Start moving websites to their own modules: certificates

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-10 00:40:53 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-10 00:40:53 +0100
commit: 3013caf18db83d43a1703b1a74cb484f70bab3a8 (patch)
tree: 1bd0a2ee04a906149b0d9a6653c663164a3a42b6 /virtual
parent: 4d4f13f4a8e7df6480da895d80d487c891441745 (diff)
download: Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.gz
Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.zst
Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.zip
7 files changed, 192 insertions, 89 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index acd2cbd..5dafe6e 100644
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -17,13 +17,29 @@
    };
    imports = [
+      ./modules/certificates.nix
      ./modules/gitolite.nix
      ./modules/gitweb.nix
      ./modules/databases.nix
+      ./modules/websites/chloe.nix
+      ./modules/websites/ludivine.nix
+      ./modules/websites/aten.nix
+      ./modules/websites/piedsjaloux.nix
+      ./modules/websites/connexionswing.nix
    ];
    services.myGitolite.enable = true;
    services.myGitweb.enable = true;
    services.myDatabases.enable = true;
+    services.myWebsites.Chloe.production.enable = true;
+    services.myWebsites.Chloe.integration.enable = true;
+    services.myWebsites.Ludivine.production.enable = true;
+    services.myWebsites.Ludivine.integration.enable = true;
+    services.myWebsites.Aten.production.enable = true;
+    services.myWebsites.Aten.integration.enable = true;
+    services.myWebsites.PiedsJaloux.production.enable = true;
+    services.myWebsites.PiedsJaloux.integration.enable = true;
+    services.myWebsites.Connexionswing.production.enable = true;
+    services.myWebsites.Connexionswing.integration.enable = true;
    nixpkgs.config.packageOverrides = oldpkgs: rec {
      goaccess = oldpkgs.goaccess.overrideAttrs(old: rec {
@@ -84,95 +100,11 @@
      occ
    ];
-    # FIXME: doesn't work with httpd?
+    security.acme.certs."eldiron".extraDomains = {
-    security.acme.preliminarySelfsigned = true;
+      "db-1.immae.eu" = null;
-    security.acme.certs = {
+      "tools.immae.eu" = null;
-      # FIXME: /!\ To create a new certificate, create it before using
+      "cloud.immae.eu" = null;
-      # it in httpd
+      "dav.immae.eu" = null;
-      "eldiron" = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        domain = "eldiron.immae.eu";
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
-        postRun = ''
-          systemctl reload httpd.service
-        '';
-        allowKeysForGroup = true;
-        extraDomains = {
-          "db-1.immae.eu" = null;
-          "tools.immae.eu" = null;
-          "connexionswing.immae.eu" = null;
-          "sandetludo.immae.eu" = null;
-          "cloud.immae.eu" = null;
-          "ludivine.immae.eu" = null;
-          "dev.aten.pro" = null;
-          "piedsjaloux.immae.eu" = null;
-          "chloe.immae.eu" = null;
-          "dav.immae.eu" = null;
-        };
-      };
-      "ludivinecassal" = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        domain = "ludivinecassal.com";
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
-        postRun = ''
-          systemctl reload httpd.service
-        '';
-        extraDomains = {
-          "www.ludivinecassal.com" = null;
-        };
-      };
-      "aten" = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        domain = "aten.pro";
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
-        postRun = ''
-          systemctl reload httpd.service
-        '';
-        extraDomains = {
-          "www.aten.pro" = null;
-        };
-      };
-      "piedsjaloux" = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        domain = "piedsjaloux.fr";
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
-        postRun = ''
-          systemctl reload httpd.service
-        '';
-        extraDomains = {
-          "www.piedsjaloux.fr" = null;
-        };
-      };
-      "chloe" = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        domain = "osteopathe-cc.fr";
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
-        postRun = ''
-          systemctl reload httpd.service
-        '';
-        extraDomains = {
-          "www.osteopathe-cc.fr" = null;
-        };
-      };
-      "connexionswing" = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        domain = "connexionswing.com";
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
-        postRun = ''
-          systemctl reload httpd.service
-        '';
-        extraDomains = {
-          "www.connexionswing.com" = null;
-          "sandetludo.com" = null;
-          "www.sandetludo.com" = null;
-        };
-      };
    };
    services.openssh.extraConfig = ''
diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix
new file mode 100644
index 0000000..a9d6d99
--- /dev/null
+++ b/virtual/modules/certificates.nix
@@ -0,0 +1,30 @@
+{ lib, pkgs, config, mylibs, ... }:
+{
+  options.services.myCertificates = {
+    certConfig = lib.mkOption {
+      default = {
+        webroot = "/var/lib/acme/acme-challenge";
+        email = "ismael@bouya.org";
+        postRun = ''
+          systemctl reload httpd.service
+        '';
+        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+      };
+      description = "Default configuration for certificates";
+    };
+  };
+  config = {
+    # FIXME: doesn't work with httpd?
