diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-02-04 19:44:46 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-02-04 19:44:46 +0100 |
| commit | e18e720bb41cbc43645a9e77b1262dd3d08b4e71 (patch) | |
| tree | b67cc4761c733d6cb63f748de6acc6b86f1b4b06 | |
| parent | docs(README.md): Init (diff) | |
| download | nixos-server-e18e720bb41cbc43645a9e77b1262dd3d08b4e71.zip | |
modules/nix-sync: Actually enable
This includes the obvious changes, ensuring that it follows our
current best-practices.
Diffstat (limited to '')
| -rw-r--r-- | hosts/by-name/server2/configuration.nix | 4 | ||||
| -rw-r--r-- | hosts/by-name/server2/websites.nix (renamed from modules/by-name/ni/nix-sync/hosts.nix) | 14 | ||||
| -rw-r--r-- | modules/by-name/co/constants/module.nix | 2 | ||||
| -rw-r--r-- | modules/by-name/ni/nix-sync/module.nix | 60 |
4 files changed, 60 insertions, 20 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix index 95f0ade..6909bdd 100644 --- a/hosts/by-name/server2/configuration.nix +++ b/hosts/by-name/server2/configuration.nix @@ -55,6 +55,10 @@ "source.foss-syndicate.org" = "https://git.foss-syndicate.org/vhack.eu/nixos-server"; }; }; + nix-sync = { + enable = true; + domains = import ./websites.nix {}; + }; nixconfig.enable = true; openssh.enable = true; persist = { diff --git a/modules/by-name/ni/nix-sync/hosts.nix b/hosts/by-name/server2/websites.nix index 98dbbf1..57c4a6d 100644 --- a/modules/by-name/ni/nix-sync/hosts.nix +++ b/hosts/by-name/server2/websites.nix @@ -11,38 +11,38 @@ in [ { domain = "vhack.eu"; - url = "https://codeberg.org/vhack.eu/website.git"; + repositoryUrl = "https://codeberg.org/vhack.eu/website.git"; } { domain = "b-peetz.de"; - url = "https://codeberg.org/bpeetz/b-peetz.de.git"; + repositoryUrl = "https://codeberg.org/bpeetz/b-peetz.de.git"; } # Trinitrix { domain = "trinitrix.vhack.eu"; - url = "https://codeberg.org/trinitrix/website.git"; + repositoryUrl = "https://codeberg.org/trinitrix/website.git"; } # WKD { domain = "openpgpkey.b-peetz.de"; - url = "https://codeberg.org/vhack.eu/gpg_wkd.git"; + repositoryUrl = "https://codeberg.org/vhack.eu/gpg_wkd.git"; extraSettings = extraWkdSettings; } { domain = "openpgpkey.s-schoeffel.de"; - url = "https://codeberg.org/vhack.eu/gpg_wkd.git"; + repositoryUrl = "https://codeberg.org/vhack.eu/gpg_wkd.git"; extraSettings = extraWkdSettings; } { domain = "openpgpkey.sils.li"; - url = "https://codeberg.org/vhack.eu/gpg_wkd.git"; + repositoryUrl = "https://codeberg.org/vhack.eu/gpg_wkd.git"; extraSettings = extraWkdSettings; } { domain = "openpgpkey.vhack.eu"; - url = "https://codeberg.org/vhack.eu/gpg_wkd.git"; + repositoryUrl = "https://codeberg.org/vhack.eu/gpg_wkd.git"; extraSettings = extraWkdSettings; } ] diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix index b344fcd..fed14d3 100644 --- a/modules/by-name/co/constants/module.nix +++ b/modules/by-name/co/constants/module.nix @@ -25,6 +25,7 @@ nscd = 330; sshd = 331; systemd-oom = 332; + nix-sync = 334; redis-peertube = 990; peertube = 992; # TODO Sort correctly mastodon = 996; @@ -47,6 +48,7 @@ sshd = 331; systemd-oom = 332; resolvconf = 333; # This group is not matched to an user? + nix-sync = 334; systemd-coredump = 151; # matches systemd-coredump user redis-peertube = 990; peertube = 992; diff --git a/modules/by-name/ni/nix-sync/module.nix b/modules/by-name/ni/nix-sync/module.nix index de096b9..1413920 100644 --- a/modules/by-name/ni/nix-sync/module.nix +++ b/modules/by-name/ni/nix-sync/module.nix @@ -1,43 +1,40 @@ { config, lib, + modulesPath, ... }: let cfg = config.vhack.nix-sync; mkNixSyncRepository = { domain, - root ? "", - url, - extraSettings ? {}, + repositoryUrl, + extraSettings, }: { name = "${domain}"; value = { - path = "/etc/nginx/websites/${domain}/${root}"; - uri = "${url}"; + path = "/etc/nginx/websites/${domain}"; + uri = "${repositoryUrl}"; inherit extraSettings; }; }; - nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains); + nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository cfg.domains); mkVirtHost = { domain, - root ? "", - url, - extraSettings ? {}, + repositoryUrl, + extraSettings, }: { name = "${domain}"; value = lib.recursiveUpdate { forceSSL = true; enableACME = true; - root = "/etc/nginx/websites/${domain}/${root}"; + root = "/etc/nginx/websites/${domain}"; } extraSettings; }; - virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains); - - domains = import ./hosts.nix {}; + virtHosts = builtins.listToAttrs (builtins.map mkVirtHost cfg.domains); in { imports = [ ./internal_module.nix @@ -47,6 +44,38 @@ in { enable = lib.mkEnableOption '' a website git ops solution. ''; + + domains = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { + options = { + domain = lib.mkOption { + type = lib.types.str; + example = "b-peetz.de"; + description = '' + The fully qualified domain to use as base of this website. + ''; + }; + repositoryUrl = lib.mkOption { + type = lib.types.str; + example = "b-peetz.de"; + description = '' + The url used for the source git repository, which is deployed at this domain. + ''; + }; + extraSettings = lib.mkOption { + type = + lib.types.submodule (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") {inherit config lib;}); + example = { + locations."/.well-known/openpgpkey/hu/".extraConfig = "default_type application/octet-stream"; + }; + default = {}; + description = '' + Extra configuration to add to the nginx virtual host. + ''; + }; + }; + }); + }; }; config = lib.mkIf cfg.enable { @@ -66,5 +95,10 @@ in { vhack.nginx.enable = true; services.nginx.virtualHosts = virtHosts; + + users = { + users.nix-sync.uid = config.vhack.constants.ids.uids.nix-sync; + groups.nix-sync.gid = config.vhack.constants.ids.gids.nix-sync; + }; }; } |