
44 root = "/run/current-system/webapps/_www"; 41 hosts = [ "capitaines.fr" ];
42 root = "/run/current-system/webapps/_www";
45 extraConfig = [ '' 43 extraConfig = [ ''
46 <Directory /run/current-system/webapps/_www> 44 <Directory /run/current-system/webapps/_www>
47 DirectoryIndex index.htm 45 DirectoryIndex index.htm
diff --git a/nixops/modules/websites/chloe/default.nix b/nixops/modules/websites/chloe/default.nix
index ba72d92..8e801b5 100644
--- a/nixops/modules/websites/chloe/default.nix
+++ b/nixops/modules/websites/chloe/default.nix
@@ -25,13 +25,6 @@ in {
25 secrets.keys = chloe_prod.keys; 25 secrets.keys = chloe_prod.keys;
26 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ]; 26 services.webstats.sites = [ { name = "osteopathe-cc.fr"; } ];
27 27
28 security.acme.certs."chloe" = config.services.myCertificates.certConfig // {
29 domain = "osteopathe-cc.fr";
30 extraDomains = {
31 "www.osteopathe-cc.fr" = null;
32 };
33 };
34
35 services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps; 28 services.myPhpfpm.serviceDependencies.chloe_prod = chloe_prod.phpFpm.serviceDeps;
36 services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool; 29 services.myPhpfpm.poolConfigs.chloe_prod = chloe_prod.phpFpm.pool;
37 services.myPhpfpm.poolPhpConfigs.chloe_prod = '' 30 services.myPhpfpm.poolPhpConfigs.chloe_prod = ''
@@ -44,15 +37,15 @@ in {
44 ''; 37 '';
45 services.websites.production.modules = chloe_prod.apache.modules; 38 services.websites.production.modules = chloe_prod.apache.modules;
46 services.websites.production.vhostConfs.chloe = { 39 services.websites.production.vhostConfs.chloe = {
47 certName = "chloe"; 40 certName = "chloe";
48 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ]; 41 certMainHost = "osteopathe-cc.fr";
49 root = chloe_prod.apache.root; 42 hosts = ["osteopathe-cc.fr" "www.osteopathe-cc.fr" ];
50 extraConfig = [ chloe_prod.apache.vhostConf ]; 43 root = chloe_prod.apache.root;
44 extraConfig = [ chloe_prod.apache.vhostConf ];
51 }; 45 };
52 }) 46 })
53 (lib.mkIf cfg.integration.enable { 47 (lib.mkIf cfg.integration.enable {
54 secrets.keys = chloe_dev.keys; 48 secrets.keys = chloe_dev.keys;
55 security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
56 services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps; 49 services.myPhpfpm.serviceDependencies.chloe_dev = chloe_dev.phpFpm.serviceDeps;
57 services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool; 50 services.myPhpfpm.poolConfigs.chloe_dev = chloe_dev.phpFpm.pool;
58 services.myPhpfpm.poolPhpConfigs.chloe_dev = '' 51 services.myPhpfpm.poolPhpConfigs.chloe_dev = ''
@@ -66,6 +59,7 @@ in {
66 services.websites.integration.modules = chloe_dev.apache.modules; 59 services.websites.integration.modules = chloe_dev.apache.modules;
67 services.websites.integration.vhostConfs.chloe = { 60 services.websites.integration.vhostConfs.chloe = {
68 certName = "eldiron"; 61 certName = "eldiron";
62 addToCerts = true;
69 hosts = ["chloe.immae.eu" ]; 63 hosts = ["chloe.immae.eu" ];
70 root = chloe_dev.apache.root; 64 root = chloe_dev.apache.root;
71 extraConfig = [ chloe_dev.apache.vhostConf ]; 65 extraConfig = [ chloe_dev.apache.vhostConf ];
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index 3643e19..20c5166 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -25,15 +25,6 @@ in {
25 secrets.keys = connexionswing_prod.keys; 25 secrets.keys = connexionswing_prod.keys;
26 services.webstats.sites = [ { name = "connexionswing.com"; } ]; 26 services.webstats.sites = [ { name = "connexionswing.com"; } ];
27 27
28 security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
29 domain = "connexionswing.com";
30 extraDomains = {
31 "www.connexionswing.com" = null;
32 "sandetludo.com" = null;
33 "www.sandetludo.com" = null;
34 };
35 };
36
37 services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart; 28 services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart;
38 services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps; 29 services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps;
39 services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool; 30 services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
@@ -45,16 +36,15 @@ in {
45 ''; 36 '';
46 services.websites.production.modules = connexionswing_prod.apache.modules; 37 services.websites.production.modules = connexionswing_prod.apache.modules;
47 services.websites.production.vhostConfs.connexionswing = { 38 services.websites.production.vhostConfs.connexionswing = {
48 certName = "connexionswing"; 39 certName = "connexionswing";
49 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ]; 40 certMainHost = "connexionswing.com";
