about summary refs log tree commit diff stats
path: root/modules/by-name/ni/nix-sync/module.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/by-name/ni/nix-sync/module.nix')
-rw-r--r--modules/by-name/ni/nix-sync/module.nix70
1 files changed, 54 insertions, 16 deletions
diff --git a/modules/by-name/ni/nix-sync/module.nix b/modules/by-name/ni/nix-sync/module.nix
index de096b9..9ddd210 100644
--- a/modules/by-name/ni/nix-sync/module.nix
+++ b/modules/by-name/ni/nix-sync/module.nix
@@ -1,43 +1,44 @@
 {
   config,
   lib,
+  modulesPath,
+  nixLib,
   ...
 }: let
   cfg = config.vhack.nix-sync;
 
   mkNixSyncRepository = {
     domain,
-    root ? "",
-    url,
-    extraSettings ? {},
+    repositoryUrl,
+    extraSettings,
   }: {
     name = "${domain}";
     value = {
-      path = "/etc/nginx/websites/${domain}/${root}";
-      uri = "${url}";
+      path = "/etc/nginx/websites/${domain}";
+      uri = "${repositoryUrl}";
       inherit extraSettings;
     };
   };
-  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository domains);
+  nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository cfg.domains);
 
   mkVirtHost = {
     domain,
-    root ? "",
-    url,
-    extraSettings ? {},
+    repositoryUrl,
+    extraSettings,
   }: {
     name = "${domain}";
     value =
-      lib.recursiveUpdate {
+      # FIXME(@bpeetz): We cannot use something like `lib.recursiveUpdate` because the
+      # `extraSettings` are instantiated from the “real” nginx type. As such the
+      # `extaSettings` would override our values here. Therefore, the direct merge. <2025-02-07>
+      extraSettings
+      // {
         forceSSL = true;
         enableACME = true;
-        root = "/etc/nginx/websites/${domain}/${root}";
-      }
-      extraSettings;
+        root = "/etc/nginx/websites/${domain}";
+      };
   };
-  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost domains);
-
-  domains = import ./hosts.nix {};
+  virtHosts = builtins.listToAttrs (builtins.map mkVirtHost cfg.domains);
 in {
   imports = [
     ./internal_module.nix
@@ -47,6 +48,38 @@ in {
     enable = lib.mkEnableOption ''
       a website git ops solution.
     '';
+
+    domains = lib.mkOption {
+      type = lib.types.listOf (lib.types.submodule {
+        options = {
+          domain = lib.mkOption {
+            type = lib.types.str;
+            example = "b-peetz.de";
+            description = ''
+              The fully qualified domain to use as base of this website.
+            '';
+          };
+          repositoryUrl = lib.mkOption {
+            type = lib.types.str;
+            example = "b-peetz.de";
+            description = ''
+              The url used for the source git repository, which is deployed at this domain.
+            '';
+          };
+          extraSettings = lib.mkOption {
+            type =
+              lib.types.submodule (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") {inherit config lib;});
+            example = {
+              locations."/.well-known/openpgpkey/".extraConfig = "default_type application/octet-stream";
+            };
+            default = {};
+            description = ''
+              Extra configuration to add to the nginx virtual host.
+            '';
+          };
+        };
+      });
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -66,5 +99,10 @@ in {
 
     vhack.nginx.enable = true;
     services.nginx.virtualHosts = virtHosts;
+
+    users = {
+      users.nix-sync.uid = config.vhack.constants.ids.uids.nix-sync;
+      groups.nix-sync.gid = config.vhack.constants.ids.gids.nix-sync;
+    };
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-10 08:19:39 +0000