diff options
Diffstat (limited to 'virtual/modules/websites.nix')
-rw-r--r-- | virtual/modules/websites.nix | 81 |
1 files changed, 73 insertions, 8 deletions
diff --git a/virtual/modules/websites.nix b/virtual/modules/websites.nix index 62f45d9..cbd7de0 100644 --- a/virtual/modules/websites.nix +++ b/virtual/modules/websites.nix | |||
@@ -1,6 +1,61 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | 1 | { lib, pkgs, config, mylibs, myconfig, ... }: |
2 | let | 2 | let |
3 | cfg = config.services.myWebsites; | 3 | cfg = config.services.myWebsites; |
4 | makeService = name: cfg: let | ||
5 | toVhost = vhostConf: { | ||
6 | enableSSL = true; | ||
7 | sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; | ||
8 | sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; | ||
9 | sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem"; | ||
10 | logFormat = "combinedVhost"; | ||
11 | listen = [ | ||
12 | { ip = cfg.ip; port = 443; } | ||
13 | ]; | ||
14 | hostName = builtins.head vhostConf.hosts; | ||
15 | serverAliases = builtins.tail vhostConf.hosts or []; | ||
16 | documentRoot = vhostConf.root; | ||
17 | extraConfig = builtins.concatStringsSep "\n" vhostConf.extraConfig; | ||
18 | }; | ||
19 | in rec { | ||
20 | enable = true; | ||
21 | listen = [ | ||
22 | { ip = cfg.ip; port = 443; } | ||
23 | ]; | ||
24 | stateDir = "/run/httpd_${name}"; | ||
25 | logPerVirtualHost = true; | ||
26 | multiProcessingModule = "worker"; | ||
27 | adminAddr = "httpd@immae.eu"; | ||
28 | logFormat = "combinedVhost"; | ||
29 | extraModules = pkgs.lib.lists.unique (pkgs.lib.lists.flatten cfg.modules); | ||
30 | extraConfig = builtins.concatStringsSep "\n" cfg.extraConfig; | ||
31 | virtualHosts = pkgs.lib.attrsets.mapAttrsToList (n: v: toVhost v) cfg.vhostConfs; | ||
32 | }; | ||
33 | makeServiceOptions = name: ip: { | ||
34 | enable = lib.mkEnableOption "enable websites in ${name}"; | ||
35 | ip = lib.mkOption { | ||
36 | type = lib.types.string; | ||
37 | default = ip; | ||
38 | description = "${name} ip to listen to"; | ||
39 | }; | ||
40 | modules = lib.mkOption { | ||
41 | type = lib.types.listOf (lib.types.str); | ||
42 | default = []; | ||
43 | }; | ||
44 | extraConfig = lib.mkOption { | ||
45 | type = lib.types.listOf (lib.types.lines); | ||
46 | default = []; | ||
47 | }; | ||
48 | vhostConfs = lib.mkOption { | ||
49 | type = lib.types.attrsOf (lib.types.submodule { | ||
50 | options = { | ||
51 | certName = lib.mkOption { type = lib.types.string; }; | ||
52 | hosts = lib.mkOption { type = lib.types.listOf lib.types.string; }; | ||
53 | root = lib.mkOption { type = lib.types.nullOr lib.types.path; }; | ||
54 | extraConfig = lib.mkOption { type = lib.types.listOf lib.types.lines; default = []; }; | ||
55 | }; | ||
56 | }); | ||
57 | }; | ||
58 | }; | ||
4 | in | 59 | in |
5 | { | 60 | { |
6 | imports = [ | 61 | imports = [ |
@@ -9,16 +64,16 @@ in | |||
9 | ./websites/aten.nix | 64 | ./websites/aten.nix |
10 | ./websites/piedsjaloux.nix | 65 | ./websites/piedsjaloux.nix |
11 | ./websites/connexionswing.nix | 66 | ./websites/connexionswing.nix |
67 | # built using: | ||
68 | # sed -e "s/services\.httpd/services\.httpdProd/g" .nix-defexpr/channels/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix | ||
69 | # And removed users / groups | ||
70 | ./websites/apache/httpd_prod.nix | ||
71 | ./websites/apache/httpd_inte.nix | ||
12 | ]; | 72 | ]; |
13 | 73 | ||
14 | options.services.myWebsites = { | 74 | options.services.myWebsites = { |
15 | production = { | 75 | production = makeServiceOptions "production" myconfig.ips.production; |
16 | enable = lib.mkEnableOption "enable websites in production"; | 76 | integration = makeServiceOptions "integration" myconfig.ips.integration; |
17 | }; | ||
18 | |||
19 | integration = { | ||
20 | enable = lib.mkEnableOption "enable websites in integration"; | ||
21 | }; | ||
22 | 77 | ||
23 | apacheConfig = lib.mkOption { | 78 | apacheConfig = lib.mkOption { |
24 | type = lib.types.attrsOf (lib.types.submodule { | 79 | type = lib.types.attrsOf (lib.types.submodule { |
@@ -111,5 +166,15 @@ in | |||
111 | ''; | 166 | ''; |
112 | }; | 167 | }; |
113 | }; | 168 | }; |
169 | |||
170 | # FIXME: logrotate | ||
171 | # FIXME: ipv6 | ||
172 | services.httpdProd = makeService "production" config.services.myWebsites.production; | ||
173 | services.myWebsites.production.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); | ||
174 | services.myWebsites.production.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); | ||
175 | |||
176 | services.httpdInte = makeService "integration" config.services.myWebsites.integration; | ||
177 | services.myWebsites.integration.modules = pkgs.lib.lists.flatten (pkgs.lib.attrsets.mapAttrsToList (n: v: v.modules or []) cfg.apacheConfig); | ||
178 | services.myWebsites.integration.extraConfig = (builtins.filter (x: x != null) (pkgs.lib.attrsets.mapAttrsToList (n: v: v.extraConfig or null) cfg.apacheConfig)); | ||
114 | }; | 179 | }; |
115 | } | 180 | } |