summaryrefslogtreecommitdiffstats
path: root/lass/3modules/static_nginx.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/3modules/static_nginx.nix')
-rw-r--r--lass/3modules/static_nginx.nix44
1 files changed, 43 insertions, 1 deletions
diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix
index cc2641af2..fd5cfdfd7 100644
--- a/lass/3modules/static_nginx.nix
+++ b/lass/3modules/static_nginx.nix
@@ -21,6 +21,35 @@ let
type = str;
default = "/srv/http/${config.domain}";
};
+ #sslEnable = mkEnableOption "ssl";
+ #certificate = mkOption {
+ # type = str;
+ #};
+ #certificate_key = mkOption {
+ # type = str;
+ #};
+ #ciphers = mkOption {
+ # type = str;
+ # default = "AES128+EECDH:AES128+EDH";
+ #};
+ ssl = mkOption {
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };
+ ciphers = mkOption {
+ type = str;
+ default = "AES128+EECDH:AES128+EDH";
+ };
+ };
+ });
+ default = {};
+ };
};
}));
default = {};
@@ -29,8 +58,10 @@ let
user = config.services.nginx.user;
group = config.services.nginx.group;
+ external-ip = head config.krebs.build.host.nets.internet.addrs4;
+
imp = {
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@@ -43,6 +74,17 @@ let
deny all;
'')
];
+
+ listen = (if ssl.enable then
+ [ "80" "443 ssl" ]
+ else
+ "80"
+ );
+ extraConfig = (if ssl.enable then ''
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ '' else "");
+
});
};