+    security.acme.preliminarySelfsigned = true;
+    security.acme.certs = {
+      # FIXME: /!\ To create a new certificate, create it before using
+      # it in httpd
+      "eldiron" = config.services.myCertificates.certConfig // {
+        domain = "eldiron.immae.eu";
+        allowKeysForGroup = true;
+      };
+    };
+  };
+}
diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten.nix
new file mode 100644
index 0000000..7567289
--- /dev/null
+++ b/virtual/modules/websites/aten.nix
@@ -0,0 +1,28 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Aten;
+in {
+  options.services.myWebsites.Aten = {
+    production = {
+      enable = lib.mkEnableOption "enable Aten's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Aten's website in integration";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."aten" = config.services.myCertificates.certConfig // {
+        domain = "aten.pro";
+        extraDomains = {
+          "www.aten.pro" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
+    })
+  ];
+}
diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe.nix
new file mode 100644
index 0000000..2c0c65d
--- /dev/null
+++ b/virtual/modules/websites/chloe.nix
@@ -0,0 +1,27 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Chloe;
+in {
+  options.services.myWebsites.Chloe = {
+    production = {
+      enable = lib.mkEnableOption "enable Chloe's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Chloe's website in integration";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."chloe" = config.services.myCertificates.certConfig // {
+        domain = "osteopathe-cc.fr";
+        extraDomains = {
+          "www.osteopathe-cc.fr" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
+    })
+  ];
+}
diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing.nix
new file mode 100644
index 0000000..ed6799f
--- /dev/null
+++ b/virtual/modules/websites/connexionswing.nix
@@ -0,0 +1,31 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Connexionswing;
+in {
+  options.services.myWebsites.Connexionswing = {
+    production = {
+      enable = lib.mkEnableOption "enable Connexionswing's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Connexionswing's website in integration";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
+        domain = "connexionswing.com";
+        extraDomains = {
+          "www.connexionswing.com" = null;
+          "sandetludo.com" = null;
+          "www.sandetludo.com" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
+      security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
+    })
+  ];
+}
diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine.nix
new file mode 100644
index 0000000..5729c09
--- /dev/null
+++ b/virtual/modules/websites/ludivine.nix
@@ -0,0 +1,27 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Ludivine;
+in {
+  options.services.myWebsites.Ludivine = {
+    production = {
+      enable = lib.mkEnableOption "enable Ludivine's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Ludivine's website in integration";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // {
+        domain = "ludivinecassal.com";
+        extraDomains = {
+          "www.ludivinecassal.com" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
+    })
+  ];
+}
diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux.nix
new file mode 100644
index 0000000..849df63
--- /dev/null
+++ b/virtual/modules/websites/piedsjaloux.nix
@@ -0,0 +1,28 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.PiedsJaloux;
+in {
+  options.services.myWebsites.PiedsJaloux = {
+    production = {
