github.com-tboerger-nixos-c.../shared/services/webserver.nix

{ pkgs, lib, config, options, ... }:
with lib;

let
  cfg = config.personal.services.webserver;

in
{
  options = {
    personal = {
      services = {
        webserver = {
          enable = mkEnableOption "Webserver";

          hosts = mkOption {
            description = ''
              List of hosts to configure
            '';
            type = types.listOf (types.submodule {
              options = {
                domain = mkOption {
                  type = types.str;
                  description = "Name of the domain";
                };
                domainOptions = mkOption {
                  type = types.attrs;
                  default = { };
                  description = "Custom options for domain";
                };
                proxy = mkOption {
                  type = types.nullOr types.str;
                  default = null;
                  description = "Optional proxy target";
                };
                proxyOptions = mkOption {
                  type = types.str;
                  default = "";
                  description = "Custom options for proxy";
                };
              };
            });
            default = [ ];
            example = [{
              domain = "dummy.boerger.ws";
              proxy = "http://localhost:8080";
              options = {
                locations = {
                  "/".extraConfig = ''
                    autoindex on;
                  '';
                };
              };
            }];
          };

          acmeHost = mkOption {
            description = ''
              Use this acme certificate chain
            '';
            type = types.str;
            default = "boerger.ws";
          };
        };
      };
    };
  };

  config = mkIf cfg.enable {
    networking.firewall = {
      allowedTCPPorts = [ 80 443 ];
    };

    services = {
      nginx = {
        enable = true;

        recommendedTlsSettings = true;
        recommendedGzipSettings = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;

        virtualHosts = builtins.listToAttrs
          (map
            (elem: {
              name = elem.domain;
              value = {
                useACMEHost = cfg.acmeHost;
                forceSSL = true;
                locations = {
                  "/" = mkIf (builtins.hasAttr "proxy" elem) {
                    proxyPass = elem.proxy;
                    extraConfig = (
                      elem.proxyOptions or ''
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection $http_connection;
                        proxy_set_header X-Forwarded-Ssl on;
                      ''
                    );
                  };
                };
              } // (elem.domainOptions or { });
            })
            config.personal.services.webserver.hosts) // {
          "boerger.ws" = {
            useACMEHost = cfg.acmeHost;
            addSSL = true;
            forceSSL = false;
            default = true;
            root = "/var/empty";
          };
        };
      };
    };

    users = {
      users = {
        nginx = {
          extraGroups = [
            "acme"
          ];
        };
      };
    };

    personal = {
      services = {
        acme = {
          enable = true;
        };
      };
    };
  };
}
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`{ pkgs, lib, config, options, ... }:`
chore: big restructuring 2022-09-27 22:07:46 +02:00			`with lib;`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00
			`let`
			`cfg = config.personal.services.webserver;`

			`in`
			`{`
chore: big restructuring 2022-09-27 22:07:46 +02:00			`options = {`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`personal = {`
			`services = {`
			`webserver = {`
			`enable = mkEnableOption "Webserver";`

			`hosts = mkOption {`
			`description = ''`
			`List of hosts to configure`
			`'';`
chore: integrate deploy-rs and flake-utils 2022-09-28 13:54:01 +02:00			`type = types.listOf (types.submodule {`
			`options = {`
			`domain = mkOption {`
			`type = types.str;`
			`description = "Name of the domain";`
			`};`
			`domainOptions = mkOption {`
			`type = types.attrs;`
			`default = { };`
			`description = "Custom options for domain";`
			`};`
			`proxy = mkOption {`
			`type = types.nullOr types.str;`
			`default = null;`
			`description = "Optional proxy target";`
			`};`
			`proxyOptions = mkOption {`
			`type = types.str;`
			`default = "";`
			`description = "Custom options for proxy";`
			`};`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`};`
chore: integrate deploy-rs and flake-utils 2022-09-28 13:54:01 +02:00			`});`
			`default = [ ];`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`example = [{`
chore: big restructuring 2022-09-27 22:07:46 +02:00			`domain = "dummy.boerger.ws";`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`proxy = "http://localhost:8080";`
			`options = {`
			`locations = {`
			`"/".extraConfig = ''`
			`autoindex on;`
			`'';`
			`};`
			`};`
			`}];`
			`};`

			`acmeHost = mkOption {`
			`description = ''`
			`Use this acme certificate chain`
			`'';`
			`type = types.str;`
chore: big restructuring 2022-09-27 22:07:46 +02:00			`default = "boerger.ws";`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`};`
			`};`
			`};`
			`};`
			`};`

chore: big restructuring 2022-09-27 22:07:46 +02:00			`config = mkIf cfg.enable {`
feat: integrate most required services 2024-07-17 16:05:33 +02:00			`networking.firewall = {`
			`allowedTCPPorts = [ 80 443 ];`
			`};`

chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`services = {`
			`nginx = {`
			`enable = true;`

			`recommendedTlsSettings = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`

			`virtualHosts = builtins.listToAttrs`
			`(map`
			`(elem: {`
			`name = elem.domain;`
			`value = {`
			`useACMEHost = cfg.acmeHost;`
			`forceSSL = true;`
			`locations = {`
			`"/" = mkIf (builtins.hasAttr "proxy" elem) {`
			`proxyPass = elem.proxy;`
chore: even more restructuring 2022-10-25 09:53:40 +02:00			`extraConfig = (`
			`elem.proxyOptions or ''`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $http_connection;`
			`proxy_set_header X-Forwarded-Ssl on;`
			`''`
			`);`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`};`
			`};`
			`} // (elem.domainOptions or { });`
			`})`
			`config.personal.services.webserver.hosts) // {`
chore: even more restructuring 2022-10-25 09:53:40 +02:00			`"boerger.ws" = {`
chore: integrate deploy-rs and flake-utils 2022-09-28 13:54:01 +02:00			`useACMEHost = cfg.acmeHost;`
			`addSSL = true;`
			`forceSSL = false;`
			`default = true;`
chore: even more restructuring 2022-10-25 09:53:40 +02:00			`root = "/var/empty";`
chore: integrate deploy-rs and flake-utils 2022-09-28 13:54:01 +02:00			`};`
			`};`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`};`
			`};`

			`users = {`
			`users = {`
			`nginx = {`
			`extraGroups = [`
			`"acme"`
			`];`
			`};`
			`};`
			`};`

feat: integrate most required services 2024-07-17 16:05:33 +02:00			`personal = {`
			`services = {`
			`acme = {`
			`enable = true;`
			`};`
			`};`
chore(machines): update module structuring 2022-04-10 20:57:56 +02:00			`};`
			`};`
			`}`