aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/websites/ftp
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-16 23:23:05 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-17 00:04:47 +0200
commit7df420c27ebe7daaa4fd099c457ce9a9075b840e (patch)
treeec41e01e9331652c09dc4f2ed4186ce5952c3882 /nixops/modules/websites/ftp
parent52f45eb051df228955add90ca62de66a7ed8af34 (diff)
downloadNix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.gz
Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.zst
Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.zip
Add certificate creation and handling to websites
Diffstat (limited to 'nixops/modules/websites/ftp')
-rw-r--r--nixops/modules/websites/ftp/denisejerome.nix13
-rw-r--r--nixops/modules/websites/ftp/florian.nix17
-rw-r--r--nixops/modules/websites/ftp/immae.nix6
-rw-r--r--nixops/modules/websites/ftp/jerome.nix12
-rw-r--r--nixops/modules/websites/ftp/leila.nix19
-rw-r--r--nixops/modules/websites/ftp/nassime.nix12
-rw-r--r--nixops/modules/websites/ftp/papa.nix12
-rw-r--r--nixops/modules/websites/ftp/release.nix3
-rw-r--r--nixops/modules/websites/ftp/temp.nix3
9 files changed, 36 insertions, 61 deletions
diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix
index fa31430..884fb62 100644
--- a/nixops/modules/websites/ftp/denisejerome.nix
+++ b/nixops/modules/websites/ftp/denisejerome.nix
@@ -13,15 +13,12 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; 14 services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ];
15 15
16 security.acme.certs."denisejerome" = config.services.myCertificates.certConfig // {
17 domain = "denisejerome.piedsjaloux.fr";
18 };
19
20 services.websites.production.vhostConfs.denisejerome = { 16 services.websites.production.vhostConfs.denisejerome = {
21 certName = "denisejerome"; 17 certName = "denisejerome";
22 hosts = ["denisejerome.piedsjaloux.fr" ]; 18 certMainHost = "denisejerome.piedsjaloux.fr";
23 root = varDir; 19 hosts = ["denisejerome.piedsjaloux.fr" ];
24 extraConfig = [ 20 root = varDir;
21 extraConfig = [
25 '' 22 ''
26 Use Stats denisejerome.piedsjaloux.fr 23 Use Stats denisejerome.piedsjaloux.fr
27 24
diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix
index 8097507..ebd461e 100644
--- a/nixops/modules/websites/ftp/florian.nix
+++ b/nixops/modules/websites/ftp/florian.nix
@@ -17,19 +17,14 @@ in {
17 config = lib.mkMerge [ 17 config = lib.mkMerge [
18 (lib.mkIf cfg.production.enable { 18 (lib.mkIf cfg.production.enable {
19 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; 19 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null;
20 security.acme.certs."florian" = config.services.myCertificates.certConfig // {
21 domain = "tellesflorian.com";
22 extraDomains = {
23 "www.tellesflorian.com" = null;
24 };
25 };
26 20
27 services.websites.production.modules = adminer.apache.modules; 21 services.websites.production.modules = adminer.apache.modules;
28 services.websites.production.vhostConfs.florian = { 22 services.websites.production.vhostConfs.florian = {
29 certName = "florian"; 23 certName = "florian";
30 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; 24 certMainHost = "tellesflorian.com";
31 root = "${varDir}/tellesflorian.com"; 25 hosts = [ "tellesflorian.com" "www.tellesflorian.com" ];
32 extraConfig = [ 26 root = "${varDir}/tellesflorian.com";
27 extraConfig = [
33 adminer.apache.vhostConf 28 adminer.apache.vhostConf
34 '' 29 ''
35 ServerAdmin ${env.server_admin} 30 ServerAdmin ${env.server_admin}
@@ -47,11 +42,11 @@ in {
47 42
48 (lib.mkIf cfg.integration.enable { 43 (lib.mkIf cfg.integration.enable {
49 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; 44 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null;
50 security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null;
51 45
52 services.websites.integration.modules = adminer.apache.modules; 46 services.websites.integration.modules = adminer.apache.modules;
53 services.websites.integration.vhostConfs.florian = { 47 services.websites.integration.vhostConfs.florian = {
54 certName = "eldiron"; 48 certName = "eldiron";
49 addToCerts = true;
55 hosts = [ "florian.immae.eu" ]; 50 hosts = [ "florian.immae.eu" ];
56 root = "${varDir}/florian.immae.eu"; 51 root = "${varDir}/florian.immae.eu";
57 extraConfig = [ 52 extraConfig = [
diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix
