Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l websites: use lists in helpers

Browse Source
This commit is contained in:
lassulus 2016-04-13 16:32:04 +02:00
parent 4c4ac83e1f
commit de6e888da9
4 changed files with 48 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lass/2configs/websites/domsen.nix
View File

@ -13,22 +13,22 @@ let
in { in {
imports = [ imports = [
( ssl "reich-gebaeudereinigung.de" ) ( ssl [ "reich-gebaeudereinigung.de" ])
( servePage "reich-gebaeudereinigung.de" ) ( servePage [ "reich-gebaeudereinigung.de" ])
( manageCert "karlaskop.de" ) ( manageCerts [ "karlaskop.de" ])
( servePage "karlaskop.de" ) ( servePage [ "karlaskop.de" ])
( manageCert "makeup.apanowicz.de" ) ( ssl [ "makeup.apanowicz.de" ])
( servePage "makeup.apanowicz.de" ) ( servePage [ "makeup.apanowicz.de" ])
( manageCert "pixelpocket.de" ) ( manageCerts [ "pixelpocket.de" ])
( servePage "pixelpocket.de" ) ( servePage [ "pixelpocket.de" ])
( ssl "o.ubikmedia.de" ) ( ssl [ "o.ubikmedia.de" ])
( serveOwncloud "o.ubikmedia.de" ) ( serveOwncloud [ "o.ubikmedia.de" ])
( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] ) ( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
]; ];

39
lass/2configs/websites/fritz.nix
View File

@ -2,37 +2,40 @@
let let
inherit (import ../../4lib { inherit lib pkgs; }) inherit (import ../../4lib { inherit lib pkgs; })
manageCert manageCerts
activateACME activateACME
ssl ssl
servePage servePage
serveOwncloud; serveWordpress;
in { in {
imports = [ imports = [
( manageCert "biostase.de" ) #( manageCerts [ "biostase.de" ])
( servePage "biostase.de" ) #( servePage [ "biostase.de" ])
( manageCert "gs-maubach.de" ) #( manageCerts [ "gs-maubach.de" ])
( servePage "gs-maubach.de" ) #( servePage [ "gs-maubach.de" ])
( manageCert "spielwaren-kern.de" ) #( manageCerts [ "spielwaren-kern.de" ])
( servePage "spielwaren-kern.de" ) #( servePage [ "spielwaren-kern.de" ])
( manageCert "societyofsimtech.de" ) #( manageCerts [ "societyofsimtech.de" ])
( servePage "societyofsimtech.de" ) #( servePage [ "societyofsimtech.de" ])
( manageCert "ttf-kleinaspach.de" ) #( manageCerts [ "ttf-kleinaspach.de" ])
( servePage "ttf-kleinaspach.de" ) #( servePage [ "ttf-kleinaspach.de" ])
( manageCert "edsn.de" ) #( manageCerts [ "edsn.de" ])
( servePage "edsn.de" ) #( servePage [ "edsn.de" ])
( manageCert "eab.berkeley.edu" ) #( manageCerts [ "eab.berkeley.edu" ])
( servePage "eab.berkeley.edu" ) #( servePage [ "eab.berkeley.edu" ])
( manageCert "habsys.de" ) ( manageCerts [ "eastuttgart.de" ])
( servePage "habsys.de" ) ( serveWordpress [ "eastuttgart.de" ])
( manageCerts [ "habsys.de" ])
( servePage [ "habsys.de" ])
]; ];
#lass.owncloud = { #lass.owncloud = {

9
lass/2configs/websites/wohnprojekt-rhh.de.nix
View File

@ -3,16 +3,13 @@
let let
inherit (config.krebs.lib) genid; inherit (config.krebs.lib) genid;
inherit (import ../../4lib { inherit lib pkgs; }) inherit (import ../../4lib { inherit lib pkgs; })
manageCert
activateACME
ssl ssl
servePage servePage;
serveOwncloud;
in { in {
imports = [ imports = [
( ssl "wohnprojekt-rhh.de" ) ( ssl [ "wohnprojekt-rhh.de" ])
( servePage "wohnprojekt-rhh.de" ) ( servePage [ "wohnprojekt-rhh.de" ])
]; ];
users.users.laura = { users.users.laura = {

53
lass/4lib/default.nix
View File

@ -7,31 +7,6 @@ rec {
getDefaultGateway = ip: getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]); concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
manageCert = domain:
{
security.acme = {
certs."${domain}" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/challenges/${domain}";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
];
group = "nginx";
allowKeysForGroup = true;
};
};
krebs.nginx.servers."${domain}" = {
locations = [
(nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/${domain}/;
'')
];
};
};
manageCerts = domains: manageCerts = domains:
let let
domain = head domains; domain = head domains;
@ -60,11 +35,11 @@ rec {
}; };
}; };
ssl = domain: ssl = domains:
{ {
imports = [ imports = [
( manageCert domain ) ( manageCerts domains )
( activateACME domain ) ( activateACME (head domains) )
]; ];
}; };
@ -79,13 +54,12 @@ rec {
}; };
}; };
servePage = domain: servePage = domains:
{ let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = { krebs.nginx.servers."${domain}" = {
server-names = [ server-names = domains;
"${domain}"
"www.${domain}"
];
locations = [ locations = [
(nameValuePair "/" '' (nameValuePair "/" ''
root /srv/http/${domain}; root /srv/http/${domain};
@ -94,13 +68,12 @@ rec {
}; };
}; };
serveOwncloud = domain: serveOwncloud = domains:
{ let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = { krebs.nginx.servers."${domain}" = {
server-names = [ server-names = domains;
"${domain}"
"www.${domain}"
];
extraConfig = '' extraConfig = ''
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";