summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/2configs/websites/domsen.nix22
-rw-r--r--lass/2configs/websites/fritz.nix39
-rw-r--r--lass/2configs/websites/wohnprojekt-rhh.de.nix9
-rw-r--r--lass/4lib/default.nix53
4 files changed, 48 insertions, 75 deletions
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 1b62bd977..caaee96bb 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -13,22 +13,22 @@ let
in {
imports = [
- ( ssl "reich-gebaeudereinigung.de" )
- ( servePage "reich-gebaeudereinigung.de" )
+ ( ssl [ "reich-gebaeudereinigung.de" ])
+ ( servePage [ "reich-gebaeudereinigung.de" ])
- ( manageCert "karlaskop.de" )
- ( servePage "karlaskop.de" )
+ ( manageCerts [ "karlaskop.de" ])
+ ( servePage [ "karlaskop.de" ])
- ( manageCert "makeup.apanowicz.de" )
- ( servePage "makeup.apanowicz.de" )
+ ( ssl [ "makeup.apanowicz.de" ])
+ ( servePage [ "makeup.apanowicz.de" ])
- ( manageCert "pixelpocket.de" )
- ( servePage "pixelpocket.de" )
+ ( manageCerts [ "pixelpocket.de" ])
+ ( servePage [ "pixelpocket.de" ])
- ( ssl "o.ubikmedia.de" )
- ( serveOwncloud "o.ubikmedia.de" )
+ ( ssl [ "o.ubikmedia.de" ])
+ ( serveOwncloud [ "o.ubikmedia.de" ])
- ( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
+ ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
];
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 16a240d7c..7a35ba75b 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -2,37 +2,40 @@
let
inherit (import ../../4lib { inherit lib pkgs; })
- manageCert
+ manageCerts
activateACME
ssl
servePage
- serveOwncloud;
+ serveWordpress;
in {
imports = [
- ( manageCert "biostase.de" )
- ( servePage "biostase.de" )
+ #( manageCerts [ "biostase.de" ])
+ #( servePage [ "biostase.de" ])
- ( manageCert "gs-maubach.de" )
- ( servePage "gs-maubach.de" )
+ #( manageCerts [ "gs-maubach.de" ])
+ #( servePage [ "gs-maubach.de" ])
- ( manageCert "spielwaren-kern.de" )
- ( servePage "spielwaren-kern.de" )
+ #( manageCerts [ "spielwaren-kern.de" ])
+ #( servePage [ "spielwaren-kern.de" ])
- ( manageCert "societyofsimtech.de" )
- ( servePage "societyofsimtech.de" )
+ #( manageCerts [ "societyofsimtech.de" ])
+ #( servePage [ "societyofsimtech.de" ])
- ( manageCert "ttf-kleinaspach.de" )
- ( servePage "ttf-kleinaspach.de" )
+ #( manageCerts [ "ttf-kleinaspach.de" ])
+ #( servePage [ "ttf-kleinaspach.de" ])
- ( manageCert "edsn.de" )
- ( servePage "edsn.de" )
+ #( manageCerts [ "edsn.de" ])
+ #( servePage [ "edsn.de" ])
- ( manageCert "eab.berkeley.edu" )
- ( servePage "eab.berkeley.edu" )
+ #( manageCerts [ "eab.berkeley.edu" ])
+ #( servePage [ "eab.berkeley.edu" ])
- ( manageCert "habsys.de" )
- ( servePage "habsys.de" )
+ ( manageCerts [ "eastuttgart.de" ])
+ ( serveWordpress [ "eastuttgart.de" ])
+
+ ( manageCerts [ "habsys.de" ])
+ ( servePage [ "habsys.de" ])
];
#lass.owncloud = {
diff --git a/lass/2configs/websites/wohnprojekt-rhh.de.nix b/lass/2configs/websites/wohnprojekt-rhh.de.nix
index 4e3eb071a..858054531 100644
--- a/lass/2configs/websites/wohnprojekt-rhh.de.nix
+++ b/lass/2configs/websites/wohnprojekt-rhh.de.nix
@@ -3,16 +3,13 @@
let
inherit (config.krebs.lib) genid;
inherit (import ../../4lib { inherit lib pkgs; })
- manageCert
- activateACME
ssl
- servePage
- serveOwncloud;
+ servePage;
in {
imports = [
- ( ssl "wohnprojekt-rhh.de" )
- ( servePage "wohnprojekt-rhh.de" )
+ ( ssl [ "wohnprojekt-rhh.de" ])
+ ( servePage [ "wohnprojekt-rhh.de" ])
];
users.users.laura = {
diff --git a/lass/4lib/default.nix b/lass/4lib/default.nix
index 22a8c3c6e..7949154a0 100644
--- a/lass/4lib/default.nix
+++ b/lass/4lib/default.nix
@@ -7,31 +7,6 @@ rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
- manageCert = domain:
- {
- security.acme = {
- certs."${domain}" = {
- email = "lassulus@gmail.com";
- webroot = "/var/lib/acme/challenges/${domain}";
- plugins = [
- "account_key.json"
- "key.pem"
- "fullchain.pem"
- ];
- group = "nginx";
- allowKeysForGroup = true;
- };
- };
-
- krebs.nginx.servers."${domain}" = {
- locations = [
- (nameValuePair "/.well-known/acme-challenge" ''
- root /var/lib/acme/challenges/${domain}/;
- '')
- ];
- };
- };
-
manageCerts = domains:
let
domain = head domains;
@@ -60,11 +35,11 @@ rec {
};
};
- ssl = domain:
+ ssl = domains:
{
imports = [
- ( manageCert domain )
- ( activateACME domain )
+ ( manageCerts domains )
+ ( activateACME (head domains) )
];
};
@@ -79,13 +54,12 @@ rec {
};
};
- servePage = domain:
- {
+ servePage = domains:
+ let
+ domain = head domains;
+ in {
krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
+ server-names = domains;
locations = [
(nameValuePair "/" ''
root /srv/http/${domain};
@@ -94,13 +68,12 @@ rec {
};
};
- serveOwncloud = domain:
- {
+ serveOwncloud = domains:
+ let
+ domain = head domains;
+ in {
krebs.nginx.servers."${domain}" = {
- server-names = [
- "${domain}"
- "www.${domain}"
- ];
+ server-names = domains;
extraConfig = ''
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";