index e188d95..2ba30a1 100644
--- a/nixops/modules/websites/ftp/immae.nix
+++ b/nixops/modules/websites/ftp/immae.nix
@@ -13,8 +13,6 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "www.immae.eu"; } ]; 14 services.webstats.sites = [ { name = "www.immae.eu"; } ];
15 15
16 security.acme.certs."eldiron".extraDomains."www.immae.eu" = null;
17
18 services.myPhpfpm.poolConfigs.immae = '' 16 services.myPhpfpm.poolConfigs.immae = ''
19 listen = /run/phpfpm/immae.sock 17 listen = /run/phpfpm/immae.sock
20 user = wwwrun 18 user = wwwrun
@@ -31,6 +29,7 @@ in {
31 services.websites.production.modules = [ "proxy_fcgi" ]; 29 services.websites.production.modules = [ "proxy_fcgi" ];
32 services.websites.production.vhostConfs.immae = { 30 services.websites.production.vhostConfs.immae = {
33 certName = "eldiron"; 31 certName = "eldiron";
32 addToCerts = true;
34 hosts = [ "www.immae.eu" ]; 33 hosts = [ "www.immae.eu" ];
35 root = varDir; 34 root = varDir;
36 extraConfig = [ 35 extraConfig = [
@@ -56,10 +55,9 @@ in {
56 ]; 55 ];
57 }; 56 };
58 57
59 security.acme.certs."eldiron".extraDomains."bouya.org" = null;
60 security.acme.certs."eldiron".extraDomains."www.bouya.org" = null;
61 services.websites.production.vhostConfs.bouya = { 58 services.websites.production.vhostConfs.bouya = {
62 certName = "eldiron"; 59 certName = "eldiron";
60 addToCerts = true;
63 hosts = [ "bouya.org" "www.bouya.org" ]; 61 hosts = [ "bouya.org" "www.bouya.org" ];
64 root = null; 62 root = null;
65 extraConfig = [ '' 63 extraConfig = [ ''
diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix
index a340644..d00c42d 100644
--- a/nixops/modules/websites/ftp/jerome.nix
+++ b/nixops/modules/websites/ftp/jerome.nix
@@ -15,9 +15,6 @@ in {
15 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; 15 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
16 16
17 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; 17 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
18 security.acme.certs."naturaloutil" = config.services.myCertificates.certConfig // {
19 domain = "naturaloutil.immae.eu";
20 };
21 18
22 secrets.keys = [{ 19 secrets.keys = [{
23 dest = "webapps/prod-naturaloutil"; 20 dest = "webapps/prod-naturaloutil";
@@ -60,10 +57,11 @@ in {
60 ''; 57 '';
61 services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; 58 services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ];
62 services.websites.production.vhostConfs.naturaloutil = { 59 services.websites.production.vhostConfs.naturaloutil = {
63 certName = "naturaloutil"; 60 certName = "naturaloutil";
64 hosts = ["naturaloutil.immae.eu" ]; 61 certMainHost = "naturaloutil.immae.eu";
65 root = varDir; 62 hosts = ["naturaloutil.immae.eu" ];
66 extraConfig = [ 63 root = varDir;
64 extraConfig = [
67 adminer.apache.vhostConf 65 adminer.apache.vhostConf
68 '' 66 ''
69 Use Stats naturaloutil.immae.eu 67 Use Stats naturaloutil.immae.eu
diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix
index 5185372..14bfa20 100644
--- a/nixops/modules/websites/ftp/leila.nix
+++ b/nixops/modules/websites/ftp/leila.nix
@@ -10,15 +10,6 @@ in {
10 }; 10 };
11 11
12 config = (lib.mkIf cfg.production.enable { 12 config = (lib.mkIf cfg.production.enable {
13 security.acme.certs."leila" = config.services.myCertificates.certConfig // {
14 domain = "leila.bouya.org";
15 extraDomains = {
16 "chorale.leila.bouya.org" = null;
17 "chorale-vocanta.fr.nf" = null;
18 "www.chorale-vocanta.fr.nf" = null;
19 };
20 };
21
22 services.myPhpfpm.poolConfigs.leila = '' 13 services.myPhpfpm.poolConfigs.leila = ''
23 listen = /run/phpfpm/leila.sock 14 listen = /run/phpfpm/leila.sock
24 user = wwwrun 15 user = wwwrun
@@ -41,6 +32,7 @@ in {
41 services.websites.production.modules = [ "proxy_fcgi" ]; 32 services.websites.production.modules = [ "proxy_fcgi" ];
42 services.websites.production.vhostConfs.leila_chorale = { 33 services.websites.production.vhostConfs.leila_chorale = {
43 certName = "leila"; 34 certName = "leila";
35 addToCerts = true;
44 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; 36 hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ];
45 root = "${varDir}/Chorale"; 37 root = "${varDir}/Chorale";
46 extraConfig = [ 38 extraConfig = [
@@ -62,10 +54,11 @@ in {
62 ]; 54 ];
63 }; 55 };
64 services.websites.production.vhostConfs.leila = { 56 services.websites.production.vhostConfs.leila = {
