l websites: use lists in helpers

This commit is contained in:
lassulus 2016-04-13 16:32:04 +02:00
parent 4c4ac83e1f
commit de6e888da9
4 changed files with 48 additions and 75 deletions

View File

@ -13,22 +13,22 @@ let
in {
imports = [
( ssl "reich-gebaeudereinigung.de" )
( servePage "reich-gebaeudereinigung.de" )
( ssl [ "reich-gebaeudereinigung.de" ])
( servePage [ "reich-gebaeudereinigung.de" ])
( manageCert "karlaskop.de" )
( servePage "karlaskop.de" )
( manageCerts [ "karlaskop.de" ])
( servePage [ "karlaskop.de" ])
( manageCert "makeup.apanowicz.de" )
( servePage "makeup.apanowicz.de" )
( ssl [ "makeup.apanowicz.de" ])
( servePage [ "makeup.apanowicz.de" ])
( manageCert "pixelpocket.de" )
( servePage "pixelpocket.de" )
( manageCerts [ "pixelpocket.de" ])
( servePage [ "pixelpocket.de" ])
( ssl "o.ubikmedia.de" )
( serveOwncloud "o.ubikmedia.de" )
( ssl [ "o.ubikmedia.de" ])
( serveOwncloud [ "o.ubikmedia.de" ])
( manageCerts [ "ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
( ssl [ "ubikmedia.de" "aldona.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
( serveWordpress [ "ubikmedia.de" "*.ubikmedia.de" "apanowicz.de" "nirwanabluete.de" "aldonasiech.com" "360gradvideo.tv" "ubikmedia.eu" ] )
];

View File

@ -2,37 +2,40 @@
let
inherit (import ../../4lib { inherit lib pkgs; })
manageCert
manageCerts
activateACME
ssl
servePage
serveOwncloud;
serveWordpress;
in {
imports = [
( manageCert "biostase.de" )
( servePage "biostase.de" )
#( manageCerts [ "biostase.de" ])
#( servePage [ "biostase.de" ])
( manageCert "gs-maubach.de" )
( servePage "gs-maubach.de" )
#( manageCerts [ "gs-maubach.de" ])
#( servePage [ "gs-maubach.de" ])
( manageCert "spielwaren-kern.de" )
( servePage "spielwaren-kern.de" )
#( manageCerts [ "spielwaren-kern.de" ])
#( servePage [ "spielwaren-kern.de" ])
( manageCert "societyofsimtech.de" )
( servePage "societyofsimtech.de" )
#( manageCerts [ "societyofsimtech.de" ])
#( servePage [ "societyofsimtech.de" ])
( manageCert "ttf-kleinaspach.de" )
( servePage "ttf-kleinaspach.de" )
#( manageCerts [ "ttf-kleinaspach.de" ])
#( servePage [ "ttf-kleinaspach.de" ])
( manageCert "edsn.de" )
( servePage "edsn.de" )
#( manageCerts [ "edsn.de" ])
#( servePage [ "edsn.de" ])
( manageCert "eab.berkeley.edu" )
( servePage "eab.berkeley.edu" )
#( manageCerts [ "eab.berkeley.edu" ])
#( servePage [ "eab.berkeley.edu" ])
( manageCert "habsys.de" )
( servePage "habsys.de" )
( manageCerts [ "eastuttgart.de" ])
( serveWordpress [ "eastuttgart.de" ])
( manageCerts [ "habsys.de" ])
( servePage [ "habsys.de" ])
];
#lass.owncloud = {

View File

@ -3,16 +3,13 @@
let
inherit (config.krebs.lib) genid;
inherit (import ../../4lib { inherit lib pkgs; })
manageCert
activateACME
ssl
servePage
serveOwncloud;
servePage;
in {
imports = [
( ssl "wohnprojekt-rhh.de" )
( servePage "wohnprojekt-rhh.de" )
( ssl [ "wohnprojekt-rhh.de" ])
( servePage [ "wohnprojekt-rhh.de" ])
];
users.users.laura = {

View File

@ -7,31 +7,6 @@ rec {
getDefaultGateway = ip:
concatStringsSep "." (take 3 (splitString "." ip) ++ ["1"]);
manageCert = domain:
{
security.acme = {
certs."${domain}" = {
email = "lassulus@gmail.com";
webroot = "/var/lib/acme/challenges/${domain}";
plugins = [
"account_key.json"
"key.pem"
"fullchain.pem"
];
group = "nginx";
allowKeysForGroup = true;
};
};
krebs.nginx.servers."${domain}" = {
locations = [
(nameValuePair "/.well-known/acme-challenge" ''
root /var/lib/acme/challenges/${domain}/;
'')
];
};
};
manageCerts = domains:
let
domain = head domains;
@ -60,11 +35,11 @@ rec {
};
};
ssl = domain:
ssl = domains:
{
imports = [
( manageCert domain )
( activateACME domain )
( manageCerts domains )
( activateACME (head domains) )
];
};
@ -79,13 +54,12 @@ rec {
};
};
servePage = domain:
{
servePage = domains:
let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = {
server-names = [
"${domain}"
"www.${domain}"
];
server-names = domains;
locations = [
(nameValuePair "/" ''
root /srv/http/${domain};
@ -94,13 +68,12 @@ rec {
};
};
serveOwncloud = domain:
{
serveOwncloud = domains:
let
domain = head domains;
in {
krebs.nginx.servers."${domain}" = {
server-names = [
"${domain}"
"www.${domain}"
];
server-names = domains;
extraConfig = ''
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";