From 3013caf18db83d43a1703b1a74cb484f70bab3a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 10 Jan 2019 00:40:53 +0100
Subject: Start moving websites to their own modules: certificates

---
 virtual/modules/certificates.nix            | 30 ++++++++++++++++++++++++++++
 virtual/modules/websites/aten.nix           | 28 ++++++++++++++++++++++++++
 virtual/modules/websites/chloe.nix          | 27 +++++++++++++++++++++++++
 virtual/modules/websites/connexionswing.nix | 31 +++++++++++++++++++++++++++++
 virtual/modules/websites/ludivine.nix       | 27 +++++++++++++++++++++++++
 virtual/modules/websites/piedsjaloux.nix    | 28 ++++++++++++++++++++++++++
 6 files changed, 171 insertions(+)
 create mode 100644 virtual/modules/certificates.nix
 create mode 100644 virtual/modules/websites/aten.nix
 create mode 100644 virtual/modules/websites/chloe.nix
 create mode 100644 virtual/modules/websites/connexionswing.nix
 create mode 100644 virtual/modules/websites/ludivine.nix
 create mode 100644 virtual/modules/websites/piedsjaloux.nix

(limited to 'virtual/modules')

diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix
new file mode 100644
index 0000000..a9d6d99
--- /dev/null
+++ b/virtual/modules/certificates.nix
@@ -0,0 +1,30 @@
+{ lib, pkgs, config, mylibs, ... }:
+{
+  options.services.myCertificates = {
+    certConfig = lib.mkOption {
+      default = {
+        webroot = "/var/lib/acme/acme-challenge";
+        email = "ismael@bouya.org";
+        postRun = ''
+          systemctl reload httpd.service
+        '';
+        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+      };
+      description = "Default configuration for certificates";
+    };
+  };
+
+  config = {
+    # FIXME: doesn't work with httpd?
+    security.acme.preliminarySelfsigned = true;
+
+    security.acme.certs = {
+      # FIXME: /!\ To create a new certificate, create it before using
+      # it in httpd
+      "eldiron" = config.services.myCertificates.certConfig // {
+        domain = "eldiron.immae.eu";
+        allowKeysForGroup = true;
+      };
+    };
+  };
+}
diff --git a/virtual/modules/websites/aten.nix b/virtual/modules/websites/aten.nix
new file mode 100644
index 0000000..7567289
--- /dev/null
+++ b/virtual/modules/websites/aten.nix
@@ -0,0 +1,28 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Aten;
+in {
+  options.services.myWebsites.Aten = {
+    production = {
+      enable = lib.mkEnableOption "enable Aten's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Aten's website in integration";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."aten" = config.services.myCertificates.certConfig // {
+        domain = "aten.pro";
+        extraDomains = {
+          "www.aten.pro" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."dev.aten.pro" = null;
+    })
+  ];
+}
+
diff --git a/virtual/modules/websites/chloe.nix b/virtual/modules/websites/chloe.nix
new file mode 100644
index 0000000..2c0c65d
--- /dev/null
+++ b/virtual/modules/websites/chloe.nix
@@ -0,0 +1,27 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Chloe;
+in {
+  options.services.myWebsites.Chloe = {
+    production = {
+      enable = lib.mkEnableOption "enable Chloe's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Chloe's website in integration";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."chloe" = config.services.myCertificates.certConfig // {
+        domain = "osteopathe-cc.fr";
+        extraDomains = {
+          "www.osteopathe-cc.fr" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."chloe.immae.eu" = null;
+    })
+  ];
+}
diff --git a/virtual/modules/websites/connexionswing.nix b/virtual/modules/websites/connexionswing.nix
new file mode 100644
index 0000000..ed6799f
--- /dev/null
+++ b/virtual/modules/websites/connexionswing.nix
@@ -0,0 +1,31 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Connexionswing;
+in {
+  options.services.myWebsites.Connexionswing = {
+    production = {
+      enable = lib.mkEnableOption "enable Connexionswing's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Connexionswing's website in integration";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
+        domain = "connexionswing.com";
+        extraDomains = {
+          "www.connexionswing.com" = null;
+          "sandetludo.com" = null;
+          "www.sandetludo.com" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
+      security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
+    })
+  ];
+}
+
diff --git a/virtual/modules/websites/ludivine.nix b/virtual/modules/websites/ludivine.nix
new file mode 100644
index 0000000..5729c09
--- /dev/null
+++ b/virtual/modules/websites/ludivine.nix
@@ -0,0 +1,27 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.Ludivine;
+in {
+  options.services.myWebsites.Ludivine = {
+    production = {
+      enable = lib.mkEnableOption "enable Ludivine's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable Ludivine's website in integration";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // {
+        domain = "ludivinecassal.com";
+        extraDomains = {
+          "www.ludivinecassal.com" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
+    })
+  ];
+}
diff --git a/virtual/modules/websites/piedsjaloux.nix b/virtual/modules/websites/piedsjaloux.nix
new file mode 100644
index 0000000..849df63
--- /dev/null
+++ b/virtual/modules/websites/piedsjaloux.nix
@@ -0,0 +1,28 @@
+{ lib, pkgs, config, mylibs, ... }:
+let
+    cfg = config.services.myWebsites.PiedsJaloux;
+in {
+  options.services.myWebsites.PiedsJaloux = {
+    production = {
+      enable = lib.mkEnableOption "enable PiedsJaloux's website in production";
+    };
+    integration = {
+      enable = lib.mkEnableOption "enable PiedsJaloux's website in integration";
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.production.enable {
+      security.acme.certs."piedsjaloux" = config.services.myCertificates.certConfig // {
+        domain = "piedsjaloux.fr";
+        extraDomains = {
+          "www.piedsjaloux.fr" = null;
+        };
+      };
+    })
+    (lib.mkIf cfg.integration.enable {
+      security.acme.certs."eldiron".extraDomains."piedsjaloux.immae.eu" = null;
+    })
+  ];
+}
+
-- 
cgit v1.2.3