summaryrefslogtreecommitdiffstats
path: root/lass/3modules/static_nginx.nix
blob: fd5cfdfd7d639dcb84eb3b6e3f14881204c0419c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.lass.staticPage;

  out = {
    options.lass.staticPage = api;
    config = imp;
  };

  api = mkOption {
    type = with types; attrsOf (submodule ({ config, ... }: {
      options = {
        domain = mkOption {
          type = str;
          default = config._module.args.name;
        };
        folder = mkOption {
          type = str;
          default = "/srv/http/${config.domain}";
        };
        #sslEnable = mkEnableOption "ssl";
        #certificate = mkOption {
        #  type = str;
        #};
        #certificate_key = mkOption {
        #  type = str;
        #};
        #ciphers = mkOption {
        #  type = str;
        #  default = "AES128+EECDH:AES128+EDH";
        #};
        ssl = mkOption {
          type = with types; submodule ({
            options = {
              enable = mkEnableOption "ssl";
              certificate = mkOption {
                type = str;
              };
              certificate_key = mkOption {
                type = str;
              };
              ciphers = mkOption {
                type = str;
                default = "AES128+EECDH:AES128+EDH";
              };
            };
          });
          default = {};
        };
      };
    }));
    default = {};
  };

  user = config.services.nginx.user;
  group = config.services.nginx.group;

  external-ip = head config.krebs.build.host.nets.internet.addrs4;

  imp = {
    krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: {
      server-names = [
        "${domain}"
        "www.${domain}"
      ];
      locations = [
        (nameValuePair "/" ''
          root ${folder};
        '')
        (nameValuePair "~ /\\." ''
          deny all;
        '')
      ];

      listen = (if ssl.enable then
          [ "80" "443 ssl" ]
        else
          "80"
      );
      extraConfig = (if ssl.enable then ''
        ssl_certificate ${ssl.certificate};
        ssl_certificate_key ${ssl.certificate_key};
      '' else "");

    });
  };

in out