nixos/middleman: Split vhosts into separate file

nixos/boxes/colony/vms/shill/containers/default.nix

@@ -1,6 +1,6 @@
 {
   imports = [
-    ./middleman.nix
+    ./middleman
     ./vaultwarden.nix
   ];
 }

nixos/boxes/colony/vms/shill/containers/middleman/default.nix

@@ -17,11 +17,12 @@
 
     configuration = { lib, pkgs, config, assignments, allAssignments, ... }:
     let
-      inherit (builtins) mapAttrs;
+      inherit (lib) mkMerge mkIf;
-      inherit (lib) mkMerge mkIf mkDefault;
       inherit (lib.my) networkdAssignment;
     in
     {
+      imports = [ ./vhosts.nix ];
+
       config = mkMerge [
         {
           my = {
@@ -175,41 +176,6 @@
                 proxy_set_header X-Forwarded-Protocol $scheme;
                 proxy_set_header X-Scheme $scheme;
               '';
-
-              virtualHosts =
-              let
-                hosts = {
-                  "_" = {
-                    default = true;
-                    forceSSL = true;
-                    onlySSL = false;
-                  };
-                  "pass.nul.ie" =
-                  let
-                    upstream = "http://vaultwarden-ctr.${config.networking.domain}";
-                  in
-                  {
-                    locations = {
-                      "/".proxyPass = upstream;
-                      "/notifications/hub" = {
-                        proxyPass = upstream;
-                        proxyWebsockets = true;
-                      };
-                      "/notifications/hub/negotiate".proxyPass = upstream;
-                    };
-                    useACMEHost = lib.my.pubDomain;
-                  };
-                };
-              in
-              mkMerge [
-                hosts
-                (mapAttrs (n: _: {
-                  onlySSL = mkDefault true;
-                  useACMEHost = mkDefault "${config.networking.domain}";
-                  kTLS = mkDefault true;
-                  http2 = mkDefault true;
-                }) hosts)
-              ];
             };
           };
         }

nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix

@@ -0,0 +1,42 @@
+{ lib, pkgs, config, ... }:
+let
+  inherit (builtins) mapAttrs;
+  inherit (lib) mkMerge mkDefault;
+in
+{
+  services.nginx.virtualHosts =
+  let
+    hosts = {
+      "_" = {
+        default = true;
+        forceSSL = true;
+        onlySSL = false;
+      };
+
+      "pass.nul.ie" =
+      let
+        upstream = "http://vaultwarden-ctr.${config.networking.domain}";
+      in
+      {
+        locations = {
+          "/".proxyPass = upstream;
+          "/notifications/hub" = {
+            proxyPass = upstream;
+            proxyWebsockets = true;
+          };
+          "/notifications/hub/negotiate".proxyPass = upstream;
+        };
+        useACMEHost = lib.my.pubDomain;
+      };
+    };
+  in
+  mkMerge [
+    hosts
+    (mapAttrs (n: _: {
+      onlySSL = mkDefault true;
+      useACMEHost = mkDefault "${config.networking.domain}";
+      kTLS = mkDefault true;
+      http2 = mkDefault true;
+    }) hosts)
+  ];
+}