diff options
Diffstat (limited to 'lass/3modules/static_nginx.nix')
-rw-r--r-- | lass/3modules/static_nginx.nix | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/lass/3modules/static_nginx.nix b/lass/3modules/static_nginx.nix index cc2641af2..fd5cfdfd7 100644 --- a/lass/3modules/static_nginx.nix +++ b/lass/3modules/static_nginx.nix @@ -21,6 +21,35 @@ let type = str; default = "/srv/http/${config.domain}"; }; + #sslEnable = mkEnableOption "ssl"; + #certificate = mkOption { + # type = str; + #}; + #certificate_key = mkOption { + # type = str; + #}; + #ciphers = mkOption { + # type = str; + # default = "AES128+EECDH:AES128+EDH"; + #}; + ssl = mkOption { + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; + }; + }; + }); + default = {}; + }; }; })); default = {}; @@ -29,8 +58,10 @@ let user = config.services.nginx.user; group = config.services.nginx.group; + external-ip = head config.krebs.build.host.nets.internet.addrs4; + imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { server-names = [ "${domain}" "www.${domain}" @@ -43,6 +74,17 @@ let deny all; '') ]; + + listen = (if ssl.enable then + [ "80" "443 ssl" ] + else + "80" + ); + extraConfig = (if ssl.enable then '' + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + '' else ""); + }); }; |