qo.is/infrastructure
3
0
Fork 0
Code Issues 12 Pull requests 1 Projects 1 Activity Actions

Move all nixos-modules out of qois subfolder

Browse source
This commit is contained in:
Fabian Hauser 2025-03-21 19:20:28 +02:00
parent d49f58265f
commit 97d1a30329
22 changed files with 3 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos-modules/static-page/README.md Normal file
View file

@ -0,0 +1,6 @@
# Static Pages
This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root".
To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs.

34
nixos-modules/static-page/default-pages.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
pkgs,
lib,
...
}:
{
qois.static-page.pages = {
"fabianhauser.ch" = {
domainAliases = [
"www.fabianhauser.ch"
"fabianhauser.nl"
"www.fabianhauser.nl"
"www.fh2.ch"
"fh2.ch"
];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsSCoClNpgW7x6YngP/CEFbyR8GEJ3V8NdUFvZ/6lj6 ci@git.qo.is"
];
};
"docs-ops.qo.is".authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBS65v7n5ozOUjYGuO/dgLC9C5MUGL5kTnQnvWAYP5B3 ci@git.qo.is"
];
"qo.is" = {
domainAliases = [
"www.qo.is"
];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMG6xYcf7+l1RDPB7XcLxTvb6CqkaKqEGGb529Qk3b5T ci@git.qo.is"
];
};
};
}

145
nixos-modules/static-page/default.nix Normal file
View file

@ -0,0 +1,145 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.qois.static-page;
in
with lib;
{
imports = [ ./default-pages.nix ];
options.qois.static-page =
let
pageType =
{ name, ... }:
{
options = {
domain = mkOption {
type = types.str;
default = name;
description = ''
Primary domain, under which the site is served.
Only ASCII Domains are supported at this time.
Note that changing this changes the root folder of the vhost in /var/lib/nginx-$domain/root and the ssh user to "nginx-$domain".
'';
};
domainAliases = mkOption {
type = types.listOf types.str;
default = [ ];
description = "Domain aliases which are forwarded to the primary domain";
};
authorizedKeys = mkOption {
type = types.listOf types.str;
default = [ ];
description = "SSH keys for deployment";
};
};
}
;
in
{
enable = mkEnableOption "Enable static-page hosting";
pages = mkOption {
type = types.attrsOf (types.submodule (pageType));
};
};
config = mkIf cfg.enable (
let
pageConfigs = concatMapAttrs (
name: page:
let
home = "/var/lib/nginx-${page.domain}";
in
{
"${page.domain}" = page // {
inherit home;
user = "${config.services.nginx.user}-${page.domain}";
root = "${home}/root";
};
}
) cfg.pages;
in
{
networking.hosts."127.0.0.1" = pipe pageConfigs [
attrValues
(map (page: [ page.domain ] ++ page.domainAliases))
flatten
];
users = {
groups = concatMapAttrs (
name:
{ user, ... }:
{
"${user}" = { };
}
) pageConfigs;
users =
{
${config.services.nginx.user}.extraGroups = mapAttrsToList (domain: getAttr "user") pageConfigs;
}
// (concatMapAttrs (
name:
{
user,
home,
authorizedKeys,
...
}:
{
${user} = {
inherit home;
isSystemUser = true;
useDefaultShell = true;
homeMode = "750";
createHome = true;
group = user;
openssh.authorizedKeys.keys = authorizedKeys;
};
}
) pageConfigs);
};
services.nginx = {
enable = true;
virtualHosts =
let
defaultVhostConfig = {
enableACME = true;
forceSSL = true;
kTLS = true;
};
mkVhost =
{ root, ... }:
defaultVhostConfig
// {
inherit root;
};
mkAliasVhost =
{ domainAliases, domain, ... }:
if (domainAliases == [ ]) then
{ }
else
({
"${head domainAliases}" = defaultVhostConfig // {
serverAliases = tail domainAliases;
globalRedirect = domain;
};
});
aliasVhosts = concatMapAttrs (name: mkAliasVhost) pageConfigs;
in
aliasVhosts // (mapAttrs (name: mkVhost) pageConfigs);
};
}
);
}