50 root = connexionswing_prod.apache.root; 41 hosts = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
51 extraConfig = [ connexionswing_prod.apache.vhostConf ]; 42 root = connexionswing_prod.apache.root;
43 extraConfig = [ connexionswing_prod.apache.vhostConf ];
52 }; 44 };
53 }) 45 })
54 (lib.mkIf cfg.integration.enable { 46 (lib.mkIf cfg.integration.enable {
55 secrets.keys = connexionswing_dev.keys; 47 secrets.keys = connexionswing_dev.keys;
56 security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
57 security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
58 services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart; 48 services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
59 services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps; 49 services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps;
60 services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool; 50 services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
@@ -67,6 +57,7 @@ in {
67 services.websites.integration.modules = connexionswing_dev.apache.modules; 57 services.websites.integration.modules = connexionswing_dev.apache.modules;
68 services.websites.integration.vhostConfs.connexionswing = { 58 services.websites.integration.vhostConfs.connexionswing = {
69 certName = "eldiron"; 59 certName = "eldiron";
60 addToCerts = true;
70 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ]; 61 hosts = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
71 root = connexionswing_dev.apache.root; 62 root = connexionswing_dev.apache.root;
72 extraConfig = [ connexionswing_dev.apache.vhostConf ]; 63 extraConfig = [ connexionswing_dev.apache.vhostConf ];
diff --git a/nixops/modules/websites/emilia/default.nix b/nixops/modules/websites/emilia/default.nix
index 4e32bec..47257b7 100644
--- a/nixops/modules/websites/emilia/default.nix
+++ b/nixops/modules/websites/emilia/default.nix
@@ -47,13 +47,6 @@ in {
47 }; 47 };
48 48
49 config = lib.mkIf cfg.production.enable { 49 config = lib.mkIf cfg.production.enable {
50 security.acme.certs."emilia" = config.services.myCertificates.certConfig // {
51 domain = "saison-photo.org";
52 extraDomains = {
53 "www.saison-photo.org" = null;
54 };
55 };
56
57 system.activationScripts.emilia = '' 50 system.activationScripts.emilia = ''
58 install -m 0755 -o wwwrun -g wwwrun -d ${varDir} 51 install -m 0755 -o wwwrun -g wwwrun -d ${varDir}
59 ''; 52 '';
@@ -62,10 +55,11 @@ in {
62 ln -s ${siteDir} $out/webapps/${webappName} 55 ln -s ${siteDir} $out/webapps/${webappName}
63 ''; 56 '';
64 services.websites.production.vhostConfs.emilia = { 57 services.websites.production.vhostConfs.emilia = {
65 certName = "emilia"; 58 certName = "emilia";
66 hosts = [ "saison-photo.org" "www.saison-photo.org" ]; 59 certMainHost = "saison-photo.org";
67 root = root; 60 hosts = [ "saison-photo.org" "www.saison-photo.org" ];
68 extraConfig = [ 61 root = root;
62 extraConfig = [
69 '' 63 ''
70 <Directory ${root}> 64 <Directory ${root}>
71 DirectoryIndex pause.html 65 DirectoryIndex pause.html
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix
index fa31430..884fb62 100644
--- a/nixops/modules/websites/ftp/denisejerome.nix
+++ b/nixops/modules/websites/ftp/denisejerome.nix
@@ -13,15 +13,12 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; 14 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
15 15
16 security.acme.certs."denisejerome" = config.services.myCertificates.certConfig // {
17 domain = "denisejerome.piedsjaloux.fr";
18 };
19
20 services.websites.production.vhostConfs.denisejerome = { 16 services.websites.production.vhostConfs.denisejerome = {
21 certName = "denisejerome"; 17 certName = "denisejerome";
22 hosts = ["denisejerome.piedsjaloux.fr" ]; 18 certMainHost = "denisejerome.piedsjaloux.fr";
23 root = varDir; 19 hosts = ["denisejerome.piedsjaloux.fr" ];
24 extraConfig = [ 20 root = varDir;
21 extraConfig = [
25 '' 22 ''
26 Use Stats denisejerome.piedsjaloux.fr 23 Use Stats denisejerome.piedsjaloux.fr
27 24
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix
index 8097507..ebd461e 100644
--- a/nixops/modules/websites/ftp/florian.nix
+++ b/nixops/modules/websites/ftp/florian.nix
@@ -17,19 +17,14 @@ in {
17 config = lib.mkMerge [ 17 config = lib.mkMerge [
18 (lib.mkIf cfg.production.enable { 18 (lib.mkIf cfg.production.enable {
19 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; 19 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
20 security.acme.certs."florian" = config.services.myCertificates.certConfig // {
21 domain = "tellesflorian.com";
22 extraDomains = {
23 "www.tellesflorian.com" = null;
