summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-04-07 20:48:07 +0200
committertv <tv@krebsco.de>2016-04-07 20:48:07 +0200
commit7fb1a3e775439d61e054e872dad79f9b6b1ae227 (patch)
tree19dd5dfc6ea46fd8868da21ca731f444af10c52d
parente1a287c78bab2847fee7c4f1a18a765d89ca373f (diff)
krebs.nginx: don't abuse extraConfig
-rw-r--r--krebs/3modules/nginx.nix40
1 files changed, 18 insertions, 22 deletions
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 816c2ff69..6af93a570 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -117,28 +117,24 @@ let
}
'';
- to-server = { server-names, listen, locations, extraConfig, ssl, ... }:
- let
- _extraConfig = if ssl.enable then
- extraConfig + ''
- ssl_certificate ${ssl.certificate};
- ssl_certificate_key ${ssl.certificate_key};
- ${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"}
- ssl_ciphers ${ssl.ciphers};
- ssl_protocols ${toString ssl.protocols};
- ''
- else
- extraConfig
- ;
-
- in ''
- server {
- ${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")}
- server_name ${toString server-names};
- ${indent _extraConfig}
- ${indent (concatMapStrings to-location locations)}
- }
- '';
+ to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
+ server {
+ server_name ${toString server-names};
+ ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
+ ${optionalString ssl.enable (indent ''
+ listen 443 ssl;
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ ${optionalString ssl.prefer_server_ciphers ''
+ ssl_prefer_server_ciphers On;
+ ''}
+ ssl_ciphers ${ssl.ciphers};
+ ssl_protocols ${toString ssl.protocols};
+ '')}
+ ${indent extraConfig}
+ ${indent (concatMapStrings to-location locations)}
+ }
+ '';
in
out