From bc24082c6f3a8e0b314d338d42b2bf76073fd5f7 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sat, 20 Jul 2024 15:22:03 -0600
Subject: sys/web: add support for multiple sites

---
 sys/web/nginx.nix | 37 +++++++++++++++++++++++--------------
 1 file changed, 23 insertions(+), 14 deletions(-)

(limited to 'sys/web/nginx.nix')

diff --git a/sys/web/nginx.nix b/sys/web/nginx.nix
index db2d27d..a971eb2 100644
--- a/sys/web/nginx.nix
+++ b/sys/web/nginx.nix
@@ -6,6 +6,11 @@ in
 {
   options.local.web = {
     enable = mkEnableOption "web server";
+
+    ownedCerts = mkOption {
+      type = with lib.types; listOf str;
+      default = [ ];
+    };
   };
 
   config = mkIf cfg.enable {
@@ -21,25 +26,29 @@ in
 
       clientMaxBodySize = "42M";
 
-      virtualHosts = {
-        ${domains.host.www} = {
-          serverAliases = [ domains.host.main ];
-          useACMEHost = domains.host.main;
-          forceSSL = true;
-        };
-      };
+      virtualHosts = { };
     };
 
+    local.certs = listToAttrs (map
+      (name: {
+        inherit name;
+        value.enable = true;
+      })
+      cfg.ownedCerts);
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
     security = {
-      acme.certs.${domains.host.main} = {
-        inherit (config.services.nginx) group;
-      };
+      acme.certs = listToAttrs (map
+        (name: {
+          name = domains.${name}.main;
+          value = {
+            group = mkDefault config.services.nginx.group;
+          };
+        })
+        cfg.ownedCerts);
 
       dhparams.params.nginx = { };
     };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-    local.certs.host.enable = true;
   };
 }
-- 
cgit v1.2.3