diff options
| author | makefu <github@syntax-fehler.de> | 2017-04-19 10:02:57 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2017-04-19 10:02:57 +0200 |
| commit | 0ea25143c940e6fb8bac02a893cfc73f5b5c7cb5 (patch) | |
| tree | b3e962ee6b19c1c9ec975fbcc5d02e180f90f7b8 /krebs/3modules/retiolum-bootstrap.nix | |
| parent | fdefa2b20cfa2037fc866ac68fb53b668bb60a17 (diff) | |
| parent | d40738d41573eca83d7e84f8a9946f8d8441a0d0 (diff) | |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs/3modules/retiolum-bootstrap.nix')
| -rw-r--r-- | krebs/3modules/retiolum-bootstrap.nix | 56 |
1 files changed, 19 insertions, 37 deletions
diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 4bcd596d4..53b06a702 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,53 +1,38 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import <stockholm/lib>; let cfg = config.krebs.retiolum-bootstrap; - - out = { - options.krebs.retiolum-bootstrap = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "retiolum boot strap for tinc.krebsco.de"; - hostname = mkOption { +in +{ + options.krebs.retiolum-bootstrap = { + enable = mkEnableOption "retiolum boot strap for ${cfg.serverName}"; + serverName = mkOption { type = types.str; description = "hostname which serves tinc boot"; default = "tinc.krebsco.de" ; }; - listen = mkOption { - type = with types; listOf str; - description = ''Addresses to listen on (nginx-syntax). - ssl will be configured, http will be redirected to ssl. - Make sure to have at least 1 ssl port configured. - ''; - default = [ "80" "443 ssl" ] ; + sslCertificate = mkOption { + type = types.str; + description = "Certificate file to use for ssl"; + default = "${toString <secrets>}/tinc.krebsco.de.crt" ; }; - ssl_certificate_key = mkOption { + sslCertificateKey = mkOption { type = types.str; description = "Certificate key to use for ssl"; default = "${toString <secrets>}/tinc.krebsco.de.key"; }; - ssl_certificate = mkOption { - type = types.str; - description = "Certificate file to use for ssl"; - default = "${toString <secrets>}/tinc.krebsco.de.crt" ; - }; # in use: # <secrets/tinc.krebsco.de.crt> # <secrets/tinc.krebsco.de.key> }; - imp = { - krebs.nginx.servers = assert config.krebs.nginx.enable; { - retiolum-boot-ssl = { - server-names = singleton cfg.hostname; - listen = cfg.listen; - extraConfig = '' - ssl_certificate ${cfg.ssl_certificate}; - ssl_certificate_key ${cfg.ssl_certificate_key}; - + config = mkIf cfg.enable { + services.nginx = { + enable = mkDefault true; + virtualHosts.retiolum-bootstrap = { + inherit (cfg) serverName sslCertificate sslCertificateKey; + enableSSL = true; + extraConfig ='' if ($scheme = http){ return 301 https://$server_name$request_uri; } @@ -55,10 +40,7 @@ let root ${pkgs.retiolum-bootstrap}; try_files $uri $uri/retiolum.sh; ''; - locations = []; }; }; }; - -in -out +} |