Simon Bruder
10b8d432d5
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
91 lines
2.7 KiB
Nix
91 lines
2.7 KiB
Nix
# SPDX-FileCopyrightText: 2023-2024 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.sbruder.static-webserver;
|
|
in
|
|
{
|
|
options.sbruder.static-webserver = {
|
|
root = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "/var/www";
|
|
};
|
|
vhosts = lib.mkOption {
|
|
type = lib.types.attrsOf (lib.types.submodule ({ name, vhostCfg, ... }: {
|
|
options = {
|
|
redirects = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ "www.${name}" ];
|
|
};
|
|
root = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "${cfg.root}/${name}";
|
|
};
|
|
user = {
|
|
name = lib.mkOption {
|
|
type = lib.types.str;
|
|
};
|
|
keys = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = config.sbruder.pubkeys.trustedKeys;
|
|
};
|
|
};
|
|
imprint = {
|
|
enable = lib.mkEnableOption "a location making the imprint available";
|
|
location = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "/imprint/";
|
|
};
|
|
};
|
|
};
|
|
}));
|
|
default = { };
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf (cfg.vhosts != { }) {
|
|
users.users = lib.mapAttrs'
|
|
(_: { user, root, ... }: lib.nameValuePair user.name {
|
|
isSystemUser = true;
|
|
group = user.name;
|
|
shell = "/bin/sh";
|
|
|
|
openssh.authorizedKeys.keys = map
|
|
(key: "command=\"${pkgs.rrsync}/bin/rrsync -wo ${root}\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}")
|
|
user.keys;
|
|
})
|
|
cfg.vhosts;
|
|
users.groups = lib.mapAttrs' (_: { user, ... }: lib.nameValuePair user.name { }) cfg.vhosts;
|
|
|
|
systemd.tmpfiles.rules = map
|
|
({ root, user, ... }: "d ${root} 0755 ${user.name} ${user.name} -")
|
|
(lib.attrValues cfg.vhosts);
|
|
|
|
services.nginx.virtualHosts = lib.attrsets.mergeAttrsList
|
|
(lib.mapAttrsToList
|
|
(primaryDomain: vhostCfg:
|
|
({
|
|
${primaryDomain} = lib.mkMerge [
|
|
{
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
root = vhostCfg.root;
|
|
}
|
|
(lib.mkIf vhostCfg.imprint.enable {
|
|
locations.${vhostCfg.imprint.location}.alias = "${pkgs.sbruder.imprint}/";
|
|
})
|
|
];
|
|
} // (lib.listToAttrs (map
|
|
(domain: lib.nameValuePair domain {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
globalRedirect = primaryDomain;
|
|
})
|
|
vhostCfg.redirects)))
|
|
)
|
|
cfg.vhosts);
|
|
};
|
|
}
|