65 certName = "leila"; 57 certName = "leila";
66 hosts = [ "leila.bouya.org" ]; 58 certMainHost = "leila.bouya.org";
67 root = varDir; 59 hosts = [ "leila.bouya.org" ];
68 extraConfig = [ 60 root = varDir;
61 extraConfig = [
69 '' 62 ''
70 Use Stats leila.bouya.org 63 Use Stats leila.bouya.org
71 <Directory ${varDir}/Chorale> 64 <Directory ${varDir}/Chorale>
diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix
index 9ed8a80..3c982d3 100644
--- a/nixops/modules/websites/ftp/nassime.nix
+++ b/nixops/modules/websites/ftp/nassime.nix
@@ -14,15 +14,13 @@ in {
14 services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; 14 services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
15 15
16 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; 16 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null;
17 security.acme.certs."nassime" = config.services.myCertificates.certConfig // {
18 domain = "nassime.bouya.org";
19 };
20 17
21 services.websites.production.vhostConfs.nassime = { 18 services.websites.production.vhostConfs.nassime = {
22 certName = "nassime"; 19 certName = "nassime";
23 hosts = ["nassime.bouya.org" ]; 20 certMainHost = "nassime.bouya.org";
24 root = varDir; 21 hosts = ["nassime.bouya.org" ];
25 extraConfig = [ 22 root = varDir;
23 extraConfig = [
26 '' 24 ''
27 Use Stats nassime.bouya.org 25 Use Stats nassime.bouya.org
28 ServerAdmin ${env.server_admin} 26 ServerAdmin ${env.server_admin}
diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix
index cdbc1b0..c8d05ef 100644
--- a/nixops/modules/websites/ftp/papa.nix
+++ b/nixops/modules/websites/ftp/papa.nix
@@ -11,9 +11,6 @@ in {
11 11
12 config = lib.mkIf cfg.production.enable { 12 config = lib.mkIf cfg.production.enable {
13 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; 13 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
14 security.acme.certs."papa" = config.services.myCertificates.certConfig // {
15 domain = "surveillance.maison.bbc.bouya.org";
16 };
17 14
18 services.cron = { 15 services.cron = {
19 systemCronJobs = let 16 systemCronJobs = let
@@ -35,10 +32,11 @@ in {
35 }; 32 };
36 33
37 services.websites.production.vhostConfs.papa = { 34 services.websites.production.vhostConfs.papa = {
38 certName = "papa"; 35 certName = "papa";
39 hosts = [ "surveillance.maison.bbc.bouya.org" ]; 36 certMainHost = "surveillance.maison.bbc.bouya.org";
40 root = varDir; 37 hosts = [ "surveillance.maison.bbc.bouya.org" ];
41 extraConfig = [ 38 root = varDir;
39 extraConfig = [
42 '' 40 ''
43 Use Apaxy "${varDir}" "title .duplicity-ignore" 41 Use Apaxy "${varDir}" "title .duplicity-ignore"
44 <Directory ${varDir}> 42 <Directory ${varDir}>
diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix
index 2ddd8bc..db3487f 100644
--- a/nixops/modules/websites/ftp/release.nix
+++ b/nixops/modules/websites/ftp/release.nix
@@ -13,10 +13,9 @@ in {
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 services.webstats.sites = [ { name = "release.immae.eu"; } ]; 14 services.webstats.sites = [ { name = "release.immae.eu"; } ];
15 15
16 security.acme.certs."eldiron".extraDomains."release.immae.eu" = null;
17
18 services.websites.production.vhostConfs.release = { 16 services.websites.production.vhostConfs.release = {
19 certName = "eldiron"; 17 certName = "eldiron";
18 addToCerts = true;
20 hosts = [ "release.immae.eu" ]; 19 hosts = [ "release.immae.eu" ];
21 root = varDir; 20 root = varDir;
22 extraConfig = [ 21 extraConfig = [
diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix
index bdd80c0..86dfde3 100644
--- a/nixops/modules/websites/ftp/temp.nix
+++ b/nixops/modules/websites/ftp/temp.nix
@@ -11,11 +11,10 @@ in {
11 }; 11 };
12 12
13 config = lib.mkIf cfg.production.enable { 13 config = lib.mkIf cfg.production.enable {
14 security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null;
15
16 services.websites.production.modules = [ "headers" ]; 14 services.websites.production.modules = [ "headers" ];
17 services.websites.production.vhostConfs.temp = { 15 services.websites.production.vhostConfs.temp = {
18 certName = "eldiron"; 16 certName = "eldiron";
17 addToCerts = true;
19 hosts = [ "temp.immae.eu" ]; 18 hosts = [ "temp.immae.eu" ];
20 root = varDir; 19 root = varDir;
21 extraConfig = [ 20 extraConfig = [
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 22:17:29 +0000