Add new machine to nixops

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-10-18 19:43:39 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-10-18 19:43:39 +0200
commit: 8415083eb6acc343dfa404dbbc12fa0171a48a20 (patch)
tree: d83f54c99763ae49076bf3071449595b6ccae133 /modules/private/websites
parent: 8fa7ff2c63fb0722144bc90837512d9f8b8c929d (diff)
download: Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.gz
Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.zst
Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.zip
2 files changed, 33 insertions, 27 deletions
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index e2bcef5..119d62e 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -64,15 +64,19 @@ let
  makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
 in
 {
-  options.myServices.websites.webappDirs = lib.mkOption {
+  options.myServices.websites = {
-    type = lib.types.attrsOf lib.types.path;
+    enable = lib.mkEnableOption "enable websites";
-    description = ''
-      Webapp paths to create in /run/current-system/webapps
+    webappDirs = lib.mkOption {
-      '';
+      type = lib.types.attrsOf lib.types.path;
-    default = {};
+      description = ''
+        Webapp paths to create in /run/current-system/webapps
+        '';
+      default = {};
+    };
  };
-  config = {
+  config = lib.mkIf config.myServices.websites.enable {
    services.backup.profiles.php = {
      rootDir = "/var/lib/php";
    };
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
index bedefda..d443f55 100644
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ b/modules/private/websites/tools/mail/mta-sts.nix
@@ -28,28 +28,30 @@ let
      "cp ${file d} $out/${d.domain}.txt"
    ) domains)}
    '';
+  cfg = config.myServices.websites.tools.email;
 in
 {
-  config.myServices.websites.webappDirs = {
+  config = lib.mkIf cfg.enable {
-    _mta-sts = root;
+    myServices.websites.webappDirs = {
-  };
+      _mta-sts = root;
+    };
-  config.services.websites.env.tools.vhostConfs.mta_sts = {
+    services.websites.env.tools.vhostConfs.mta_sts = {
-    certName   = "mail";
+      certName   = "mail";
-    addToCerts = true;
+      addToCerts = true;
-    hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
+      hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
-    root = "/run/current-system/webapps/_mta-sts";
+      root = "/run/current-system/webapps/_mta-sts";
-    extraConfig = [
+      extraConfig = [
-      ''
+        ''
-        RewriteEngine on
+          RewriteEngine on
-        RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
+          RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
-        RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
+          RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
-        <Directory /run/current-system/webapps/_mta-sts>
+          <Directory /run/current-system/webapps/_mta-sts>
-          Require all granted
+            Require all granted
-          Options -Indexes
+            Options -Indexes
-        </Directory>
+          </Directory>
-      ''
+        ''
-    ];
+      ];
+    };
  };
 }
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-10-18 19:43:39 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-10-18 19:43:39 +0200
commit	8415083eb6acc343dfa404dbbc12fa0171a48a20 (patch)
tree	d83f54c99763ae49076bf3071449595b6ccae133 /modules/private/websites
parent	8fa7ff2c63fb0722144bc90837512d9f8b8c929d (diff)
download	Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.gz Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.zst Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.zip

diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index e2bcef5..119d62e 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix
@@ -64,15 +64,19 @@ let
64	makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));	64	makeExtraConfig = (builtins.filter (x: x != null) (lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) apacheConfig));
65	in	65	in
66	{	66	{
67	options.myServices.websites.webappDirs = lib.mkOption {	67	options.myServices.websites = {
68	type = lib.types.attrsOf lib.types.path;	68	enable = lib.mkEnableOption "enable websites";
69	description = ''	69
70	Webapp paths to create in /run/current-system/webapps	70	webappDirs = lib.mkOption {
71	'';	71	type = lib.types.attrsOf lib.types.path;
72	default = {};	72	description = ''
		73	Webapp paths to create in /run/current-system/webapps
		74	'';
		75	default = {};
		76	};
73	};	77	};
74		78
75	config = {	79	config = lib.mkIf config.myServices.websites.enable {
76	services.backup.profiles.php = {	80	services.backup.profiles.php = {
77	rootDir = "/var/lib/php";	81	rootDir = "/var/lib/php";
78	};	82	};


diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix index bedefda..d443f55 100644 --- a/modules/private/websites/tools/mail/mta-sts.nix +++ b/modules/private/websites/tools/mail/mta-sts.nix
@@ -28,28 +28,30 @@ let
28	"cp ${file d} $out/${d.domain}.txt"	28	"cp ${file d} $out/${d.domain}.txt"
29	) domains)}	29	) domains)}
30	'';	30	'';
		31	cfg = config.myServices.websites.tools.email;
31	in	32	in
32	{	33	{
33	config.myServices.websites.webappDirs = {	34	config = lib.mkIf cfg.enable {
34	_mta-sts = root;	35	myServices.websites.webappDirs = {
35	};	36	_mta-sts = root;
		37	};
36		38
37	config.services.websites.env.tools.vhostConfs.mta_sts = {	39	services.websites.env.tools.vhostConfs.mta_sts = {
38	certName = "mail";	40	certName = "mail";
39	addToCerts = true;	41	addToCerts = true;
40	hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;	42	hosts = ["mta-sts.mail.immae.eu"] ++ map (v: "mta-sts.${v.domain}") domains;
41	root = "/run/current-system/webapps/_mta-sts";	43	root = "/run/current-system/webapps/_mta-sts";
42	extraConfig = [	44	extraConfig = [
43	''	45	''
44	RewriteEngine on	46	RewriteEngine on
45	RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$	47	RewriteCond %{HTTP_HOST} ^mta-sts.(.*)$
46	RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]	48	RewriteRule ^/.well-known/mta-sts.txt$ %{DOCUMENT_ROOT}/%1.txt [L]
47	<Directory /run/current-system/webapps/_mta-sts>	49	<Directory /run/current-system/webapps/_mta-sts>
48	Require all granted	50	Require all granted
49	Options -Indexes	51	Options -Indexes
50	</Directory>	52	</Directory>
51	''	53	''
52	];	54	];
		55	};
53	};	56	};
54
55	}	57	}