| blob | 32e7053876fb99f3b6d1e769afc79ddfe89693e1 |
1 { config
2 , pkgs
3 , lib
4 , ...
5 }:
7 with builtins;
8 let
9 inherit (lib)
10 mapAttrs'
11 nameValuePair
12 foldlAttrs
13 ;
14 inherit (config.lib)
15 mylib
16 mypkgs
17 ;
18 inherit (mylib)
19 maybe
20 ;
22 hostname = config.networking.hostName;
23 maybe' = maybe (
24 hostname == "van-vc2"
25 );
26 www-urls = config.lib.wwwURLs or { };
28 get-url = url-or-attrs:
29 if ! isAttrs url-or-attrs then url-or-attrs
30 else url-or-attrs.url;
32 get-cfg = url-or-attrs:
33 if ! isAttrs url-or-attrs then ""
34 else
35 foldlAttrs
36 (acc: k: v:
37 if k == "url" then acc
38 else acc + "${k} ${v};\n"
39 ) ""
40 url-or-attrs;
41 in
42 {
43 services.nginx = maybe' {
44 enable = trace "Nginx for www.func.xyz Enabled" true;
45 virtualHosts."www.func.xyz" = {
46 forceSSL = true;
47 enableACME = true;
48 locations = mapAttrs'
49 (location: url-or-attrs:
50 nameValuePair location {
51 proxyPass = "${get-url url-or-attrs}$is_args$args";
52 extraConfig = ''
53 proxy_ssl_verify on;
54 proxy_ssl_trusted_certificate ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
55 proxy_ssl_session_reuse on;
56 proxy_ssl_server_name on;
57 proxy_set_header Host $host;
58 proxy_set_header X-Real-IP $remote_addr;
59 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
60 proxy_set_header X-Forwarded-Proto $scheme;
61 proxy_set_header X-Forwarded-Host $host;
62 proxy_set_header X-Forwarded-Server $host;
64 '' + get-cfg url-or-attrs;
65 })
66 www-urls;
67 };
68 };
69 security.acme = maybe' {
70 acceptTerms = true;
71 certs = {
72 "www.func.xyz".email = "thomas.cat@func.xyz";
73 };
74 };
75 }