24 };
25 };
26 20
27 services.websites.production.modules = adminer.apache.modules; 21 services.websites.production.modules = adminer.apache.modules;
28 services.websites.production.vhostConfs.florian = { 22 services.websites.production.vhostConfs.florian = {
29 certName = "florian"; 23 certName = "florian";
30 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; 24 certMainHost = "tellesflorian.com";
31 root = "${varDir}/tellesflorian.com"; 25 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
32 extraConfig = [ 26 root = "${varDir}/tellesflorian.com";
27 extraConfig = [
33 adminer.apache.vhostConf 28 adminer.apache.vhostConf
34 '' 29 ''
35 ServerAdmin ${env.server_admin} 30 ServerAdmin ${env.server_admin}
@@ -47,11 +42,11 @@ in {
47 42
48 (lib.mkIf cfg.integration.enable { 43 (lib.mkIf cfg.integration.enable {
49 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; 44 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
50 security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null;
51 45
52 services.websites.integration.modules = adminer.apache.modules; 46 services.websites.integration.modules = adminer.apache.modules;
53 services.websites.integration.vhostConfs.florian = { 47 services.websites.integration.vhostConfs.florian = {
54 certName = "eldiron"; 48 certName = "eldiron";
49 addToCerts = true;
55 hosts = [ "florian.immae.eu" ]; 50 hosts = [ "florian.immae.eu" ];
56 root = "${varDir}/florian.immae.eu"; 51 root = "${varDir}/florian.immae.eu";
57 extraConfig = [ 52 extraConfig = [
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix
index e188d95..2ba30a1 100644
--- a/nixops/modules/websites/ftp/immae.nix
+++ b/nixops/modules/websites/ftp/immae.nix
@@ -13,8 +13,6 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "www.immae.eu"; } ]; 14 services.webstats.sites = [ { name = "www.immae.eu"; } ];
15 15
16 security.acme.certs."eldiron".extraDomains."www.immae.eu" = null;
17
18 services.myPhpfpm.poolConfigs.immae = '' 16 services.myPhpfpm.poolConfigs.immae = ''
19 listen = /run/phpfpm/immae.sock 17 listen = /run/phpfpm/immae.sock
20 user = wwwrun 18 user = wwwrun
@@ -31,6 +29,7 @@ in {
31 services.websites.production.modules = [ "proxy_fcgi" ]; 29 services.websites.production.modules = [ "proxy_fcgi" ];
32 services.websites.production.vhostConfs.immae = { 30 services.websites.production.vhostConfs.immae = {
33 certName = "eldiron"; 31 certName = "eldiron";
32 addToCerts = true;
34 hosts = [ "www.immae.eu" ]; 33 hosts = [ "www.immae.eu" ];
35 root = varDir; 34 root = varDir;
36 extraConfig = [ 35 extraConfig = [
@@ -56,10 +55,9 @@ in {
56 ]; 55 ];
57 }; 56 };
58 57
59 security.acme.certs."eldiron".extraDomains."bouya.org" = null;
60 security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
61 services.websites.production.vhostConfs.bouya = { 58 services.websites.production.vhostConfs.bouya = {
62 certName = "eldiron"; 59 certName = "eldiron";
60 addToCerts = true;
63 hosts = [ "bouya.org" "www.bouya.org" ]; 61 hosts = [ "bouya.org" "www.bouya.org" ];
64 root = null; 62 root = null;
65 extraConfig = [ '' 63 extraConfig = [ ''
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
index a340644..d00c42d 100644
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/nixops/modules/websites/ftp/jerome.nix
@@ -15,9 +15,6 @@ in {
15 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; 15 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
16 16
17 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; 17 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
18 security.acme.certs."naturaloutil" = config.services.myCertificates.certConfig // {
19 domain = "naturaloutil.immae.eu";
20 };
21 18
22 secrets.keys = [{ 19 secrets.keys = [{
23 dest = "webapps/prod-naturaloutil"; 20 dest = "webapps/prod-naturaloutil";
@@ -60,10 +57,11 @@ in {
60 ''; 57 '';
61 services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; 58 services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
62 services.websites.production.vhostConfs.naturaloutil = { 59 services.websites.production.vhostConfs.naturaloutil = {
63 certName = "naturaloutil"; 60 certName = "naturaloutil";
64 hosts = ["naturaloutil.immae.eu" ]; 61 certMainHost = "naturaloutil.immae.eu";
65 root = varDir; 62 hosts = ["naturaloutil.immae.eu" ];
66 extraConfig = [ 63 root = varDir;
64 extraConfig = [
67 adminer.apache.vhostConf 65 adminer.apache.vhostConf
68 '' 66 ''
69 Use Stats naturaloutil.immae.eu 67 Use Stats naturaloutil.immae.eu
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
index 5185372..14bfa20 100644
--- a/nixops/modules/websites/ftp/leila.nix
+++ b/nixops/modules/websites/ftp/leila.nix
