summary refs log tree commit diff stats
path: root/modules/nixos/vhack/nix-sync/default.nix
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-08-02 22:39:02 +0200
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2024-08-02 23:13:29 +0200
commit30e649a6d43c4ef2473a1820930cbe7d43e28432 (patch)
treef34df66d41344a9289628d9c8f9e002614f97c16 /modules/nixos/vhack/nix-sync/default.nix
parentbuild(flake): Update (diff)
downloadnixos-server-30e649a6d43c4ef2473a1820930cbe7d43e28432.zip
refactor(nixos/{nginx, nix-sync}): Migrate from `system/services`
Nix-sync was sort-of mixed into the nginx configuration, thus separating
it completely seemed reasonable.
Diffstat (limited to 'modules/nixos/vhack/nix-sync/default.nix')
-rw-r--r--modules/nixos/vhack/nix-sync/default.nix61
1 files changed, 61 insertions, 0 deletions
diff --git a/modules/nixos/vhack/nix-sync/default.nix b/modules/nixos/vhack/nix-sync/default.nix
new file mode 100644
index 0000000..a624e0e
--- /dev/null
+++ b/modules/nixos/vhack/nix-sync/default.nix
@@ -0,0 +1,61 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.nix-sync;
+
+  mkNixSyncRepository = {
+    domain,
+    root ? "",
+    url,
+    extraSettings ? {},
+  }: {
+    name = "${domain}";
+    value = {
+      path = "/etc/nginx/websites/${domain}/${root}";
+      uri = "${url}";
+      inherit extraSettings;
+    };
+  };
+  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
+
+  mkVirtHost = {
+    domain,
+    root ? "",
+    url,
+    extraSettings ? {},
+  }: {
+    name = "${domain}";
+    value =
+      lib.recursiveUpdate {
+        forceSSL = true;
+        enableACME = true;
+        root = "/etc/nginx/websites/${domain}/${root}";
+      }
+      extraSettings;
+  };
+  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
+
+  domains = import ./hosts.nix {};
+in {
+  imports = [
+    ./module.nix
+  ];
+
+  options.vhack.nix-sync = {
+    enable = lib.mkEnableOption ''
+      a website git ops solution.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nix-sync = {
+      enable = true;
+      repositories = nixSyncRepositories;
+    };
+
+    vhack.nginx.enable = true;
+    services.nginx.virtualHosts = virtHosts;
+  };
+}