diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-12 10:24:15 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-12 10:24:15 +0100 |
| commit | 950ca5ee979ae2467f3471216140de2c1d572f4b (patch) | |
| tree | 5fa7210645008d7fb03a0a5081066949bdfe35ad /virtual/modules/websites/default.nix | |
| parent | 912921a74c8c67663048de66c6d11e1ae63dc10e (diff) | |
| download | Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.tar.gz Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.tar.zst Nix-950ca5ee979ae2467f3471216140de2c1d572f4b.zip | |
Move httpd service to module
Diffstat (limited to 'virtual/modules/websites/default.nix')
| -rw-r--r-- | virtual/modules/websites/default.nix | 90 |
1 files changed, 89 insertions, 1 deletions
diff --git a/virtual/modules/websites/default.nix b/virtual/modules/websites/default.nix index a9e62a5..b027b81 100644 --- a/virtual/modules/websites/default.nix +++ b/virtual/modules/websites/default.nix | |||
| @@ -1,5 +1,8 @@ | |||
| 1 | { lib, pkgs, config, mylibs, myconfig, ... }: | 1 | { lib, pkgs, config, mylibs, myconfig, ... }: |
| 2 | let | 2 | let |
| 3 | mypkgs = pkgs.callPackage ../../packages.nix { | ||
| 4 | inherit (mylibs) checkEnv fetchedGit fetchedGithub; | ||
| 5 | }; | ||
| 3 | cfg = config.services.myWebsites; | 6 | cfg = config.services.myWebsites; |
| 4 | makeService = name: cfg: let | 7 | makeService = name: cfg: let |
| 5 | toVhost = vhostConf: { | 8 | toVhost = vhostConf: { |
| @@ -16,6 +19,28 @@ let | |||
| 16 | documentRoot = vhostConf.root; | 19 | documentRoot = vhostConf.root; |
| 17 | extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; | 20 | extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; |
| 18 | }; | 21 | }; |
| 22 | redirectVhost = { # Should go last, catchall http -> https redirect | ||
| 23 | listen = [ { ip = cfg.ip; port = 80; } ]; | ||
| 24 | hostName = "redirectSSL"; | ||
| 25 | serverAliases = [ "*" ]; | ||
| 26 | enableSSL = false; | ||
| 27 | logFormat = "combinedVhost"; | ||
| 28 | documentRoot = "/var/lib/acme/acme-challenge"; | ||
| 29 | extraConfig = '' | ||
| 30 | RewriteEngine on | ||
| 31 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | ||
| 32 | RewriteRule ^(.+) https://%{HTTP_HOST}$1 [R=301] | ||
| 33 | # To redirect in specific "VirtualHost *:80", do | ||
| 34 | # RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://host/$1 | ||
| 35 | # rather than rewrite | ||
| 36 | ''; | ||
| 37 | }; | ||
| 38 | fallbackVhost = toVhost { # Should go first, default choice | ||
| 39 | certName = "eldiron"; | ||
| 40 | hosts = ["eldiron.immae.eu" ]; | ||
| 41 | root = ../../www; | ||
| 42 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
| 43 | }; | ||
| 19 | in rec { | 44 | in rec { |
| 20 | enable = true; | 45 | enable = true; |
| 21 | listen = [ | 46 | listen = [ |
| @@ -28,7 +53,9 @@ let | |||
| 28 | logFormat = "combinedVhost"; | 53 | logFormat = "combinedVhost"; |
| 29 | extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); | 54 | extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); |
| 30 | extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; | 55 | extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; |
| 31 | virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs; | 56 | virtualHosts = [ fallbackVhost ] |
| 57 | ++ (pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs) | ||
| 58 | ++ [ redirectVhost ]; | ||
| 32 | }; | 59 | }; |
| 33 | makeServiceOptions = name: ip: { | 60 | makeServiceOptions = name: ip: { |
| 34 | enable = lib.mkEnableOption "enable websites in ${name}"; | 61 | enable = lib.mkEnableOption "enable websites in ${name}"; |
| @@ -74,6 +101,7 @@ in | |||
