tv: modularize nginx

modules/tv/git/cgit.nix

@@ -6,10 +6,16 @@ let
 
   cfg = config.services.git;
 
+  location = lib.nameValuePair; # TODO this is also in modules/wu/default.nix
+
   isPublicRepo = getAttr "public"; # TODO this is also in ./default.nix
 in
 
 {
+  imports = [
+    ../../tv/nginx
+  ];
+
   config = mkIf cfg.cgit {
 
     users.extraUsers = lib.singleton {
@@ -66,46 +72,26 @@ in
       '') (filter isPublicRepo (attrValues cfg.repos))}
     '';
 
-    # TODO modular nginx configuration
-    services.nginx =
-      let
-        name = config.networking.hostName;
-        qname = "${name}.retiolum";
-      in
-        {
-          enable = true;
-          httpConfig = ''
-            include           ${pkgs.nginx}/conf/mime.types;
-            default_type      application/octet-stream;
-            sendfile          on;
-            keepalive_timeout 65;
-            gzip              on;
-            server {
-              listen 80;
-              server_name ${name} ${qname} localhost;
-              root ${pkgs.cgit}/cgit;
-
-              location /cgit-static {
-                rewrite ^/cgit-static(/.*)$ $1 break;
-                #expires 30d;
-              }
-
-              location /cgit {
-                include             ${pkgs.nginx}/conf/fastcgi_params;
-                fastcgi_param       SCRIPT_FILENAME $document_root/cgit.cgi;
-                #fastcgi_param       PATH_INFO       $uri;
-                fastcgi_split_path_info ^(/cgit/?)(.+)$;
-                fastcgi_param PATH_INFO $fastcgi_path_info;
-                fastcgi_param       QUERY_STRING    $args;
-                fastcgi_param       HTTP_HOST       $server_name;
-                fastcgi_pass        unix:${config.services.fcgiwrap.socketAddress};
-              }
-
-              location / {
-                return 404;
-              }
-            }
-          '';
-        };
+    tv.nginx = {
+      enable = true;
+      retiolum-locations = [
+        (location "/cgit/" ''
+          include             ${pkgs.nginx}/conf/fastcgi_params;
+          fastcgi_param       SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+          fastcgi_split_path_info ^(/cgit/?)(.+)$;
+          fastcgi_param       PATH_INFO       $fastcgi_path_info;
+          fastcgi_param       QUERY_STRING    $args;
+          fastcgi_param       HTTP_HOST       $server_name;
+          fastcgi_pass        unix:${config.services.fcgiwrap.socketAddress};
+        '')
+        (location "= /cgit" ''
+          return 301 /cgit/;
+        '')
+        (location "/cgit-static/" ''
+          root ${pkgs.cgit}/cgit;
+          rewrite ^/cgit-static(/.*)$ $1 break;
+        '')
+      ];
+    };
   };
 }

modules/tv/nginx.nix

@@ -1,30 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  services.nginx =
-    let
-      name = config.networking.hostName;
-      qname = "${name}.retiolum";
-    in
-      {
-        enable = true;
-        httpConfig = ''
-          sendfile  on;
-          server {
-            listen      80;
-            server_name ${name} ${qname} localhost;
-            root /srv/http/${name};
-            location ~ ^/~(.+?)(/.*)?$ {
-              alias /home/$1/public_html$2;
-            }
-          }
-          types {
-            text/css css;
-            text/html html;
-            image/svg+xml svg;
-          }
-          default_type text/html;
-          charset utf-8;
-        '';
-      };
-}

modules/tv/nginx/config.nix

@@ -0,0 +1,49 @@
+{ cfg, config, lib, pkgs, ... }:
+
+let
+  inherit (lib) concatStrings replaceChars;
+
+  indent = replaceChars ["\n"] ["\n  "];
+
+  to-location = { name, value }: ''
+    location ${name} {
+      ${indent value}
+    }
+  '';
+in
+
+{
+  services.nginx =
+    let
+      name = config.services.retiolum.name;
+      qname = "${name}.retiolum";
+    in
+    assert config.services.retiolum.enable;
+    {
+      enable = true;
+      httpConfig = ''
+        include           ${pkgs.nginx}/conf/mime.types;
+        default_type      application/octet-stream;
+        sendfile          on;
+        keepalive_timeout 65;
+        gzip              on;
+        server {
+          listen 80 default_server;
+          server_name _;
+          location / {
+            return 404;
+          }
+        }
+        server {
+          listen 80;
+          server_name ${name} ${qname};
+
+          ${indent (concatStrings (map to-location cfg.retiolum-locations))}
+
+          location / {
+            return 404;
+          }
+        }
+      '';
+    };
+}

modules/tv/nginx/default.nix

@@ -0,0 +1,11 @@
+arg@{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.tv.nginx;
+  arg' = arg // { inherit cfg; };
+in
+
+{
+  options.tv.nginx = import ./options.nix arg';
+  config = lib.mkIf cfg.enable (import ./config.nix arg');
+}

modules/tv/nginx/options.nix

@@ -0,0 +1,21 @@
+{ lib, ... }:
+
+let
+  inherit (lib) mkOption types;
+in
+
+{
+  enable = mkOption {
+    type = types.bool;
+    default = false;
+    description = "Enable nginx.";
+  };
+
+  retiolum-locations = mkOption {
+    type = with types; listOf (attrsOf str);
+    default = [];
+    description = ''
+      TODO
+    '';
+  };
+}

modules/wu/default.nix

@@ -4,6 +4,8 @@ let
   lib = import ../../lib { lib = pkgs.lib; inherit pkgs; };
 
   inherit (lib) majmin;
+
+  location = pkgs.lib.nameValuePair; # TODO this is also in modules/tv/git/cgit.nix
 in
 
 {
@@ -12,7 +14,6 @@ in
     ../common/nixpkgs.nix
     ../tv/base.nix
     ../tv/exim-retiolum.nix
-    ../tv/nginx.nix
     ../tv/retiolum.nix
     ../tv/sanitize.nix
     ../tv/smartd.nix
@@ -33,6 +34,17 @@ in
         ];
       };
     }
+    {
+      imports = [ ../tv/nginx ];
+      tv.nginx = {
+        enable = true;
+        retiolum-locations = [
+          (location "~ ^/~(.+?)(/.*)?\$" ''
+            alias /home/$1/public_html$2;
+          '')
+        ];
+      };
+    }
   ];
 
   nix.maxJobs = 8;