nginx: refactor, remove hard coded vhost names
This commit is contained in:
quitte
parent
87a5486114
commit
fe946150d7
|
|
@ -1,25 +1,28 @@
|
||||||
{ lib, config, pkgs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
services.nginx =
|
# set default options for virtualHosts
|
||||||
let
|
options = with lib; {
|
||||||
# manually write the hosts in here since automatic grabbing leads to an unfixable infinite recursion
|
services.nginx.virtualHosts = mkOption {
|
||||||
hosts = [ "mail" "rspamd" "chat" "matrix" "kpp" "kurse" "git" "ftp" "users" "pad" "list.pad" "manual" "infoscreen" "kanboard" "kb" "lists" "nc" "oc" "sharepic" "vault" "www" "wiki" ];
|
type = types.attrsOf (types.submodule
|
||||||
in
|
({ name, ... }: {
|
||||||
{
|
# split up nginx access logs per vhost
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/${name}_access.log;
|
||||||
|
error_log /var/log/nginx/${name}_error.log;
|
||||||
|
'';
|
||||||
|
})
|
||||||
|
);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
services.nginx = {
|
||||||
additionalModules = [ pkgs.nginxModules.pam ];
|
additionalModules = [ pkgs.nginxModules.pam ];
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
# split up nginx access logs per vhost
|
|
||||||
virtualHosts = lib.genAttrs (lib.lists.forEach hosts (h: h + ".ifsr.de")) (host: {
|
|
||||||
extraConfig = ''
|
|
||||||
access_log /var/log/nginx/${host}_access.log;
|
|
||||||
error_log /var/log/nginx/${host}_error.log;
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
|
|
||||||
# appendHttpConfig = ''
|
# appendHttpConfig = ''
|
||||||
# map $remote_addr $remote_addr_anon {
|
# map $remote_addr $remote_addr_anon {
|
||||||
|
|
@ -37,15 +40,16 @@
|
||||||
# access_log /var/log/nginx/access.log anon_ip;
|
# access_log /var/log/nginx/access.log anon_ip;
|
||||||
# '';
|
# '';
|
||||||
};
|
};
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults = {
|
defaults = {
|
||||||
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
email = "root@${config.networking.domain}";
|
email = "root@${config.networking.domain}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
security.pam.services.nginx.text = ''
|
||||||
|
auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||||
|
account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
security.pam.services.nginx.text = ''
|
|
||||||
auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
|
||||||
account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue