Hevana: auto-detect subdomains; General: break out util functions into separate file
This commit is contained in:
parent
052fb00606
commit
37f311cb63
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
# Do not change this value! This tracks when NixOS was installed on your system.
|
||||
|
@ -18,17 +23,20 @@ let
|
|||
''}";
|
||||
};
|
||||
|
||||
# List of subdomains to add to the TLS certificate
|
||||
subdomains = with config.secrets.services; [
|
||||
binary-cache.url
|
||||
forgejo.url
|
||||
gremlin-lab.url
|
||||
jellyfin.url
|
||||
languagetool.url
|
||||
netdata.url
|
||||
qbittorrent.url
|
||||
rss.url
|
||||
];
|
||||
/*
|
||||
Add subdomains from enabled services to TLS certificate.
|
||||
|
||||
This doesn't _exactly_ check for enabled services, only:
|
||||
1. Services that aren't ACME
|
||||
2. Services with an "enable" attribute.
|
||||
|
||||
It still works though, so ¯\_(ツ)_/¯
|
||||
*/
|
||||
serviceList = lib.attrsets.collect (
|
||||
x: x != "acme" && builtins.hasAttr "enable" x
|
||||
) config.aux.system.services;
|
||||
subdomains = builtins.catAttrs "url" serviceList;
|
||||
|
||||
in
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
|
|
@ -1,13 +1,11 @@
|
|||
# Modules common to all systems
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
config = {
|
||||
# Install base packages
|
||||
aux.system.packages = with pkgs; [
|
||||
fastfetch # Show a neat system statistics screen when opening a terminal
|
||||
|
@ -19,27 +17,13 @@
|
|||
# Install the nos helper script
|
||||
aux.system.nixos-operations-script.enable = true;
|
||||
|
||||
# Allow packages from the unstable repo by using 'pkgs.unstable'
|
||||
nixpkgs.overlays = [
|
||||
(final: _prev: {
|
||||
# Allow packages from the unstable repo by using 'pkgs.unstable'
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
system = final.system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
||||
# Define custom functions using 'pkgs.util'
|
||||
util = {
|
||||
# Parses the domain from a URL
|
||||
getDomainFromURL =
|
||||
url:
|
||||
let
|
||||
parsedURL = (lib.strings.splitString "." url);
|
||||
in
|
||||
builtins.concatStringsSep "." [
|
||||
(builtins.elemAt parsedURL 1)
|
||||
(builtins.elemAt parsedURL 2)
|
||||
];
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
|
@ -58,5 +42,4 @@
|
|||
|
||||
# Set ZSH as the default shell
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -49,7 +49,7 @@ in
|
|||
};
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
|
|
|
@ -32,7 +32,7 @@ in
|
|||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = pkgs.util.getDomainFromURL cfg.url;
|
||||
DOMAIN = pkgs.util.getDomainFromURI cfg.url;
|
||||
ROOT_URL = cfg.url;
|
||||
HTTP_PORT = 3000;
|
||||
};
|
||||
|
@ -42,7 +42,7 @@ in
|
|||
} // lib.optionalAttrs (cfg.home != null) { stateDir = cfg.home; };
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
|
|
|
@ -34,7 +34,7 @@ in
|
|||
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8096";
|
||||
|
|
|
@ -56,7 +56,7 @@ in
|
|||
};
|
||||
# Create Nginx virtualhost
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
|
|
|
@ -50,7 +50,7 @@ in
|
|||
(lib.mkIf (cfg.enable && cfg.type == "parent") {
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
basicAuth = {
|
||||
"${cfg.auth.user}" = cfg.auth.password;
|
||||
|
|
|
@ -58,7 +58,7 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${cfg.port}";
|
||||
|
|
|
@ -56,7 +56,7 @@ in
|
|||
};
|
||||
|
||||
nginx.virtualHosts."${cfg.url}" = {
|
||||
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
|
||||
useACMEHost = pkgs.util.getDomainFromURI cfg.url;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
|
|
25
modules/util.nix
Normal file
25
modules/util.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
# Utility and helper functions
|
||||
{
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(final: _prev: {
|
||||
# Define custom functions using 'pkgs.util'
|
||||
util = {
|
||||
# Parses the domain from a URI
|
||||
getDomainFromURI =
|
||||
url:
|
||||
let
|
||||
parsedURL = (lib.strings.splitString "." url);
|
||||
in
|
||||
builtins.concatStringsSep "." [
|
||||
(builtins.elemAt parsedURL 1)
|
||||
(builtins.elemAt parsedURL 2)
|
||||
];
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
Loading…
Reference in a new issue