Refactor(system/services/nginx): Reduce encrypted stuff to a minimum

2 files changed, 36 insertions, 4 deletions

diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix
index 404c167..8544475 100644
--- a/system/services/nginx/default.nix
+++ b/system/services/nginx/default.nix
@@ -1,7 +1,33 @@
-{...}: {
-  imports = [
-    ./hosts.nix
-  ];
+{...}: let
+  domains = import ./hosts.nix {};
+  mkVirtHost = {
+    domain,
+    root,
+    url,
+  }: {
+    name = "${domain}";
+    value = {
+      forceSSL = true;
+      enableACME = true;
+      root = "${root}";
+    };
+  };
+
+  mkNixSyncRepository = {
+    domain,
+    root,
+    url,
+  }: {
+    name = "${domain}";
+    value = {
+      path = "${root}";
+      uri = "${url}";
+    };
+  };
+
+  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
+  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
+in {
   security.acme = {
     acceptTerms = true;
     defaults = {
@@ -15,5 +41,11 @@
   };
   services.nginx = {
     enable = true;
+    virtualHosts = virtHosts;
+  };
+
+  services.nix-sync = {
+    enable = true;
+    repositories = nixSyncRepositories;
   };
 }
diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix
index 1590756..b209b69 100644
--- a/system/services/nginx/hosts.nix
+++ b/system/services/nginx/hosts.nix