1
0
Fork 0

Hevana: auto-detect subdomains; General: break out util functions into separate file

This commit is contained in:
Aires 2024-12-03 18:05:57 -05:00
parent 052fb00606
commit 37f311cb63
10 changed files with 84 additions and 68 deletions

View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
# Do not change this value! This tracks when NixOS was installed on your system. # Do not change this value! This tracks when NixOS was installed on your system.
@ -18,17 +23,20 @@ let
''}"; ''}";
}; };
# List of subdomains to add to the TLS certificate /*
subdomains = with config.secrets.services; [ Add subdomains from enabled services to TLS certificate.
binary-cache.url
forgejo.url This doesn't _exactly_ check for enabled services, only:
gremlin-lab.url 1. Services that aren't ACME
jellyfin.url 2. Services with an "enable" attribute.
languagetool.url
netdata.url It still works though, so ¯\_()_/¯
qbittorrent.url */
rss.url serviceList = lib.attrsets.collect (
]; x: x != "acme" && builtins.hasAttr "enable" x
) config.aux.system.services;
subdomains = builtins.catAttrs "url" serviceList;
in in
{ {
imports = [ ./hardware-configuration.nix ]; imports = [ ./hardware-configuration.nix ];

View file

@ -1,13 +1,11 @@
# Modules common to all systems # Modules common to all systems
{ {
inputs, inputs,
lib,
pkgs, pkgs,
... ...
}: }:
{ {
config = {
# Install base packages # Install base packages
aux.system.packages = with pkgs; [ aux.system.packages = with pkgs; [
fastfetch # Show a neat system statistics screen when opening a terminal fastfetch # Show a neat system statistics screen when opening a terminal
@ -19,27 +17,13 @@
# Install the nos helper script # Install the nos helper script
aux.system.nixos-operations-script.enable = true; aux.system.nixos-operations-script.enable = true;
# Allow packages from the unstable repo by using 'pkgs.unstable'
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: _prev: { (final: _prev: {
# Allow packages from the unstable repo by using 'pkgs.unstable'
unstable = import inputs.nixpkgs-unstable { unstable = import inputs.nixpkgs-unstable {
system = final.system; system = final.system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
# Define custom functions using 'pkgs.util'
util = {
# Parses the domain from a URL
getDomainFromURL =
url:
let
parsedURL = (lib.strings.splitString "." url);
in
builtins.concatStringsSep "." [
(builtins.elemAt parsedURL 1)
(builtins.elemAt parsedURL 2)
];
};
}) })
]; ];
@ -58,5 +42,4 @@
# Set ZSH as the default shell # Set ZSH as the default shell
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
};
} }

View file

@ -49,7 +49,7 @@ in
}; };
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = { basicAuth = {
"${cfg.auth.user}" = cfg.auth.password; "${cfg.auth.user}" = cfg.auth.password;

View file

@ -32,7 +32,7 @@ in
enable = true; enable = true;
settings = { settings = {
server = { server = {
DOMAIN = pkgs.util.getDomainFromURL cfg.url; DOMAIN = pkgs.util.getDomainFromURI cfg.url;
ROOT_URL = cfg.url; ROOT_URL = cfg.url;
HTTP_PORT = 3000; HTTP_PORT = 3000;
}; };
@ -42,7 +42,7 @@ in
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; }; } // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3000"; proxyPass = "http://127.0.0.1:3000";

View file

@ -34,7 +34,7 @@ in
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8096"; proxyPass = "http://127.0.0.1:8096";

View file

@ -56,7 +56,7 @@ in
}; };
# Create Nginx virtualhost # Create Nginx virtualhost
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = { basicAuth = {
"${cfg.auth.user}" = cfg.auth.password; "${cfg.auth.user}" = cfg.auth.password;

View file

@ -50,7 +50,7 @@ in
(lib.mkIf (cfg.enable && cfg.type == "parent") { (lib.mkIf (cfg.enable && cfg.type == "parent") {
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = { basicAuth = {
"${cfg.auth.user}" = cfg.auth.password; "${cfg.auth.user}" = cfg.auth.password;

View file

@ -58,7 +58,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${cfg.port}"; proxyPass = "http://127.0.0.1:${cfg.port}";

View file

@ -56,7 +56,7 @@ in
}; };
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURI cfg.url;
forceSSL = true; forceSSL = true;
}; };
}; };

25
modules/util.nix Normal file
View file

@ -0,0 +1,25 @@
# Utility and helper functions
{
lib,
...
}:
{
nixpkgs.overlays = [
(final: _prev: {
# Define custom functions using 'pkgs.util'
util = {
# Parses the domain from a URI
getDomainFromURI =
url:
let
parsedURL = (lib.strings.splitString "." url);
in
builtins.concatStringsSep "." [
(builtins.elemAt parsedURL 1)
(builtins.elemAt parsedURL 2)
];
};
})
];
}