From 57b4a87962e273525a0e3a955ae4a13ca45c59f3 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 17 Apr 2017 16:20:05 +0200 Subject: [PATCH] retiolum-bootstrap: krebs.nginx -> services.nginx --- krebs/3modules/retiolum-bootstrap.nix | 58 +++++++++------------------ 1 file changed, 20 insertions(+), 38 deletions(-) diff --git a/krebs/3modules/retiolum-bootstrap.nix b/krebs/3modules/retiolum-bootstrap.nix index 4bcd596d4..53b06a702 100644 --- a/krebs/3modules/retiolum-bootstrap.nix +++ b/krebs/3modules/retiolum-bootstrap.nix @@ -1,53 +1,38 @@ -{ config, lib, pkgs, ... }: - +{ config, pkgs, ... }: with import ; let cfg = config.krebs.retiolum-bootstrap; - - out = { - options.krebs.retiolum-bootstrap = api; - config = lib.mkIf cfg.enable imp; - }; - - api = { - enable = mkEnableOption "retiolum boot strap for tinc.krebsco.de"; - hostname = mkOption { +in +{ + options.krebs.retiolum-bootstrap = { + enable = mkEnableOption "retiolum boot strap for ${cfg.serverName}"; + serverName = mkOption { type = types.str; description = "hostname which serves tinc boot"; default = "tinc.krebsco.de" ; }; - listen = mkOption { - type = with types; listOf str; - description = ''Addresses to listen on (nginx-syntax). - ssl will be configured, http will be redirected to ssl. - Make sure to have at least 1 ssl port configured. - ''; - default = [ "80" "443 ssl" ] ; - }; - ssl_certificate_key = mkOption { - type = types.str; - description = "Certificate key to use for ssl"; - default = "${toString }/tinc.krebsco.de.key"; - }; - ssl_certificate = mkOption { + sslCertificate = mkOption { type = types.str; description = "Certificate file to use for ssl"; default = "${toString }/tinc.krebsco.de.crt" ; }; + sslCertificateKey = mkOption { + type = types.str; + description = "Certificate key to use for ssl"; + default = "${toString }/tinc.krebsco.de.key"; + }; # in use: # # }; - imp = { - krebs.nginx.servers = assert config.krebs.nginx.enable; { - retiolum-boot-ssl = { - server-names = singleton cfg.hostname; - listen = cfg.listen; - extraConfig = '' - ssl_certificate ${cfg.ssl_certificate}; - ssl_certificate_key ${cfg.ssl_certificate_key}; - + config = mkIf cfg.enable { + services.nginx = { + enable = mkDefault true; + virtualHosts.retiolum-bootstrap = { + inherit (cfg) serverName sslCertificate sslCertificateKey; + enableSSL = true; + extraConfig ='' if ($scheme = http){ return 301 https://$server_name$request_uri; } @@ -55,10 +40,7 @@ let root ${pkgs.retiolum-bootstrap}; try_files $uri $uri/retiolum.sh; ''; - locations = []; }; }; }; - -in -out +}