+      enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // {
+        domain = "piedsjaloux.fr";
+        extraDomains = {
+          "www.piedsjaloux.fr" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
+    })
+  ];
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-10 00:40:53 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-10 00:40:53 +0100
commit	3013caf18db83d43a1703b1a74cb484f70bab3a8 (patch)
tree	1bd0a2ee04a906149b0d9a6653c663164a3a42b6 /virtual
parent	4d4f13f4a8e7df6480da895d80d487c891441745 (diff)
download	Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.gz Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.zst Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.zip

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index acd2cbd..5dafe6e 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix
@@ -17,13 +17,29 @@
17	};	17	};
18		18
19	imports = [	19	imports = [
		20	./modules/certificates.nix
20	./modules/gitolite.nix	21	./modules/gitolite.nix
21	./modules/gitweb.nix	22	./modules/gitweb.nix
22	./modules/databases.nix	23	./modules/databases.nix
		24	./modules/websites/chloe.nix
		25	./modules/websites/ludivine.nix
		26	./modules/websites/aten.nix
		27	./modules/websites/piedsjaloux.nix
		28	./modules/websites/connexionswing.nix
23	];	29	];
24	services.myGitolite.enable = true;	30	services.myGitolite.enable = true;
25	services.myGitweb.enable = true;	31	services.myGitweb.enable = true;
26	services.myDatabases.enable = true;	32	services.myDatabases.enable = true;
		33	services.myWebsites.Chloe.production.enable = true;
		34	services.myWebsites.Chloe.integration.enable = true;
		35	services.myWebsites.Ludivine.production.enable = true;
		36	services.myWebsites.Ludivine.integration.enable = true;
		37	services.myWebsites.Aten.production.enable = true;
		38	services.myWebsites.Aten.integration.enable = true;
		39	services.myWebsites.PiedsJaloux.production.enable = true;
		40	services.myWebsites.PiedsJaloux.integration.enable = true;
		41	services.myWebsites.Connexionswing.production.enable = true;
		42	services.myWebsites.Connexionswing.integration.enable = true;
27		43
28	nixpkgs.config.packageOverrides = oldpkgs: rec {	44	nixpkgs.config.packageOverrides = oldpkgs: rec {
29	goaccess = oldpkgs.goaccess.overrideAttrs(old: rec {	45	goaccess = oldpkgs.goaccess.overrideAttrs(old: rec {
@@ -84,95 +100,11 @@
84	occ	100	occ
85	];	101	];
86		102
87	# FIXME: doesn't work with httpd?	103	security.acme.certs."eldiron".extraDomains = {
88	security.acme.preliminarySelfsigned = true;	104	"db-1.immae.eu" = null;
89	security.acme.certs = {	105	"tools.immae.eu" = null;
90	# FIXME: /!\ To create a new certificate, create it before using	106	"cloud.immae.eu" = null;
91	# it in httpd	107	"dav.immae.eu" = null;
92	"eldiron" = {
93	webroot = "/var/lib/acme/acme-challenge";
94	email = "ismael@bouya.org";
95	domain = "eldiron.immae.eu";
96	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
97	postRun = ''
98	systemctl reload httpd.service
99	'';
100	allowKeysForGroup = true;
101	extraDomains = {
102	"db-1.immae.eu" = null;
103	"tools.immae.eu" = null;
104	"connexionswing.immae.eu" = null;
105	"sandetludo.immae.eu" = null;
106	"cloud.immae.eu" = null;
107	"ludivine.immae.eu" = null;
108	"dev.aten.pro" = null;
109	"piedsjaloux.immae.eu" = null;
110	"chloe.immae.eu" = null;
111	"dav.immae.eu" = null;
112	};
113	};
114	"ludivinecassal" = {
115	webroot = "/var/lib/acme/acme-challenge";
116	email = "ismael@bouya.org";
117	domain = "ludivinecassal.com";
118	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
119	postRun = ''
120	systemctl reload httpd.service
121	'';
122	extraDomains = {
123	"www.ludivinecassal.com" = null;
124	};
125	};
126	"aten" = {
127	webroot = "/var/lib/acme/acme-challenge";
128	email = "ismael@bouya.org";
129	domain = "aten.pro";
130	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
131	postRun = ''
132	systemctl reload httpd.service
133	'';
134	extraDomains = {
135	"www.aten.pro" = null;
136	};
137	};
138	"piedsjaloux" = {
139	webroot = "/var/lib/acme/acme-challenge";
140	email = "ismael@bouya.org";
141	domain = "piedsjaloux.fr";
142	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
143	postRun = ''
144	systemctl reload httpd.service
145	'';
146	extraDomains = {
147	"www.piedsjaloux.fr" = null;
148	};
149	};
150	"chloe" = {
151	webroot = "/var/lib/acme/acme-challenge";
152	email = "ismael@bouya.org";
153	domain = "osteopathe-cc.fr";
154	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
155	postRun = ''
156	systemctl reload httpd.service
157	'';
158	extraDomains = {
159	"www.osteopathe-cc.fr" = null;
160	};
161	};
162	"connexionswing" = {
163	webroot = "/var/lib/acme/acme-challenge";
164	email = "ismael@bouya.org";
165	domain = "connexionswing.com";
166	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
167	postRun = ''
168	systemctl reload httpd.service
169	'';
170	extraDomains = {
171	"www.connexionswing.com" = null;
172	"sandetludo.com" = null;
173	"www.sandetludo.com" = null;
174	};
175	};
176	};	108	};
177		109
178	services.openssh.extraConfig = ''	110	services.openssh.extraConfig = ''


diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix new file mode 100644 index 0000000..a9d6d99 --- /dev/null +++ b/virtual/modules/certificates.nix
@@ -0,0 +1,30 @@
		1	{ lib, pkgs, config, mylibs, ... }:
		2	{
		3	options.services.myCertificates = {
		4	certConfig = lib.mkOption {
		5	default = {
		6	webroot = "/var/lib/acme/acme-challenge";
		7	email = "ismael@bouya.org";
		8	postRun = ''
		9	systemctl reload httpd.service
		10	'';
		11	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
		12	};
		13	description = "Default configuration for certificates";
		14	};
		15	};
		16
		17	config = {
		18	# FIXME: doesn't work with httpd?
		19	security.acme.preliminarySelfsigned = true;
		20
		21	security.acme.certs = {
		22	# FIXME: /!\ To create a new certificate, create it before using
		23	# it in httpd
		24	"eldiron" = config.services.myCertificates.certConfig // {
		25	domain = "eldiron.immae.eu";
		26	allowKeysForGroup = true;
		27	};
		28	};
		29	};
		30	}


diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten.nix new file mode 100644 index 0000000..7567289 --- /dev/null +++ b/virtual/modules/websites/aten.nix
@@ -0,0 +1,28 @@
		1	{ lib, pkgs, config, mylibs, ... }:
		2	let
		3	cfg = config.services.myWebsites.Aten;
		4	in {
		5	options.services.myWebsites.Aten = {
		6	production = {
		7	enable = lib.mkEnableOption "enable Aten's website in production";
		8	};
		9	integration = {
		10	enable = lib.mkEnableOption "enable Aten's website in integration";
		11	};
		12	};
		13
		14	config = lib.mkMerge [
		15	(lib.mkIf cfg.production.enable {
		16	security.acme.certs."aten" = config.services.myCertificates.certConfig // {
		17	domain = "aten.pro";
		18	extraDomains = {
		19	"www.aten.pro" = null;
		20	};
		21	};
		22	})
		23	(lib.mkIf cfg.integration.enable {
		24	security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
		25	})
		26	];
		27	}
		28


diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe.nix new file mode 100644 index 0000000..2c0c65d --- /dev/null +++ b/virtual/modules/websites/chloe.nix
@@ -0,0 +1,27 @@
		1	{ lib, pkgs, config, mylibs, ... }:
		2	let
		3	cfg = config.services.myWebsites.Chloe;
