infovhost: Init

This avoids boilerplate code for displaying the imprint on the fqdn of
the machine.
This commit is contained in:
Simon Bruder 2024-01-03 12:04:26 +01:00
parent 0393661579
commit 26d85e97aa
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
7 changed files with 40 additions and 22 deletions

View file

@ -9,6 +9,7 @@
sbruder = { sbruder = {
nginx.hardening.enable = true; nginx.hardening.enable = true;
wireguard.home.enable = true; wireguard.home.enable = true;
infovhost.enable = true;
}; };
networking.hostName = "nazuna"; networking.hostName = "nazuna";

View file

@ -13,23 +13,13 @@
nginx.hardening.enable = true; nginx.hardening.enable = true;
full = false; full = false;
wireguard.home.enable = true; wireguard.home.enable = true;
infovhost.enable = true;
}; };
networking.hostName = "okarin"; networking.hostName = "okarin";
system.stateVersion = "22.11"; system.stateVersion = "22.11";
services.nginx = {
enable = true;
virtualHosts."okarin.sbruder.de" = {
enableACME = true;
forceSSL = true;
root = pkgs.sbruder.imprint;
};
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443

View file

@ -26,6 +26,7 @@
nginx.hardening.enable = true; nginx.hardening.enable = true;
restic.system.enable = true; restic.system.enable = true;
wireguard.home.enable = true; wireguard.home.enable = true;
infovhost.enable = true;
}; };
networking.hostName = "renge"; networking.hostName = "renge";

View file

@ -15,6 +15,7 @@
restic.system.enable = true; restic.system.enable = true;
wireguard.home.enable = true; wireguard.home.enable = true;
full = false; full = false;
infovhost.enable = true;
mailserver = { mailserver = {
enable = true; enable = true;

View file

@ -10,23 +10,13 @@
nginx.hardening.enable = true; nginx.hardening.enable = true;
full = false; full = false;
wireguard.home.enable = true; wireguard.home.enable = true;
infovhost.enable = true;
}; };
networking.hostName = "yuzuru"; networking.hostName = "yuzuru";
system.stateVersion = "23.11"; system.stateVersion = "23.11";
services.nginx = {
enable = true;
virtualHosts."yuzuru.sbruder.de" = {
enableACME = true;
forceSSL = true;
root = pkgs.sbruder.imprint;
};
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443

View file

@ -35,6 +35,7 @@
./games.nix ./games.nix
./grub.nix ./grub.nix
./gui.nix ./gui.nix
./infovhost.nix
./initrd-ssh.nix ./initrd-ssh.nix
./locales.nix ./locales.nix
./logitech.nix ./logitech.nix

34
modules/infovhost.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
let
cfg = config.sbruder.infovhost;
in
{
options.sbruder.infovhost = {
enable = lib.mkEnableOption "a vhost displaying legal and/or technical information on the domain of the machine";
domain = lib.mkOption {
type = lib.types.str;
default =
if (!(isNull config.networking.domain))
then config.networking.domain
else "sbruder.de";
description = "The domain part of the fqdn.";
};
fqdn = lib.mkOption {
type = lib.types.str;
default = "${config.networking.hostName}.${cfg.domain}";
description = "The fqdn the vhost should listen on.";
};
};
config = lib.mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."${cfg.fqdn}" = {
enableACME = true;
forceSSL = true;
default = true;
root = pkgs.sbruder.imprint;
};
};
}