From 26d85e97aa9efb07fbf07066ff6e2c752d1de788 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Wed, 3 Jan 2024 12:04:26 +0100 Subject: [PATCH] infovhost: Init This avoids boilerplate code for displaying the imprint on the fqdn of the machine. --- machines/nazuna/configuration.nix | 1 + machines/okarin/configuration.nix | 12 +---------- machines/renge/configuration.nix | 1 + machines/vueko/configuration.nix | 1 + machines/yuzuru/configuration.nix | 12 +---------- modules/default.nix | 1 + modules/infovhost.nix | 34 +++++++++++++++++++++++++++++++ 7 files changed, 40 insertions(+), 22 deletions(-) create mode 100644 modules/infovhost.nix diff --git a/machines/nazuna/configuration.nix b/machines/nazuna/configuration.nix index d8d9dd8..3263e84 100644 --- a/machines/nazuna/configuration.nix +++ b/machines/nazuna/configuration.nix @@ -9,6 +9,7 @@ sbruder = { nginx.hardening.enable = true; wireguard.home.enable = true; + infovhost.enable = true; }; networking.hostName = "nazuna"; diff --git a/machines/okarin/configuration.nix b/machines/okarin/configuration.nix index bd5a702..d21bed5 100644 --- a/machines/okarin/configuration.nix +++ b/machines/okarin/configuration.nix @@ -13,23 +13,13 @@ nginx.hardening.enable = true; full = false; wireguard.home.enable = true; + infovhost.enable = true; }; networking.hostName = "okarin"; system.stateVersion = "22.11"; - services.nginx = { - enable = true; - - virtualHosts."okarin.sbruder.de" = { - enableACME = true; - forceSSL = true; - - root = pkgs.sbruder.imprint; - }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/machines/renge/configuration.nix b/machines/renge/configuration.nix index 8737e3f..c728581 100644 --- a/machines/renge/configuration.nix +++ b/machines/renge/configuration.nix @@ -26,6 +26,7 @@ nginx.hardening.enable = true; restic.system.enable = true; wireguard.home.enable = true; + infovhost.enable = true; }; networking.hostName = "renge"; diff --git a/machines/vueko/configuration.nix b/machines/vueko/configuration.nix index c7ca922..abffbbd 100644 --- a/machines/vueko/configuration.nix +++ b/machines/vueko/configuration.nix @@ -15,6 +15,7 @@ restic.system.enable = true; wireguard.home.enable = true; full = false; + infovhost.enable = true; mailserver = { enable = true; diff --git a/machines/yuzuru/configuration.nix b/machines/yuzuru/configuration.nix index 2424e65..01b2567 100644 --- a/machines/yuzuru/configuration.nix +++ b/machines/yuzuru/configuration.nix @@ -10,23 +10,13 @@ nginx.hardening.enable = true; full = false; wireguard.home.enable = true; + infovhost.enable = true; }; networking.hostName = "yuzuru"; system.stateVersion = "23.11"; - services.nginx = { - enable = true; - - virtualHosts."yuzuru.sbruder.de" = { - enableACME = true; - forceSSL = true; - - root = pkgs.sbruder.imprint; - }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/modules/default.nix b/modules/default.nix index 4ad01d0..a118075 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -35,6 +35,7 @@ ./games.nix ./grub.nix ./gui.nix + ./infovhost.nix ./initrd-ssh.nix ./locales.nix ./logitech.nix diff --git a/modules/infovhost.nix b/modules/infovhost.nix new file mode 100644 index 0000000..2be2c1e --- /dev/null +++ b/modules/infovhost.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.sbruder.infovhost; +in +{ + options.sbruder.infovhost = { + enable = lib.mkEnableOption "a vhost displaying legal and/or technical information on the domain of the machine"; + domain = lib.mkOption { + type = lib.types.str; + default = + if (!(isNull config.networking.domain)) + then config.networking.domain + else "sbruder.de"; + description = "The domain part of the fqdn."; + }; + fqdn = lib.mkOption { + type = lib.types.str; + default = "${config.networking.hostName}.${cfg.domain}"; + description = "The fqdn the vhost should listen on."; + }; + }; + + config = lib.mkIf cfg.enable { + services.nginx.enable = true; + services.nginx.virtualHosts."${cfg.fqdn}" = { + enableACME = true; + forceSSL = true; + + default = true; + + root = pkgs.sbruder.imprint; + }; + }; +}