| 74 | options.services.myWebsites = { | 101 | options.services.myWebsites = { |
| 75 | production = makeServiceOptions "production" myconfig.ips.production; | 102 | production = makeServiceOptions "production" myconfig.ips.production; |
| 76 | integration = makeServiceOptions "integration" myconfig.ips.integration; | 103 | integration = makeServiceOptions "integration" myconfig.ips.integration; |
| 104 | tools = makeServiceOptions "tools" myconfig.ips.main; | ||
| 77 | 105 | ||
| 78 | apacheConfig = lib.mkOption { | 106 | apacheConfig = lib.mkOption { |
| 79 | type = lib.types.attrsOf (lib.types.submodule { | 107 | type = lib.types.attrsOf (lib.types.submodule { |
| @@ -208,5 +236,65 @@ in | |||
| 208 | services.httpdInte = makeService "integration" config.services.myWebsites.integration; | 236 | services.httpdInte = makeService "integration" config.services.myWebsites.integration; |
| 209 | services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); | 237 | services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); |
| 210 | services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); | 238 | services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); |
| 239 | |||
| 240 | services.httpd = makeService "tools" config.services.myWebsites.tools; | ||
| 241 | services.myWebsites.tools.modules = | ||
| 242 | mypkgs.adminer.apache.modules ++ | ||
| 243 | mypkgs.nextcloud.apache.modules ++ | ||
| 244 | mypkgs.ympd.apache.modules ++ | ||
| 245 | mypkgs.mantisbt.apache.modules ++ | ||
| 246 | mypkgs.ttrss.apache.modules ++ | ||
| 247 | mypkgs.roundcubemail.apache.modules ++ | ||
| 248 | pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); | ||
| 249 | services.myWebsites.tools.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); | ||
| 250 | # FIXME: move them all to separate modules | ||
| 251 | services.myWebsites.tools.vhostConfs.eldiron = { | ||
| 252 | certName = "eldiron"; | ||
| 253 | hosts = ["eldiron.immae.eu" ]; | ||
| 254 | root = ../../www; | ||
| 255 | extraConfig = [ "DirectoryIndex index.htm" ]; | ||
| 256 | }; | ||
| 257 | services.myWebsites.tools.vhostConfs.db-1 = { | ||
| 258 | certName = "eldiron"; | ||
| 259 | hosts = ["db-1.immae.eu" ]; | ||
| 260 | root = null; | ||
| 261 | extraConfig = [ mypkgs.adminer.apache.vhostConf ]; | ||
| 262 | }; | ||
| 263 | services.myWebsites.tools.vhostConfs.tools = { | ||
| 264 | certName = "eldiron"; | ||
| 265 | hosts = ["tools.immae.eu" ]; | ||
| 266 | root = null; | ||
| 267 | extraConfig = [ | ||
| 268 | mypkgs.adminer.apache.vhostConf | ||
| 269 | mypkgs.ympd.apache.vhostConf | ||
| 270 | mypkgs.ttrss.apache.vhostConf | ||
| 271 | mypkgs.roundcubemail.apache.vhostConf | ||
| 272 | ]; | ||
| 273 | }; | ||
| 274 | services.myWebsites.tools.vhostConfs.dav = { | ||
| 275 | certName = "eldiron"; | ||
| 276 | hosts = ["dav.immae.eu" ]; | ||
| 277 | root = null; | ||
| 278 | extraConfig = [ | ||
| 279 | mypkgs.infcloud.apache.vhostConf | ||
| 280 | mypkgs.davical.apache.vhostConf | ||
| 281 | ]; | ||
| 282 | }; | ||
| 283 | services.myWebsites.tools.vhostConfs.cloud = { | ||
| 284 | certName = "eldiron"; | ||
| 285 | hosts = ["cloud.immae.eu" ]; | ||
| 286 | root = mypkgs.nextcloud.webRoot; | ||
| 287 | extraConfig = [ | ||
| 288 | mypkgs.nextcloud.apache.vhostConf | ||
| 289 | ]; | ||
| 290 | }; | ||
| 291 | services.myWebsites.tools.vhostConfs.git.extraConfig = [ | ||
| 292 | mypkgs.mantisbt.apache.vhostConf | ||
| 293 | '' | ||
| 294 | RewriteEngine on | ||
| 295 | RewriteCond %{REQUEST_URI} ^/releases | ||
| 296 | RewriteRule /releases(.*) https://release.immae.eu$1 [P,L] | ||
| 297 | '' | ||
| 298 | ]; | ||
| 211 | }; | 299 | }; |
| 212 | } | 300 | } |