nixos/middleman: Split vhosts into separate file

2022-06-06 16:17:33 +01:00
parent 4c2019299c
commit da22c4d12f
3 changed files with 46 additions and 38 deletions
--- a/nixos/boxes/colony/vms/shill/containers/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/default.nix
@@ -1,6 +1,6 @@
 {
  imports = [
-    ./middleman.nix
+    ./middleman
    ./vaultwarden.nix
  ];
 }
--- a/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/default.nix
@@ -17,11 +17,12 @@

    configuration = { lib, pkgs, config, assignments, allAssignments, ... }:
    let
-      inherit (builtins) mapAttrs;
-      inherit (lib) mkMerge mkIf mkDefault;
+      inherit (lib) mkMerge mkIf;
      inherit (lib.my) networkdAssignment;
    in
    {
+      imports = [ ./vhosts.nix ];
+
      config = mkMerge [
        {
          my = {
@@ -175,41 +176,6 @@
                proxy_set_header X-Forwarded-Protocol $scheme;
                proxy_set_header X-Scheme $scheme;
              '';
-
-              virtualHosts =
-              let
-                hosts = {
-                  "_" = {
-                    default = true;
-                    forceSSL = true;
-                    onlySSL = false;
-                  };
-                  "pass.nul.ie" =
-                  let
-                    upstream = "http://vaultwarden-ctr.${config.networking.domain}";
-                  in
-                  {
-                    locations = {
-                      "/".proxyPass = upstream;
-                      "/notifications/hub" = {
-                        proxyPass = upstream;
-                        proxyWebsockets = true;
-                      };
-                      "/notifications/hub/negotiate".proxyPass = upstream;
-                    };
-                    useACMEHost = lib.my.pubDomain;
-                  };
-                };
-              in
-              mkMerge [
-                hosts
-                (mapAttrs (n: _: {
-                  onlySSL = mkDefault true;
-                  useACMEHost = mkDefault "${config.networking.domain}";
-                  kTLS = mkDefault true;
-                  http2 = mkDefault true;
-                }) hosts)
-              ];
            };
          };
        }
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -0,0 +1,42 @@
+{ lib, pkgs, config, ... }:
+let
+  inherit (builtins) mapAttrs;
+  inherit (lib) mkMerge mkDefault;
+in
+{
+  services.nginx.virtualHosts =
+  let
+    hosts = {
+      "_" = {
+        default = true;
+        forceSSL = true;
+        onlySSL = false;
+      };
+
+      "pass.nul.ie" =
+      let
+        upstream = "http://vaultwarden-ctr.${config.networking.domain}";
+      in
+      {
+        locations = {
+          "/".proxyPass = upstream;
+          "/notifications/hub" = {
+            proxyPass = upstream;
+            proxyWebsockets = true;
+          };
+          "/notifications/hub/negotiate".proxyPass = upstream;
+        };
+        useACMEHost = lib.my.pubDomain;
+      };
+    };
+  in
+  mkMerge [
+    hosts
+    (mapAttrs (n: _: {
+      onlySSL = mkDefault true;
+      useACMEHost = mkDefault "${config.networking.domain}";
+      kTLS = mkDefault true;
+      http2 = mkDefault true;
+    }) hosts)
+  ];
+}