{ config, lib, modulesPath, ... }: let cfg = config.vhack.nix-sync; mkNixSyncRepository = { domain, repositoryUrl, extraSettings, }: { name = "${domain}"; value = { path = "/etc/nginx/websites/${domain}"; uri = "${repositoryUrl}"; inherit extraSettings; }; }; nixSyncRepositories = builtins.listToAttrs (builtins.map mkNixSyncRepository cfg.domains); mkVirtHost = { domain, repositoryUrl, extraSettings, }: { name = "${domain}"; value = lib.recursiveUpdate { forceSSL = true; enableACME = true; root = "/etc/nginx/websites/${domain}"; } extraSettings; }; virtHosts = builtins.listToAttrs (builtins.map mkVirtHost cfg.domains); in { imports = [ ./internal_module.nix ]; options.vhack.nix-sync = { enable = lib.mkEnableOption '' a website git ops solution. ''; domains = lib.mkOption { type = lib.types.listOf (lib.types.submodule { options = { domain = lib.mkOption { type = lib.types.str; example = "b-peetz.de"; description = '' The fully qualified domain to use as base of this website. ''; }; repositoryUrl = lib.mkOption { type = lib.types.str; example = "b-peetz.de"; description = '' The url used for the source git repository, which is deployed at this domain. ''; }; extraSettings = lib.mkOption { type = lib.types.submodule (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") {inherit config lib;}); example = { locations."/.well-known/openpgpkey/hu/".extraConfig = "default_type application/octet-stream"; }; default = {}; description = '' Extra configuration to add to the nginx virtual host. ''; }; }; }); }; }; config = lib.mkIf cfg.enable { vhack.persist.directories = [ { directory = "/var/lib/nix-sync"; user = "nix-sync"; group = "nix-sync"; mode = "0700"; } ]; services.nix-sync = { enable = true; repositories = nixSyncRepositories; }; vhack.nginx.enable = true; services.nginx.virtualHosts = virtHosts; users = { users.nix-sync.uid = config.vhack.constants.ids.uids.nix-sync; groups.nix-sync.gid = config.vhack.constants.ids.gids.nix-sync; }; }; }