diff options
| author | Alejandro Soto <alejandro@34project.org> | 2024-07-20 15:22:03 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2024-07-20 18:01:37 -0600 |
| commit | bc24082c6f3a8e0b314d338d42b2bf76073fd5f7 (patch) | |
| tree | 2e9c037c7f1e0b6965c9ea1f560359bdeed5d3fe /sys/web/nginx.nix | |
| parent | 2471ef3f39083538202a65375885869e54477ec2 (diff) | |
sys/web: add support for multiple sites
Diffstat (limited to 'sys/web/nginx.nix')
| -rw-r--r-- | sys/web/nginx.nix | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/sys/web/nginx.nix b/sys/web/nginx.nix index db2d27d..a971eb2 100644 --- a/sys/web/nginx.nix +++ b/sys/web/nginx.nix @@ -6,6 +6,11 @@ in { options.local.web = { enable = mkEnableOption "web server"; + + ownedCerts = mkOption { + type = with lib.types; listOf str; + default = [ ]; + }; }; config = mkIf cfg.enable { @@ -21,25 +26,29 @@ in clientMaxBodySize = "42M"; - virtualHosts = { - ${domains.host.www} = { - serverAliases = [ domains.host.main ]; - useACMEHost = domains.host.main; - forceSSL = true; - }; - }; + virtualHosts = { }; }; + local.certs = listToAttrs (map + (name: { + inherit name; + value.enable = true; + }) + cfg.ownedCerts); + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security = { - acme.certs.${domains.host.main} = { - inherit (config.services.nginx) group; - }; + acme.certs = listToAttrs (map + (name: { + name = domains.${name}.main; + value = { + group = mkDefault config.services.nginx.group; + }; + }) + cfg.ownedCerts); dhparams.params.nginx = { }; }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - local.certs.host.enable = true; }; } |