diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/2configs/websites/domsen.nix | 22 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 39 | ||||
-rw-r--r-- | lass/2configs/websites/wohnprojekt-rhh.de.nix | 9 | ||||
-rw-r--r-- | lass/4lib/default.nix | 53 |
4 files changed, 48 insertions, 75 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 1b62bd977..caaee96bb 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -13,22 +13,22 @@ let in { imports = [ - ( ssl "reich-gebaeudereinigung.de" ) - ( servePage "reich-gebaeudereinigung.de" ) + ( ssl [ "reich-gebaeudereinigung.de" ]) + ( servePage [ "reich-gebaeudereinigung.de" ]) - ( manageCert "karlaskop.de" ) - ( servePage "karlaskop.de" ) + ( manageCerts [ "karlaskop.de" ]) + ( servePage [ "karlaskop.de" ]) - ( manageCert "makeup.apanowicz.de" ) - ( servePage "makeup.apanowicz.de" ) + ( ssl [ "makeup.apanowicz.de" ]) + ( servePage [ "makeup.apanowicz.de" ]) - ( manageCert "pixelpocket.de" ) - ( servePage "pixelpocket.de" ) + ( manageCerts [ "pixelpocket.de" ]) + ( servePage [ "pixelpocket.de" ]) - ( ssl "o.ubikmedia.de" ) - ( serveOwncloud "o.ubikmedia.de" ) + ( ssl [ "o.ubikmedia.de" ]) + ( serveOwncloud [ "o.ubikmedia.de" ]) - ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) + ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ]; diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 16a240d7c..7a35ba75b 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -2,37 +2,40 @@ let inherit (import ../../4lib { inherit lib pkgs; }) - manageCert + manageCerts activateACME ssl servePage - serveOwncloud; + serveWordpress; in { imports = [ - ( manageCert "biostase.de" ) - ( servePage "biostase.de" ) + #( manageCerts [ "biostase.de" ]) + #( servePage [ "biostase.de" ]) - ( manageCert "gs-maubach.de" ) - ( servePage "gs-maubach.de" ) + #( manageCerts [ "gs-maubach.de" ]) + #( servePage [ "gs-maubach.de" ]) - ( manageCert "spielwaren-kern.de" ) - ( servePage "spielwaren-kern.de" ) + #( manageCerts [ "spielwaren-kern.de" ]) + #( servePage [ "spielwaren-kern.de" ]) - ( manageCert "societyofsimtech.de" ) - ( servePage "societyofsimtech.de" ) + #( manageCerts [ "societyofsimtech.de" ]) + #( servePage [ "societyofsimtech.de" ]) - ( manageCert "ttf-kleinaspach.de" ) - ( servePage "ttf-kleinaspach.de" ) + #( manageCerts [ "ttf-kleinaspach.de" ]) + #( servePage [ "ttf-kleinaspach.de" ]) - ( manageCert "edsn.de" ) - ( servePage "edsn.de" ) + #( manageCerts [ "edsn.de" ]) + #( servePage [ "edsn.de" ]) - ( manageCert "eab.berkeley.edu" ) - ( servePage "eab.berkeley.edu" ) + #( manageCerts [ "eab.berkeley.edu" ]) + #( servePage [ "eab.berkeley.edu" ]) - ( manageCert "habsys.de" ) - ( servePage "habsys.de" ) + ( manageCerts [ "eastuttgart.de" ]) + ( serveWordpress [ "eastuttgart.de" ]) + + ( manageCerts [ "habsys.de" ]) + ( servePage [ "habsys.de" ]) ]; #lass.owncloud = { diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix index 4e3eb071a..858054531 100644 --- a/lass/2configs/websites/wohnprojekt-rhh.de.nix +++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix @@ -3,16 +3,13 @@ let inherit (config.krebs.lib) genid; inherit (import ../../4lib { inherit lib pkgs; }) - manageCert - activateACME ssl - servePage - serveOwncloud; + servePage; in { imports = [ - ( ssl "wohnprojekt-rhh.de" ) - ( servePage "wohnprojekt-rhh.de" ) + ( ssl [ "wohnprojekt-rhh.de" ]) + ( servePage [ "wohnprojekt-rhh.de" ]) ]; users.users.laura = { diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix index 22a8c3c6e..7949154a0 100644 --- a/lass/4lib/default.nix +++ b/lass/4lib/default.nix @@ -7,31 +7,6 @@ rec { getDefaultGateway = ip: concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); - manageCert = domain: - { - security.acme = { - certs."${domain}" = { - email = "lassulus@gmail.com"; - webroot = "/var/lib/acme/challenges/${domain}"; - plugins = [ - "account_key.json" - "key.pem" - "fullchain.pem" - ]; - group = "nginx"; - allowKeysForGroup = true; - }; - }; - - krebs.nginx.servers."${domain}" = { - locations = [ - (nameValuePair "/.well-known/acme-challenge" '' - root /var/lib/acme/challenges/${domain}/; - '') - ]; - }; - }; - manageCerts = domains: let domain = head domains; @@ -60,11 +35,11 @@ rec { }; }; - ssl = domain: + ssl = domains: { imports = [ - ( manageCert domain ) - ( activateACME domain ) + ( manageCerts domains ) + ( activateACME (head domains) ) ]; }; @@ -79,13 +54,12 @@ rec { }; }; - servePage = domain: - { + servePage = domains: + let + domain = head domains; + in { krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; + server-names = domains; locations = [ (nameValuePair "/" '' root /srv/http/${domain}; @@ -94,13 +68,12 @@ rec { }; }; - serveOwncloud = domain: - { + serveOwncloud = domains: + let + domain = head domains; + in { krebs.nginx.servers."${domain}" = { - server-names = [ - "${domain}" - "www.${domain}" - ]; + server-names = domains; extraConfig = '' # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; |