Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

krebs.nginx: don't abuse extraConfig

Browse Source
This commit is contained in:
tv 2016-04-07 20:48:07 +02:00
parent e1a287c78b
commit 7fb1a3e775
1 changed files with 18 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
krebs/3modules/nginx.nix
View File

@ -117,28 +117,24 @@ let
} }
''; '';
to-server = { server-names, listen, locations, extraConfig, ssl, ... }: to-server = { server-names, listen, locations, extraConfig, ssl, ... }: ''
let server {
_extraConfig = if ssl.enable then server_name ${toString server-names};
extraConfig + '' ${concatMapStringsSep "\n" (x: indent "listen ${x};") listen}
ssl_certificate ${ssl.certificate}; ${optionalString ssl.enable (indent ''
ssl_certificate_key ${ssl.certificate_key}; listen 443 ssl;
${optionalString ssl.prefer_server_ciphers "ssl_prefer_server_ciphers On;"} ssl_certificate ${ssl.certificate};
ssl_ciphers ${ssl.ciphers}; ssl_certificate_key ${ssl.certificate_key};
ssl_protocols ${toString ssl.protocols}; ${optionalString ssl.prefer_server_ciphers ''
'' ssl_prefer_server_ciphers On;
else ''}
extraConfig ssl_ciphers ${ssl.ciphers};
; ssl_protocols ${toString ssl.protocols};
'')}
in '' ${indent extraConfig}
server { ${indent (concatMapStrings to-location locations)}
${concatMapStringsSep "\n" (x: "listen ${x};") (listen ++ optional ssl.enable "443 ssl")} }
server_name ${toString server-names}; '';
${indent _extraConfig}
${indent (concatMapStrings to-location locations)}
}
'';
in in
out out