@@ -10,15 +10,6 @@ in {
10 }; 10 };
11 11
12 config = (lib.mkIf cfg.production.enable { 12 config = (lib.mkIf cfg.production.enable {
13 security.acme.certs."leila" = config.services.myCertificates.certConfig // {
14 domain = "leila.bouya.org";
15 extraDomains = {
16 "chorale.leila.bouya.org" = null;
17 "chorale-vocanta.fr.nf" = null;
18 "www.chorale-vocanta.fr.nf" = null;
19 };
20 };
21
22 services.myPhpfpm.poolConfigs.leila = '' 13 services.myPhpfpm.poolConfigs.leila = ''
23 listen = /run/phpfpm/leila.sock 14 listen = /run/phpfpm/leila.sock
24 user = wwwrun 15 user = wwwrun
@@ -41,6 +32,7 @@ in {
41 services.websites.production.modules = [ "proxy_fcgi" ]; 32 services.websites.production.modules = [ "proxy_fcgi" ];
42 services.websites.production.vhostConfs.leila_chorale = { 33 services.websites.production.vhostConfs.leila_chorale = {
43 certName = "leila"; 34 certName = "leila";
35 addToCerts = true;
44 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; 36 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
45 root = "${varDir}/Chorale"; 37 root = "${varDir}/Chorale";
46 extraConfig = [ 38 extraConfig = [
@@ -62,10 +54,11 @@ in {
62 ]; 54 ];
63 }; 55 };
64 services.websites.production.vhostConfs.leila = { 56 services.websites.production.vhostConfs.leila = {
65 certName = "leila"; 57 certName = "leila";
66 hosts = [ "leila.bouya.org" ]; 58 certMainHost = "leila.bouya.org";
67 root = varDir; 59 hosts = [ "leila.bouya.org" ];
68 extraConfig = [ 60 root = varDir;
61 extraConfig = [
69 '' 62 ''
70 Use Stats leila.bouya.org 63 Use Stats leila.bouya.org
71 <Directory ${varDir}/Chorale> 64 <Directory ${varDir}/Chorale>
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix
index 9ed8a80..3c982d3 100644
--- a/nixops/modules/websites/ftp/nassime.nix
+++ b/nixops/modules/websites/ftp/nassime.nix
@@ -14,15 +14,13 @@ in {
14 services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; 14 services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
15 15
16 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; 16 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
17 security.acme.certs."nassime" = config.services.myCertificates.certConfig // {
18 domain = "nassime.bouya.org";
19 };
20 17
21 services.websites.production.vhostConfs.nassime = { 18 services.websites.production.vhostConfs.nassime = {
22 certName = "nassime"; 19 certName = "nassime";
23 hosts = ["nassime.bouya.org" ]; 20 certMainHost = "nassime.bouya.org";
24 root = varDir; 21 hosts = ["nassime.bouya.org" ];
25 extraConfig = [ 22 root = varDir;
23 extraConfig = [
26 '' 24 ''
27 Use Stats nassime.bouya.org 25 Use Stats nassime.bouya.org
28 ServerAdmin ${env.server_admin} 26 ServerAdmin ${env.server_admin}
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
index cdbc1b0..c8d05ef 100644
--- a/nixops/modules/websites/ftp/papa.nix
+++ b/nixops/modules/websites/ftp/papa.nix
@@ -11,9 +11,6 @@ in {
11 11
12 config = lib.mkIf cfg.production.enable { 12 config = lib.mkIf cfg.production.enable {
13 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; 13 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
14 security.acme.certs."papa" = config.services.myCertificates.certConfig // {
15 domain = "surveillance.maison.bbc.bouya.org";
16 };
17 14
18 services.cron = { 15 services.cron = {
19 systemCronJobs = let 16 systemCronJobs = let
@@ -35,10 +32,11 @@ in {
35 }; 32 };
36 33
37 services.websites.production.vhostConfs.papa = { 34 services.websites.production.vhostConfs.papa = {
38 certName = "papa"; 35 certName = "papa";
39 hosts = [ "surveillance.maison.bbc.bouya.org" ]; 36 certMainHost = "surveillance.maison.bbc.bouya.org";
40 root = varDir; 37 hosts = [ "surveillance.maison.bbc.bouya.org" ];
41 extraConfig = [ 38 root = varDir;
39 extraConfig = [
42 '' 40 ''
43 Use Apaxy "${varDir}" "title .duplicity-ignore" 41 Use Apaxy "${varDir}" "title .duplicity-ignore"
44 <Directory ${varDir}> 42 <Directory ${varDir}>
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix
index 2ddd8bc..db3487f 100644
--- a/nixops/modules/websites/ftp/release.nix
+++ b/nixops/modules/websites/ftp/release.nix
@@ -13,10 +13,9 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "release.immae.eu"; } ]; 14 services.webstats.sites = [ { name = "release.immae.eu"; } ];
15 15
16 security.acme.certs."eldiron".extraDomains."release.immae.eu" = null;
17
18 services.websites.production.vhostConfs.release = { 16 services.websites.production.vhostConfs.release = {
19 certName = "eldiron"; 17 certName = "eldiron";
18 addToCerts = true;
20 hosts = [ "release.immae.eu" ]; 19 hosts = [ "release.immae.eu" ];
21 root = varDir; 20 root = varDir;
