| blob | df4fa70609c0d7accd0440b5bf3b8705a4593ca0 |
1 { config
2 , pkgs
3 , lib
4 , mypkgs
5 , mylib
6 , ...
7 }:
9 with builtins;
10 let
11 inherit (lib)
12 mapAttrs'
13 nameValuePair
14 foldlAttrs
15 ;
16 inherit (mylib)
17 maybe
18 ;
20 hostname = config.networking.hostName;
21 maybe' = maybe (
22 hostname == "van-vc2" ||
23 hostname == "dot-vc2"
24 );
25 www-urls = config.lib.wwwURLs or { };
27 get-url = url-or-attrs:
28 if ! isAttrs url-or-attrs then url-or-attrs
29 else url-or-attrs.url;
31 get-cfg = url-or-attrs:
32 if ! isAttrs url-or-attrs then ""
33 else
34 foldlAttrs
35 (acc: k: v:
36 if k == "url" then acc
37 else acc + "${k} ${v};\n"
38 ) ""
39 url-or-attrs;
40 in
41 {
42 services.nginx = maybe' {
43 enable = trace "Nginx for www.func.xyz Enabled" true;
44 virtualHosts."www.func.xyz" = {
45 forceSSL = true;
46 enableACME = true;
47 locations = mapAttrs'
48 (location: url-or-attrs:
49 nameValuePair location {
50 proxyPass = "${get-url url-or-attrs}$is_args$args";
51 extraConfig = ''
52 proxy_ssl_verify on;
53 proxy_ssl_trusted_certificate ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt;
54 proxy_ssl_session_reuse on;
55 proxy_ssl_server_name on;
56 proxy_set_header Host $host;
57 proxy_set_header X-Real-IP $remote_addr;
58 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
59 proxy_set_header X-Forwarded-Proto $scheme;
60 proxy_set_header X-Forwarded-Host $host;
61 proxy_set_header X-Forwarded-Server $host;
63 '' + get-cfg url-or-attrs;
64 })
65 www-urls;
66 };
67 };
68 security.acme = maybe' {
69 acceptTerms = true;
70 certs = {
71 "www.func.xyz".email = "thomas.cat@func.xyz";
72 };
73 };
74 }