chore(nginx): move mkVHost to lib

2024-10-02 14:05:06 +02:00 · 2024-10-02 14:05:06 +02:00 · 68aa9ba923
commit 68aa9ba923
parent 0a3c28e62e
3 changed files with 30 additions and 24 deletions
--- a/home/terminal/ssh/default.nix
+++ b/home/terminal/ssh/default.nix
@ -18,7 +18,7 @@ mkIf config.programs.ssh.enable {
      };
      raptus = {
        hostname = "vps.ccnlc.eu";
-        user = "root";
+        user = "ny";
        port = 56528;
      };
      #shan = {
--- a/hosts/raptus/configuration.nix
+++ b/hosts/raptus/configuration.nix
@ -6,6 +6,9 @@
  pubkeys,
  ...
 }:
+let
+  inherit (lib.my) mkVHost;
+in
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
@ -15,8 +18,7 @@
    ./forgejo
    ./obsidian-livesync
    ./headscale.nix
-    ../../modules/nix
-    ../../modules/users/ny.nix
+    ../../modules
  ];

  age.secrets = {
@ -50,25 +52,9 @@
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    clientMaxBodySize = "50M";
-    virtualHosts =
-      let
-        mkVHost = name: port: {
-          inherit name;
-          value = {
-            enableACME = true;
-            forceSSL = true;
-            locations."/" = {
-              proxyPass = "http://127.0.0.1:${toString port}";
-              extraConfig = ''
-                proxy_ssl_server_name on;
-                proxy_pass_header Authorization;'';
-            };
-          };
-        };
-      in
-      builtins.listToAttrs [
-        (mkVHost "rusty.ccnlc.eu" 8000)
-        (mkVHost "git.ccnlc.eu" 3000)
+    virtualHosts = builtins.listToAttrs [
+      (mkVHost "rusty.ccnlc.eu" 8000 true)
+      (mkVHost "git.ccnlc.eu" 3000 true)
    ];
  };

@ -87,7 +73,10 @@
    pkgs.gitMinimal
  ];

-  users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
+  users.users = {
+    root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
+    ny.openssh.authorizedKeys.keys = [ pubkeys.ny ];
+  };

  system.stateVersion = "24.11";
 }
--- a/parts/lib/functions.nix
+++ b/parts/lib/functions.nix
@ -4,6 +4,9 @@
  self,
  ...
 }:
+let
+  inherit (lib) mkIf;
+in
 {

  # Verify the existence of a binary inside of a derivation.
@ -43,4 +46,18 @@

  validatePath =
    s: if (builtins.pathExists s) then (builtins.baseNameOf s) else throw "${s} does not exist";
+
+  mkVHost = name: port: ssl: {
+    inherit name;
+    value = {
+      enableACME = ssl;
+      forceSSL = ssl;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString port}";
+        extraConfig = ''
+          proxy_ssl_server_name on;
+          proxy_pass_header Authorization;'';
+      };
+    };
+  };
 }