From da22c4d12fa23735b998244550dadd7ba169d5b0 Mon Sep 17 00:00:00 2001 From: Jack O'Sullivan Date: Mon, 6 Jun 2022 16:17:33 +0100 Subject: [PATCH] nixos/middleman: Split vhosts into separate file --- .../colony/vms/shill/containers/default.nix | 2 +- .../{middleman.nix => middleman/default.nix} | 40 ++---------------- .../vms/shill/containers/middleman/vhosts.nix | 42 +++++++++++++++++++ 3 files changed, 46 insertions(+), 38 deletions(-) rename nixos/boxes/colony/vms/shill/containers/{middleman.nix => middleman/default.nix} (82%) create mode 100644 nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix diff --git a/nixos/boxes/colony/vms/shill/containers/default.nix b/nixos/boxes/colony/vms/shill/containers/default.nix index 1f91f77..4425b90 100644 --- a/nixos/boxes/colony/vms/shill/containers/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/default.nix @@ -1,6 +1,6 @@ { imports = [ - ./middleman.nix + ./middleman ./vaultwarden.nix ]; } diff --git a/nixos/boxes/colony/vms/shill/containers/middleman.nix b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix similarity index 82% rename from nixos/boxes/colony/vms/shill/containers/middleman.nix rename to nixos/boxes/colony/vms/shill/containers/middleman/default.nix index d450ba4..94111ac 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix @@ -17,11 +17,12 @@ configuration = { lib, pkgs, config, assignments, allAssignments, ... }: let - inherit (builtins) mapAttrs; - inherit (lib) mkMerge mkIf mkDefault; + inherit (lib) mkMerge mkIf; inherit (lib.my) networkdAssignment; in { + imports = [ ./vhosts.nix ]; + config = mkMerge [ { my = { @@ -175,41 +176,6 @@ proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Scheme $scheme; ''; - - virtualHosts = - let - hosts = { - "_" = { - default = true; - forceSSL = true; - onlySSL = false; - }; - "pass.nul.ie" = - let - upstream = "http://vaultwarden-ctr.${config.networking.domain}"; - in - { - locations = { - "/".proxyPass = upstream; - "/notifications/hub" = { - proxyPass = upstream; - proxyWebsockets = true; - }; - "/notifications/hub/negotiate".proxyPass = upstream; - }; - useACMEHost = lib.my.pubDomain; - }; - }; - in - mkMerge [ - hosts - (mapAttrs (n: _: { - onlySSL = mkDefault true; - useACMEHost = mkDefault "${config.networking.domain}"; - kTLS = mkDefault true; - http2 = mkDefault true; - }) hosts) - ]; }; }; } diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix new file mode 100644 index 0000000..d36a33e --- /dev/null +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -0,0 +1,42 @@ +{ lib, pkgs, config, ... }: +let + inherit (builtins) mapAttrs; + inherit (lib) mkMerge mkDefault; +in +{ + services.nginx.virtualHosts = + let + hosts = { + "_" = { + default = true; + forceSSL = true; + onlySSL = false; + }; + + "pass.nul.ie" = + let + upstream = "http://vaultwarden-ctr.${config.networking.domain}"; + in + { + locations = { + "/".proxyPass = upstream; + "/notifications/hub" = { + proxyPass = upstream; + proxyWebsockets = true; + }; + "/notifications/hub/negotiate".proxyPass = upstream; + }; + useACMEHost = lib.my.pubDomain; + }; + }; + in + mkMerge [ + hosts + (mapAttrs (n: _: { + onlySSL = mkDefault true; + useACMEHost = mkDefault "${config.networking.domain}"; + kTLS = mkDefault true; + http2 = mkDefault true; + }) hosts) + ]; +}