2 files changed, 62 insertions, 63 deletions

diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix
index 50e04cf80..4e035e725 100644
--- a/krebs/3modules/bepasty-server.nix
+++ b/krebs/3modules/bepasty-server.nix
@@ -22,6 +22,16 @@ let
 
     servers = mkOption {
       type = with types; attrsOf optionSet;
+      example = ''
+        {
+          "paste.r" = {
+            defaultPermissions = "read,delete,create";
+          };
+          "paste.krebsco.de" = {
+            defaultPermissions = "read";
+          };
+        }
+      '';
       options = singleton {
         nginx = mkOption {
           # TODO use the correct type
@@ -30,7 +40,6 @@ let
             additional nginx configuration. see krebs.nginx for all options
           '';
         };
-
         secretKey = mkOption {
           type = types.str;
           description = ''
@@ -39,6 +48,7 @@ let
           default = "";
         };
 
+
         # we create a wsgi socket in $workDir/gunicorn-${name}.wsgi
         workDir = mkOption {
           type = types.str;
@@ -143,25 +153,25 @@ let
   };
 
   nginx-imp = {
-    assertions = [{ assertion = config.krebs.nginx.enable;
-                     message = "krebs.nginx.enable must be true"; }];
-
-    krebs.nginx.servers = mapAttrs' (name: server:
-      nameValuePair("bepasty-server-${name}")
-      (mkMerge [ server.nginx  {
-        extraConfig = ''
-          client_max_body_size 32M;
-          '';
-        locations = [
-          (nameValuePair "/" ''
-            proxy_set_header Host $http_host;
-            proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
-           '')
-          (nameValuePair "/static/" ''
-            alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
-          '')
-          ];
-      }])) cfg.servers ;
+    assertions = [{ assertion = config.services.nginx.enable;
+                     message = "services.nginx.enable must be true"; }];
+
+    services.nginx.virtualHosts = mapAttrs ( name: server:
+      (mkMerge [
+        server.nginx
+        {
+          extraConfig = ''
+            client_max_body_size 32M;
+            '';
+          locations = {
+            "/".extraConfig = "proxy_set_header Host $http_host;";
+            "/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock";
+            "/static/".extraConfig = ''
+              alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
+            '';
+          };
+        }])
+      ) cfg.servers ;
   };
 in
 out
diff --git a/krebs/3modules/tinc_graphs.nix b/krebs/3modules/tinc_graphs.nix
index 26a51de00..197835e73 100644
--- a/krebs/3modules/tinc_graphs.nix
+++ b/krebs/3modules/tinc_graphs.nix
@@ -35,35 +35,28 @@ let
     nginx = {
       enable = mkEnableOption "enable tinc_graphs to be served with nginx";
 
-      anonymous = {
-        server-names = mkOption {
-          type = with types; listOf str;
-          description = "hostnames which serve anonymous graphs";
-          default = [ "graphs.${config.krebs.build.host.name}" ];
-        };
-
-        listen = mkOption {
-          # use the type of the nginx listen option
-          type = with types; listOf str;
-          description = "listen address for anonymous graphs";
-          default = [ "80" ];
-        };
-
+      anonymous = mkOption {
+        type = types.attrsOf types.unspecified;
+        description = ''
+          nginx virtualHost options to be merged into the anonymous graphs
+          vhost entry.
+        '';
+      };
+      anonymous-domain = mkOption {
+        type = types.str;
+        description = ''
+          external domainname to be used for anonymous graphs
+          it will be used if you want to enable ACME
+        '';
+        default = "graphs.krebsco.de";
       };
 
-      complete = {
-        server-names = mkOption {
-          type = with types; listOf str;
-          description = "hostname which serves complete graphs";
-          default = [ "graphs.${config.krebs.build.host.name}" ];
-        };
-
-        listen = mkOption {
-          type = with types; listOf str;
-          description = "listen address for complete graphs";
-          default = [ "127.0.0.1:80" ];
-        };
-
+      complete = mkOption {
+        type = types.attrsOf types.unspecified;
+        description = ''
+          nginx virtualHost options to be merged into the complete graphs
+          vhost entry.
+        '';
       };
     };
 
@@ -134,24 +127,20 @@ let
       uid = genid "tinc_graphs";
       home = "/var/spool/tinc_graphs";
     };
-    krebs.nginx = mkIf cfg.nginx.enable {
+    services.nginx = mkIf cfg.nginx.enable {
       enable = mkDefault true;
-      servers = {
+      virtualHosts = {
         tinc_graphs_complete = mkMerge [ cfg.nginx.complete  {
-          locations = [
-            (nameValuePair "/" ''
-              autoindex on;
-              root ${internal_dir};
-            '')
-          ];
-        }] ;
-        tinc_graphs_anonymous = mkMerge [ cfg.nginx.anonymous {
-          locations = [
-            (nameValuePair "/" ''
-              autoindex on;
-              root ${external_dir};
-            '')
-          ];
+          locations = {
+            "/".extraConfig = "autoindex on;";
+            "/".root = internal_dir;
+          };
+        }];
+        "${cfg.nginx.anonymous-domain}" = mkMerge [ cfg.nginx.anonymous {
+          locations = {
+            "/".extraConfig = "autoindex on;";
+            "/".root = external_dir;
+          };
         }];
       };
     };