22 extraConfig = [ 21 extraConfig = [
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix
index bdd80c0..86dfde3 100644
--- a/nixops/modules/websites/ftp/temp.nix
+++ b/nixops/modules/websites/ftp/temp.nix
@@ -11,11 +11,10 @@ in {
11 }; 11 };
12 12
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null;
15
16 services.websites.production.modules = [ "headers" ]; 14 services.websites.production.modules = [ "headers" ];
17 services.websites.production.vhostConfs.temp = { 15 services.websites.production.vhostConfs.temp = {
18 certName = "eldiron"; 16 certName = "eldiron";
17 addToCerts = true;
19 hosts = [ "temp.immae.eu" ]; 18 hosts = [ "temp.immae.eu" ];
20 root = varDir; 19 root = varDir;
21 extraConfig = [ 20 extraConfig = [
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix
index dfeff0a..70d5199 100644
--- a/nixops/modules/websites/ludivine/default.nix
+++ b/nixops/modules/websites/ludivine/default.nix
@@ -25,13 +25,6 @@ in {
25 secrets.keys = ludivinecassal_prod.keys; 25 secrets.keys = ludivinecassal_prod.keys;
26 services.webstats.sites = [ { name = "ludivinecassal.com"; } ]; 26 services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
27 27
28 security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // {
29 domain = "ludivinecassal.com";
30 extraDomains = {
31 "www.ludivinecassal.com" = null;
32 };
33 };
34
35 services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart; 28 services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart;
36 services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps; 29 services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps;
37 services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool; 30 services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
@@ -42,15 +35,15 @@ in {
42 ''; 35 '';
43 services.websites.production.modules = ludivinecassal_prod.apache.modules; 36 services.websites.production.modules = ludivinecassal_prod.apache.modules;
44 services.websites.production.vhostConfs.ludivine = { 37 services.websites.production.vhostConfs.ludivine = {
45 certName = "ludivinecassal"; 38 certName = "ludivinecassal";
46 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ]; 39 certMainHost = "ludivinecassal.com";
47 root = ludivinecassal_prod.apache.root; 40 hosts = ["ludivinecassal.com" "www.ludivinecassal.com" ];
48 extraConfig = [ ludivinecassal_prod.apache.vhostConf ]; 41 root = ludivinecassal_prod.apache.root;
42 extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
49 }; 43 };
50 }) 44 })
51 (lib.mkIf cfg.integration.enable { 45 (lib.mkIf cfg.integration.enable {
52 secrets.keys = ludivinecassal_dev.keys; 46 secrets.keys = ludivinecassal_dev.keys;
53 security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
54 47
55 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart; 48 services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
56 services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps; 49 services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps;
@@ -63,6 +56,7 @@ in {
63 services.websites.integration.modules = ludivinecassal_dev.apache.modules; 56 services.websites.integration.modules = ludivinecassal_dev.apache.modules;
64 services.websites.integration.vhostConfs.ludivine = { 57 services.websites.integration.vhostConfs.ludivine = {
65 certName = "eldiron"; 58 certName = "eldiron";
59 addToCerts = true;
66 hosts = [ "ludivine.immae.eu" ]; 60 hosts = [ "ludivine.immae.eu" ];
67 root = ludivinecassal_dev.apache.root; 61 root = ludivinecassal_dev.apache.root;
68 extraConfig = [ ludivinecassal_dev.apache.vhostConf ]; 62 extraConfig = [ ludivinecassal_dev.apache.vhostConf ];
diff --git a/nixops/modules/websites/piedsjaloux/default.nix b/nixops/modules/websites/piedsjaloux/default.nix
index 6ffb19c..a5ee24f 100644
--- a/nixops/modules/websites/piedsjaloux/default.nix
+++ b/nixops/modules/websites/piedsjaloux/default.nix
@@ -25,13 +25,6 @@ in {
25 secrets.keys = piedsjaloux_prod.keys; 25 secrets.keys = piedsjaloux_prod.keys;
26 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ]; 26 services.webstats.sites = [ { name = "piedsjaloux.fr"; } ];
27 27
28 security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // {
29 domain = "piedsjaloux.fr";
30 extraDomains = {
31 "www.piedsjaloux.fr" = null;
32 };
33 };
34
35 services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart; 28 services.myPhpfpm.preStart.piedsjaloux_prod = piedsjaloux_prod.phpFpm.preStart;
36 services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps; 29 services.myPhpfpm.serviceDependencies.piedsjaloux_prod = piedsjaloux_prod.phpFpm.serviceDeps;