		4	in {
		5	options.services.myWebsites.Chloe = {
		6	production = {
		7	enable = lib.mkEnableOption "enable Chloe's website in production";
		8	};
		9	integration = {
		10	enable = lib.mkEnableOption "enable Chloe's website in integration";
		11	};
		12	};
		13
		14	config = lib.mkMerge [
		15	(lib.mkIf cfg.production.enable {
		16	security.acme.certs."chloe" = config.services.myCertificates.certConfig // {
		17	domain = "osteopathe-cc.fr";
		18	extraDomains = {
		19	"www.osteopathe-cc.fr" = null;
		20	};
		21	};
		22	})
		23	(lib.mkIf cfg.integration.enable {
		24	security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
		25	})
		26	];
		27	}


diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing.nix new file mode 100644 index 0000000..ed6799f --- /dev/null +++ b/virtual/modules/websites/connexionswing.nix
@@ -0,0 +1,31 @@
		1	{ lib, pkgs, config, mylibs, ... }:
		2	let
		3	cfg = config.services.myWebsites.Connexionswing;
		4	in {
		5	options.services.myWebsites.Connexionswing = {
		6	production = {
		7	enable = lib.mkEnableOption "enable Connexionswing's website in production";
		8	};
		9	integration = {
		10	enable = lib.mkEnableOption "enable Connexionswing's website in integration";
		11	};
		12	};
		13
		14	config = lib.mkMerge [
		15	(lib.mkIf cfg.production.enable {
		16	security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
		17	domain = "connexionswing.com";
		18	extraDomains = {
		19	"www.connexionswing.com" = null;
		20	"sandetludo.com" = null;
		21	"www.sandetludo.com" = null;
		22	};
		23	};
		24	})
		25	(lib.mkIf cfg.integration.enable {
		26	security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
		27	security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
		28	})
		29	];
		30	}
		31


diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine.nix new file mode 100644 index 0000000..5729c09 --- /dev/null +++ b/virtual/modules/websites/ludivine.nix
@@ -0,0 +1,27 @@
		1	{ lib, pkgs, config, mylibs, ... }:
		2	let
		3	cfg = config.services.myWebsites.Ludivine;
		4	in {
		5	options.services.myWebsites.Ludivine = {
		6	production = {
		7	enable = lib.mkEnableOption "enable Ludivine's website in production";
		8	};
		9	integration = {
		10	enable = lib.mkEnableOption "enable Ludivine's website in integration";
		11	};
		12	};
		13
		14	config = lib.mkMerge [
		15	(lib.mkIf cfg.production.enable {
		16	security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // {
		17	domain = "ludivinecassal.com";
		18	extraDomains = {
		19	"www.ludivinecassal.com" = null;
		20	};
		21	};
		22	})
		23	(lib.mkIf cfg.integration.enable {
		24	security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
		25	})
		26	];
		27	}


diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux.nix new file mode 100644 index 0000000..849df63 --- /dev/null +++ b/virtual/modules/websites/piedsjaloux.nix
@@ -0,0 +1,28 @@
		1	{ lib, pkgs, config, mylibs, ... }:
		2	let
		3	cfg = config.services.myWebsites.PiedsJaloux;
		4	in {
		5	options.services.myWebsites.PiedsJaloux = {
		6	production = {
		7	enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
		8	};
		9	integration = {
		10	enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
		11	};
		12	};
		13
		14	config = lib.mkMerge [
		15	(lib.mkIf cfg.production.enable {
		16	security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // {
		17	domain = "piedsjaloux.fr";
		18	extraDomains = {
		19	"www.piedsjaloux.fr" = null;
		20	};
		21	};
		22	})
		23	(lib.mkIf cfg.integration.enable {
		24	security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
		25	})
		26	];
		27	}
		28