k 3 bepasty-server: finish krebs.nginx -> servers.nginx

This commit is contained in:
makefu 2016-12-25 00:21:54 +01:00
parent 83ca6e1879
commit 3682e60aee
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
2 changed files with 19 additions and 27 deletions

View File

@ -48,6 +48,7 @@ let
default = "";
};
# we create a wsgi socket in $workDir/gunicorn-${name}.wsgi
workDir = mkOption {
type = types.str;
@ -155,21 +156,22 @@ let
assertions = [{ assertion = config.services.nginx.enable;
message = "services.nginx.enable must be true"; }];
services.nginx.virtualHosts = mapAttrs ( server:
(mkMerge [ server.nginx {
extraConfig = ''
client_max_body_size 32M;
'';
locations = {
"/" = ''
proxy_set_header Host $http_host;
proxy_pass http://unix:${server.workDir}/gunicorn-${name}.sock;
'';
"/static/" = ''
alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
'';
};
}])) cfg.servers ;
services.nginx.virtualHosts = mapAttrs ( name: server:
(mkMerge [
server.nginx
{
extraConfig = ''
client_max_body_size 32M;
'';
locations = {
"/".extraConfig = "proxy_set_header Host $http_host;";
"/".proxyPass = "http://unix:${server.workDir}/gunicorn-${name}.sock";
"/static/".extraConfig = ''
alias ${bepasty}/lib/${python.libPrefix}/site-packages/bepasty/static/;
'';
};
}])
) cfg.servers ;
};
in
out

View File

@ -26,8 +26,7 @@ in {
serveNginx= true;
servers = {
internal = {
domain = "paste.r";
"paste.r" = {
nginx = {
serverAliases = [ "paste.retiolum" "paste.${config.krebs.build.host.name}" ];
};
@ -35,8 +34,7 @@ in {
secretKey = secKey;
};
external = {
domain = ext-dom;
"${ext-dom}" = {
nginx = {
enableSSL = true;
forceSSL = true;
@ -47,12 +45,4 @@ in {
};
};
};
security.acme.certs."${ext-dom}" = {
email = "acme@syntax-fehler.de";
webroot = "${acmechall}/${ext-dom}/";
group = "nginx";
allowKeysForGroup = true;
postRun = "systemctl reload nginx.service";
extraDomains."${ext-dom}" = null ;
};
}