37 services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool; 30 services.myPhpfpm.poolConfigs.piedsjaloux_prod = piedsjaloux_prod.phpFpm.pool;
@@ -42,15 +35,15 @@ in {
42 ''; 35 '';
43 services.websites.production.modules = piedsjaloux_prod.apache.modules; 36 services.websites.production.modules = piedsjaloux_prod.apache.modules;
44 services.websites.production.vhostConfs.piedsjaloux = { 37 services.websites.production.vhostConfs.piedsjaloux = {
45 certName = "piedsjaloux"; 38 certName = "piedsjaloux";
46 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ]; 39 certMainHost = "piedsjaloux.fr";
47 root = piedsjaloux_prod.apache.root; 40 hosts = [ "piedsjaloux.fr" "www.piedsjaloux.fr" ];
48 extraConfig = [ piedsjaloux_prod.apache.vhostConf ]; 41 root = piedsjaloux_prod.apache.root;
42 extraConfig = [ piedsjaloux_prod.apache.vhostConf ];
49 }; 43 };
50 }) 44 })
51 (lib.mkIf cfg.integration.enable { 45 (lib.mkIf cfg.integration.enable {
52 secrets.keys = piedsjaloux_dev.keys; 46 secrets.keys = piedsjaloux_dev.keys;
53 security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
54 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart; 47 services.myPhpfpm.preStart.piedsjaloux_dev = piedsjaloux_dev.phpFpm.preStart;
55 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps; 48 services.myPhpfpm.serviceDependencies.piedsjaloux_dev = piedsjaloux_dev.phpFpm.serviceDeps;
56 services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool; 49 services.myPhpfpm.poolConfigs.piedsjaloux_dev = piedsjaloux_dev.phpFpm.pool;
@@ -62,6 +55,7 @@ in {
62 services.websites.integration.modules = piedsjaloux_dev.apache.modules; 55 services.websites.integration.modules = piedsjaloux_dev.apache.modules;
63 services.websites.integration.vhostConfs.piedsjaloux = { 56 services.websites.integration.vhostConfs.piedsjaloux = {
64 certName = "eldiron"; 57 certName = "eldiron";
58 addToCerts = true;
65 hosts = [ "piedsjaloux.immae.eu" ]; 59 hosts = [ "piedsjaloux.immae.eu" ];
66 root = piedsjaloux_dev.apache.root; 60 root = piedsjaloux_dev.apache.root;
67 extraConfig = [ piedsjaloux_dev.apache.vhostConf ]; 61 extraConfig = [ piedsjaloux_dev.apache.vhostConf ];
diff --git a/nixops/modules/websites/tellesflorian/default.nix b/nixops/modules/websites/tellesflorian/default.nix
index eb02174..bbbde07 100644
--- a/nixops/modules/websites/tellesflorian/default.nix
+++ b/nixops/modules/websites/tellesflorian/default.nix
@@ -17,7 +17,6 @@ in {
17 17
18 config = lib.mkIf cfg.integration.enable { 18 config = lib.mkIf cfg.integration.enable {
19 secrets.keys = tellesflorian_dev.keys; 19 secrets.keys = tellesflorian_dev.keys;
20 security.acme.certs."eldiron".extraDomains."app.tellesflorian.com" = null;
21 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart; 20 services.myPhpfpm.preStart.tellesflorian_dev = tellesflorian_dev.phpFpm.preStart;
22 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps; 21 services.myPhpfpm.serviceDependencies.tellesflorian_dev = tellesflorian_dev.phpFpm.serviceDeps;
23 services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool; 22 services.myPhpfpm.poolConfigs.tellesflorian_dev = tellesflorian_dev.phpFpm.pool;
@@ -29,6 +28,7 @@ in {
29 services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules; 28 services.websites.integration.modules = adminer.apache.modules ++ tellesflorian_dev.apache.modules;
30 services.websites.integration.vhostConfs.tellesflorian = { 29 services.websites.integration.vhostConfs.tellesflorian = {
31 certName = "eldiron"; 30 certName = "eldiron";
31 addToCerts = true;
32 hosts = ["app.tellesflorian.com" ]; 32 hosts = ["app.tellesflorian.com" ];
33 root = tellesflorian_dev.apache.root; 33 root = tellesflorian_dev.apache.root;
34 extraConfig = [ 34 extraConfig = [
diff --git a/nixops/modules/websites/tools/cloud.nix b/nixops/modules/websites/tools/cloud.nix
index 69b5fb0..5e010f4 100644
--- a/nixops/modules/websites/tools/cloud.nix
+++ b/nixops/modules/websites/tools/cloud.nix
@@ -49,12 +49,11 @@ in {
49 }; 49 };
50 50
51 config = lib.mkIf cfg.enable { 51 config = lib.mkIf cfg.enable {
52 security.acme.certs."eldiron".extraDomains."cloud.immae.eu" = null;
53
54 services.websites.tools.modules = [ "proxy_fcgi" ]; 52 services.websites.tools.modules = [ "proxy_fcgi" ];
55 53
56 services.websites.tools.vhostConfs.cloud = { 54 services.websites.tools.vhostConfs.cloud = {
57 certName = "eldiron"; 55 certName = "eldiron";
56 addToCerts = true;
58 hosts = ["cloud.immae.eu" ]; 57 hosts = ["cloud.immae.eu" ];
59 root = apacheRoot; 58 root = apacheRoot;
60 extraConfig = [ 59 extraConfig = [
diff --git a/nixops/modules/websites/tools/dav/default.nix b/nixops/modules/websites/tools/dav/default.nix
