Merge remote-tracking branch 'cd/master'

1 files changed, 26 insertions, 3 deletions

diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix
index 0cb11846c..79c9de1d4 100644
--- a/lass/3modules/owncloud_nginx.nix
+++ b/lass/3modules/owncloud_nginx.nix
@@ -46,8 +46,22 @@ let
           type = str;
         };
         ssl = mkOption {
-          type = bool;
-          default = false;
+          type = with types; submodule ({
+            options = {
+              enable = mkEnableOption "ssl";
+              certificate = mkOption {
+                type = str;
+              };
+              certificate_key = mkOption {
+                type = str;
+              };
+              ciphers = mkOption {
+                type = str;
+                default = "AES128+EECDH:AES128+EDH";
+              };
+            };
+          });
+          default = {};
         };
       };
     }));
@@ -58,7 +72,7 @@ let
   group = config.services.nginx.group;
 
   imp = {
-    krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
+    krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
       server-names = [
         "${domain}"
         "www.${domain}"
@@ -102,7 +116,16 @@ let
 
         error_page 403 /core/templates/403.php;
         error_page 404 /core/templates/404.php;
+        ${if ssl.enable then ''
+          ssl_certificate ${ssl.certificate};
+          ssl_certificate_key ${ssl.certificate_key};
+        '' else ""}
       '';
+      listen = (if ssl.enable then
+          [ "80" "443 ssl" ]
+        else
+          "80"
+      );
     });
     services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
       listen = ${folder}/phpfpm.pool