Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

krebs 3 retiolum-bootstra: use nginx listen list

Browse Source 
consolidate nginx servers into 1, provide a means to override the listen
addresses.
This commit is contained in:
makefu 2015-10-20 19:59:59 +02:00
parent e0eed572ec
commit 0bc015bf3c
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
krebs/3modules/retiolum-bootstrap.nix
View File

@ -16,6 +16,14 @@ let
description = "hostname which serves tinc boot"; description = "hostname which serves tinc boot";
default = "tinc.krebsco.de" ; default = "tinc.krebsco.de" ;
}; };
listen = mkOption {
type = with types; listOf str;
description = ''Addresses to listen on (nginx-syntax).
ssl will be configured, http will be redirected to ssl.
Make sure to have at least 1 ssl port configured.
'';
default = [ "80" "443 ssl" ] ;
};
ssl_certificate_key = mkOption { ssl_certificate_key = mkOption {
type = types.str; type = types.str;
description = "Certificate key to use for ssl"; description = "Certificate key to use for ssl";
@ -33,19 +41,17 @@ let
imp = { imp = {
krebs.nginx.servers = assert config.krebs.nginx.enable; { krebs.nginx.servers = assert config.krebs.nginx.enable; {
retiolum-boot-redir = {
server-names = singleton cfg.hostname;
extraConfig = ''
return 301 https://$server_name$request_uri;
'';
locations = [];
};
retiolum-boot-ssl = { retiolum-boot-ssl = {
server-names = singleton cfg.hostname; server-names = singleton cfg.hostname;
listen = "443 ssl"; listen = cfg.listen;
extraConfig = '' extraConfig = ''
ssl_certificate ${cfg.ssl_certificate}; ssl_certificate ${cfg.ssl_certificate};
ssl_certificate_key ${cfg.ssl_certificate_key}; ssl_certificate_key ${cfg.ssl_certificate_key};
if ($scheme = http){
return 301 https://$server_name$request_uri;
}
root ${pkgs.retiolum-bootstrap}; root ${pkgs.retiolum-bootstrap};
try_files $uri $uri/retiolum.sh; try_files $uri $uri/retiolum.sh;
''; '';