index ea2105b..075cf48 100644
--- a/nixops/modules/websites/tools/dav/default.nix
+++ b/nixops/modules/websites/tools/dav/default.nix
@@ -27,13 +27,12 @@ in {
27 }; 27 };
28 28
29 config = lib.mkIf cfg.enable { 29 config = lib.mkIf cfg.enable {
30 security.acme.certs."eldiron".extraDomains."dav.immae.eu" = null;
31
32 secrets.keys = davical.keys; 30 secrets.keys = davical.keys;
33 services.websites.tools.modules = davical.apache.modules; 31 services.websites.tools.modules = davical.apache.modules;
34 32
35 services.websites.tools.vhostConfs.dav = { 33 services.websites.tools.vhostConfs.dav = {
36 certName = "eldiron"; 34 certName = "eldiron";
35 addToCerts = true;
37 hosts = ["dav.immae.eu" ]; 36 hosts = ["dav.immae.eu" ];
38 root = null; 37 root = null;
39 extraConfig = [ 38 extraConfig = [
diff --git a/nixops/modules/websites/tools/db.nix b/nixops/modules/websites/tools/db.nix
index 70650fa..7c15c23 100644
--- a/nixops/modules/websites/tools/db.nix
+++ b/nixops/modules/websites/tools/db.nix
@@ -9,11 +9,10 @@ in {
9 }; 9 };
10 10
11 config = lib.mkIf cfg.enable { 11 config = lib.mkIf cfg.enable {
12 security.acme.certs."eldiron".extraDomains."db-1.immae.eu" = null;
13
14 services.websites.tools.modules = adminer.apache.modules; 12 services.websites.tools.modules = adminer.apache.modules;
15 services.websites.tools.vhostConfs.db-1 = { 13 services.websites.tools.vhostConfs.db-1 = {
16 certName = "eldiron"; 14 certName = "eldiron";
15 addToCerts = true;
17 hosts = ["db-1.immae.eu" ]; 16 hosts = ["db-1.immae.eu" ];
18 root = null; 17 root = null;
19 extraConfig = [ adminer.apache.vhostConf ]; 18 extraConfig = [ adminer.apache.vhostConf ];
diff --git a/nixops/modules/websites/tools/diaspora.nix b/nixops/modules/websites/tools/diaspora.nix
index 221e01c..ee5507d 100644
--- a/nixops/modules/websites/tools/diaspora.nix
+++ b/nixops/modules/websites/tools/diaspora.nix
@@ -148,13 +148,13 @@ in {
148 services.websites.tools.modules = [ 148 services.websites.tools.modules = [
149 "headers" "proxy" "proxy_http" 149 "headers" "proxy" "proxy_http"
150 ]; 150 ];
151 security.acme.certs."eldiron".extraDomains."diaspora.immae.eu" = null;
152 system.extraSystemBuilderCmds = '' 151 system.extraSystemBuilderCmds = ''
153 mkdir -p $out/webapps 152 mkdir -p $out/webapps
154 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora 153 ln -s ${dcfg.workdir}/public/ $out/webapps/tools_diaspora
155 ''; 154 '';
156 services.websites.tools.vhostConfs.diaspora = { 155 services.websites.tools.vhostConfs.diaspora = {
157 certName = "eldiron"; 156 certName = "eldiron";
157 addToCerts = true;
158 hosts = [ "diaspora.immae.eu" ]; 158 hosts = [ "diaspora.immae.eu" ];
159 root = root; 159 root = root;
160 extraConfig = [ '' 160 extraConfig = [ ''
diff --git a/nixops/modules/websites/tools/ether.nix b/nixops/modules/websites/tools/ether.nix
index 6222b22..8c9bbb1 100644
--- a/nixops/modules/websites/tools/ether.nix
+++ b/nixops/modules/websites/tools/ether.nix
@@ -136,9 +136,9 @@ in {
136 services.websites.tools.modules = [ 136 services.websites.tools.modules = [
137 "headers" "proxy" "proxy_http" "proxy_wstunnel" 137 "headers" "proxy" "proxy_http" "proxy_wstunnel"
138 ]; 138 ];
139 security.acme.certs."eldiron".extraDomains."ether.immae.eu" = null;
140 services.websites.tools.vhostConfs.etherpad-lite = { 139 services.websites.tools.vhostConfs.etherpad-lite = {
141 certName = "eldiron"; 140 certName = "eldiron";
141 addToCerts = true;
142 hosts = [ "ether.immae.eu" ]; 142 hosts = [ "ether.immae.eu" ];
143 root = null; 143 root = null;
144 extraConfig = [ '' 144 extraConfig = [ ''
diff --git a/nixops/modules/websites/tools/git/default.nix b/nixops/modules/websites/tools/git/default.nix
index ea0d971..064d3dd 100644
--- a/nixops/modules/websites/tools/git/default.nix
+++ b/nixops/modules/websites/tools/git/default.nix
@@ -13,8 +13,6 @@ in {
13 }; 13 };
14 14
15 config = lib.mkIf cfg.enable { 15 config = lib.mkIf cfg.enable {
16 security.acme.certs."eldiron".extraDomains."git.immae.eu" = null;
17
18 secrets.keys = mantisbt.keys; 16 secrets.keys = mantisbt.keys;
19 services.websites.tools.modules = 17 services.websites.tools.modules =
20 gitweb.apache.modules ++ 18 gitweb.apache.modules ++
@@ -27,6 +25,7 @@ in {
27 25
28 services.websites.tools.vhostConfs.git = { 26 services.websites.tools.vhostConfs.git = {
29 certName = "eldiron"; 27 certName = "eldiron";
28 addToCerts = true;
30 hosts = ["git.immae.eu" ]; 29 hosts = ["git.immae.eu" ];
31 root = gitweb.apache.root; 30 root = gitweb.apache.root;
32 extraConfig = [ 31 extraConfig = [
diff --git a/nixops/modules/websites/tools/mastodon.nix b/nixops/modules/websites/tools/mastodon.nix
