stockholm/makefu/2configs/nginx/euer.blog.nix

{ config, lib, pkgs, ... }:

with config.krebs.lib;
let
  sec = toString <secrets>;
  ssl_cert = "${sec}/wildcard.krebsco.de.crt";
  ssl_key  = "${sec}/wildcard.krebsco.de.key";
  hostname = config.krebs.build.host.name;
  user = config.services.nginx.user;
  group = config.services.nginx.group;
  external-ip = config.krebs.build.host.nets.internet.ip4.addr;
  internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
  base-dir = "/var/www/blog.euer";
in {
  # Prepare Blog directory
  systemd.services.prepare-euer-blog = {
    wantedBy = [ "local-fs.target" ];
    before = [ "nginx.service" ];
    serviceConfig = {
      # do nothing if the base dir already exists
      ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''
        #!/bin/sh
        if ! test -d "${base-dir}" ;then
          mkdir -p "${base-dir}"
          chown ${user}:${group} "${base-dir}"
          chmod 700 "${base-dir}"
        fi
      '';
      Type = "oneshot";
      RemainAfterExit = "yes";
      TimeoutSec = "0";
    };
  };

  krebs.nginx = {
    enable = mkDefault true;
    servers = {
      euer-blog = {
        listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
                   "${internal-ip}:80" "${internal-ip}:443 ssl" ];
        server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];
        extraConfig = ''
          gzip on;
          gzip_buffers 4 32k;
          gzip_types  text/plain application/x-javascript text/css;
          ssl_certificate ${ssl_cert};
          ssl_certificate_key ${ssl_key};
          default_type text/plain;
        '';
        locations = singleton (nameValuePair "/" ''
          root ${base-dir};
        '');
      };
    };
  };
}
m 2 euer.blog: init (untested) 2015-10-29 08:28:27 +00:00			`{ config, lib, pkgs, ... }:`

RIP specialArgs.lib 2016-02-14 15:43:44 +00:00			`with config.krebs.lib;`
m 2 euer.blog: init (untested) 2015-10-29 08:28:27 +00:00			`let`
m 2 *: s,/root/secrets,<secrets>, 2015-10-29 09:55:54 +00:00			`sec = toString <secrets>;`
			`ssl_cert = "${sec}/wildcard.krebsco.de.crt";`
			`ssl_key = "${sec}/wildcard.krebsco.de.key";`
m 2 nginx/euer*: prepare folders if they do not exist 2015-11-05 11:31:09 +00:00			`hostname = config.krebs.build.host.name;`
			`user = config.services.nginx.user;`
			`group = config.services.nginx.group;`
retiolum: don't hardcode routing prefixes 2016-04-08 01:53:34 +00:00			`external-ip = config.krebs.build.host.nets.internet.ip4.addr;`
			`internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;`
m 2 nginx/euer*: prepare folders if they do not exist 2015-11-05 11:31:09 +00:00			`base-dir = "/var/www/blog.euer";`
m 2 euer.blog: init (untested) 2015-10-29 08:28:27 +00:00			`in {`
m 2 nginx/euer*: prepare folders if they do not exist 2015-11-05 11:31:09 +00:00			`# Prepare Blog directory`
			`systemd.services.prepare-euer-blog = {`
			`wantedBy = [ "local-fs.target" ];`
			`before = [ "nginx.service" ];`
			`serviceConfig = {`
			`# do nothing if the base dir already exists`
			`ExecStart = pkgs.writeScript "prepare-euer-blog-service" ''`
			`#!/bin/sh`
			`if ! test -d "${base-dir}" ;then`
			`mkdir -p "${base-dir}"`
			`chown ${user}:${group} "${base-dir}"`
			`chmod 700 "${base-dir}"`
			`fi`
			`'';`
			`Type = "oneshot";`
			`RemainAfterExit = "yes";`
			`TimeoutSec = "0";`
			`};`
			`};`

m 2 euer.blog: init (untested) 2015-10-29 08:28:27 +00:00			`krebs.nginx = {`
			`enable = mkDefault true;`
			`servers = {`
			`euer-blog = {`
m 2 nginx/euer*: prepare folders if they do not exist 2015-11-05 11:31:09 +00:00			`listen = [ "${external-ip}:80" "${external-ip}:443 ssl"`
			`"${internal-ip}:80" "${internal-ip}:443 ssl" ];`
			`server-names = [ "euer.krebsco.de" "blog.euer.krebsco.de" "blog.${hostname}" ];`
m 2 euer.blog: init (untested) 2015-10-29 08:28:27 +00:00			`extraConfig = ''`
			`gzip on;`
			`gzip_buffers 4 32k;`
			`gzip_types text/plain application/x-javascript text/css;`
			`ssl_certificate ${ssl_cert};`
			`ssl_certificate_key ${ssl_key};`
			`default_type text/plain;`
			`'';`
			`locations = singleton (nameValuePair "/" ''`
m 2 nginx/euer*: prepare folders if they do not exist 2015-11-05 11:31:09 +00:00			`root ${base-dir};`
m 2 euer.blog: init (untested) 2015-10-29 08:28:27 +00:00			`'');`
			`};`
			`};`
			`};`
			`}`