l websites: use lists in helpers
This commit is contained in:
parent
4c4ac83e1f
commit
de6e888da9
@ -13,22 +13,22 @@ let
|
||||
|
||||
in {
|
||||
imports = [
|
||||
( ssl "reich-gebaeudereinigung.de" )
|
||||
( servePage "reich-gebaeudereinigung.de" )
|
||||
( ssl [ "reich-gebaeudereinigung.de" ])
|
||||
( servePage [ "reich-gebaeudereinigung.de" ])
|
||||
|
||||
( manageCert "karlaskop.de" )
|
||||
( servePage "karlaskop.de" )
|
||||
( manageCerts [ "karlaskop.de" ])
|
||||
( servePage [ "karlaskop.de" ])
|
||||
|
||||
( manageCert "makeup.apanowicz.de" )
|
||||
( servePage "makeup.apanowicz.de" )
|
||||
( ssl [ "makeup.apanowicz.de" ])
|
||||
( servePage [ "makeup.apanowicz.de" ])
|
||||
|
||||
( manageCert "pixelpocket.de" )
|
||||
( servePage "pixelpocket.de" )
|
||||
( manageCerts [ "pixelpocket.de" ])
|
||||
( servePage [ "pixelpocket.de" ])
|
||||
|
||||
( ssl "o.ubikmedia.de" )
|
||||
( serveOwncloud "o.ubikmedia.de" )
|
||||
( ssl [ "o.ubikmedia.de" ])
|
||||
( serveOwncloud [ "o.ubikmedia.de" ])
|
||||
|
||||
( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||
( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
|
||||
];
|
||||
|
||||
|
@ -2,37 +2,40 @@
|
||||
|
||||
let
|
||||
inherit (import ../../4lib { inherit lib pkgs; })
|
||||
manageCert
|
||||
manageCerts
|
||||
activateACME
|
||||
ssl
|
||||
servePage
|
||||
serveOwncloud;
|
||||
serveWordpress;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
( manageCert "biostase.de" )
|
||||
( servePage "biostase.de" )
|
||||
#( manageCerts [ "biostase.de" ])
|
||||
#( servePage [ "biostase.de" ])
|
||||
|
||||
( manageCert "gs-maubach.de" )
|
||||
( servePage "gs-maubach.de" )
|
||||
#( manageCerts [ "gs-maubach.de" ])
|
||||
#( servePage [ "gs-maubach.de" ])
|
||||
|
||||
( manageCert "spielwaren-kern.de" )
|
||||
( servePage "spielwaren-kern.de" )
|
||||
#( manageCerts [ "spielwaren-kern.de" ])
|
||||
#( servePage [ "spielwaren-kern.de" ])
|
||||
|
||||
( manageCert "societyofsimtech.de" )
|
||||
( servePage "societyofsimtech.de" )
|
||||
#( manageCerts [ "societyofsimtech.de" ])
|
||||
#( servePage [ "societyofsimtech.de" ])
|
||||
|
||||
( manageCert "ttf-kleinaspach.de" )
|
||||
( servePage "ttf-kleinaspach.de" )
|
||||
#( manageCerts [ "ttf-kleinaspach.de" ])
|
||||
#( servePage [ "ttf-kleinaspach.de" ])
|
||||
|
||||
( manageCert "edsn.de" )
|
||||
( servePage "edsn.de" )
|
||||
#( manageCerts [ "edsn.de" ])
|
||||
#( servePage [ "edsn.de" ])
|
||||
|
||||
( manageCert "eab.berkeley.edu" )
|
||||
( servePage "eab.berkeley.edu" )
|
||||
#( manageCerts [ "eab.berkeley.edu" ])
|
||||
#( servePage [ "eab.berkeley.edu" ])
|
||||
|
||||
( manageCert "habsys.de" )
|
||||
( servePage "habsys.de" )
|
||||
( manageCerts [ "eastuttgart.de" ])
|
||||
( serveWordpress [ "eastuttgart.de" ])
|
||||
|
||||
( manageCerts [ "habsys.de" ])
|
||||
( servePage [ "habsys.de" ])
|
||||
];
|
||||
|
||||
#lass.owncloud = {
|
||||
|
@ -3,16 +3,13 @@
|
||||
let
|
||||
inherit (config.krebs.lib) genid;
|
||||
inherit (import ../../4lib { inherit lib pkgs; })
|
||||
manageCert
|
||||
activateACME
|
||||
ssl
|
||||
servePage
|
||||
serveOwncloud;
|
||||
servePage;
|
||||
|
||||
in {
|
||||
imports = [
|
||||
( ssl "wohnprojekt-rhh.de" )
|
||||
( servePage "wohnprojekt-rhh.de" )
|
||||
( ssl [ "wohnprojekt-rhh.de" ])
|
||||
( servePage [ "wohnprojekt-rhh.de" ])
|
||||
];
|
||||
|
||||
users.users.laura = {
|
||||
|
@ -7,31 +7,6 @@ rec {
|
||||
getDefaultGateway = ip:
|
||||
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
|
||||
|
||||
manageCert = domain:
|
||||
{
|
||||
security.acme = {
|
||||
certs."${domain}" = {
|
||||
email = "lassulus@gmail.com";
|
||||
webroot = "/var/lib/acme/challenges/${domain}";
|
||||
plugins = [
|
||||
"account_key.json"
|
||||
"key.pem"
|
||||
"fullchain.pem"
|
||||
];
|
||||
group = "nginx";
|
||||
allowKeysForGroup = true;
|
||||
};
|
||||
};
|
||||
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
locations = [
|
||||
(nameValuePair "/.well-known/acme-challenge" ''
|
||||
root /var/lib/acme/challenges/${domain}/;
|
||||
'')
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
manageCerts = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
@ -60,11 +35,11 @@ rec {
|
||||
};
|
||||
};
|
||||
|
||||
ssl = domain:
|
||||
ssl = domains:
|
||||
{
|
||||
imports = [
|
||||
( manageCert domain )
|
||||
( activateACME domain )
|
||||
( manageCerts domains )
|
||||
( activateACME (head domains) )
|
||||
];
|
||||
};
|
||||
|
||||
@ -79,13 +54,12 @@ rec {
|
||||
};
|
||||
};
|
||||
|
||||
servePage = domain:
|
||||
{
|
||||
servePage = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
];
|
||||
server-names = domains;
|
||||
locations = [
|
||||
(nameValuePair "/" ''
|
||||
root /srv/http/${domain};
|
||||
@ -94,13 +68,12 @@ rec {
|
||||
};
|
||||
};
|
||||
|
||||
serveOwncloud = domain:
|
||||
{
|
||||
serveOwncloud = domains:
|
||||
let
|
||||
domain = head domains;
|
||||
in {
|
||||
krebs.nginx.servers."${domain}" = {
|
||||
server-names = [
|
||||
"${domain}"
|
||||
"www.${domain}"
|
||||
];
|
||||
server-names = domains;
|
||||
extraConfig = ''
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
|
Loading…
Reference in New Issue
Block a user