index 38b2107..ffd59dd 100644
--- a/nixops/modules/websites/tools/mastodon.nix
+++ b/nixops/modules/websites/tools/mastodon.nix
@@ -67,13 +67,13 @@ in {
67 services.websites.tools.modules = [ 67 services.websites.tools.modules = [
68 "headers" "proxy" "proxy_wstunnel" "proxy_http" 68 "headers" "proxy" "proxy_wstunnel" "proxy_http"
69 ]; 69 ];
70 security.acme.certs."eldiron".extraDomains."mastodon.immae.eu" = null;
71 system.extraSystemBuilderCmds = '' 70 system.extraSystemBuilderCmds = ''
72 mkdir -p $out/webapps 71 mkdir -p $out/webapps
73 ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon 72 ln -s ${mcfg.workdir}/public/ $out/webapps/tools_mastodon
74 ''; 73 '';
75 services.websites.tools.vhostConfs.mastodon = { 74 services.websites.tools.vhostConfs.mastodon = {
76 certName = "eldiron"; 75 certName = "eldiron";
76 addToCerts = true;
77 hosts = ["mastodon.immae.eu" ]; 77 hosts = ["mastodon.immae.eu" ];
78 root = root; 78 root = root;
79 extraConfig = [ '' 79 extraConfig = [ ''
diff --git a/nixops/modules/websites/tools/mediagoblin.nix b/nixops/modules/websites/tools/mediagoblin.nix
index 8a6f03f..eb56b35 100644
--- a/nixops/modules/websites/tools/mediagoblin.nix
+++ b/nixops/modules/websites/tools/mediagoblin.nix
@@ -83,9 +83,9 @@ in {
83 "proxy" "proxy_http" 83 "proxy" "proxy_http"
84 ]; 84 ];
85 users.users.wwwrun.extraGroups = [ "mediagoblin" ]; 85 users.users.wwwrun.extraGroups = [ "mediagoblin" ];
86 security.acme.certs."eldiron".extraDomains."mgoblin.immae.eu" = null;
87 services.websites.tools.vhostConfs.mgoblin = { 86 services.websites.tools.vhostConfs.mgoblin = {
88 certName = "eldiron"; 87 certName = "eldiron";
88 addToCerts = true;
89 hosts = ["mgoblin.immae.eu" ]; 89 hosts = ["mgoblin.immae.eu" ];
90 root = null; 90 root = null;
91 extraConfig = [ '' 91 extraConfig = [ ''
diff --git a/nixops/modules/websites/tools/peertube.nix b/nixops/modules/websites/tools/peertube.nix
index 6cc6d38..12ab3c4 100644
--- a/nixops/modules/websites/tools/peertube.nix
+++ b/nixops/modules/websites/tools/peertube.nix
@@ -153,9 +153,9 @@ in {
153 services.websites.tools.modules = [ 153 services.websites.tools.modules = [
154 "headers" "proxy" "proxy_http" "proxy_wstunnel" 154 "headers" "proxy" "proxy_http" "proxy_wstunnel"
155 ]; 155 ];
156 security.acme.certs."eldiron".extraDomains."peertube.immae.eu" = null;
157 services.websites.tools.vhostConfs.peertube = { 156 services.websites.tools.vhostConfs.peertube = {
158 certName = "eldiron"; 157 certName = "eldiron";
158 addToCerts = true;
159 hosts = [ "peertube.immae.eu" ]; 159 hosts = [ "peertube.immae.eu" ];
160 root = null; 160 root = null;
161 extraConfig = [ '' 161 extraConfig = [ ''
diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix
index 5e84f45..061c004 100644
--- a/nixops/modules/websites/tools/tools/default.nix
+++ b/nixops/modules/websites/tools/tools/default.nix
@@ -46,9 +46,6 @@ in {
46 }; 46 };
47 47
48 config = lib.mkIf cfg.enable { 48 config = lib.mkIf cfg.enable {
49 security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
50 security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
51
52 secrets.keys = 49 secrets.keys =
53 kanboard.keys 50 kanboard.keys
54 ++ ldap.keys 51 ++ ldap.keys
@@ -86,6 +83,7 @@ in {
86 83
87 services.websites.integration.vhostConfs.devtools = { 84 services.websites.integration.vhostConfs.devtools = {
88 certName = "eldiron"; 85 certName = "eldiron";
86 addToCerts = true;
89 hosts = ["devtools.immae.eu" ]; 87 hosts = ["devtools.immae.eu" ];
90 root = "/var/lib/ftp/devtools.immae.eu"; 88 root = "/var/lib/ftp/devtools.immae.eu";
91 extraConfig = [ 89 extraConfig = [
@@ -105,6 +103,7 @@ in {
105 103
106 services.websites.tools.vhostConfs.tools = { 104 services.websites.tools.vhostConfs.tools = {
107 certName = "eldiron"; 105 certName = "eldiron";
106 addToCerts = true;
108 hosts = ["tools.immae.eu" ]; 107 hosts = ["tools.immae.eu" ];
109 root = "/var/lib/ftp/tools.immae.eu"; 108 root = "/var/lib/ftp/tools.immae.eu";
110 extraConfig = [ 109 extraConfig = [
@@ -132,11 +131,11 @@ in {
132 ]; 131 ];
133 }; 132 };
134 133
135 security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
136 services.websites.tools.vhostConfs.outils = { 134 services.websites.tools.vhostConfs.outils = {
137 certName = "eldiron"; 135 certName = "eldiron";
138 hosts = [ "outils.immae.eu" ]; 136 addToCerts = true;
139 root = null; 137 hosts = [ "outils.immae.eu" ];
138 root = null;
140 extraConfig = [ 139 extraConfig = [
141 '' 140 ''
142 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 141 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1