diff --git a/fediversity/garage.nix b/fediversity/garage.nix index 0dd0d7f..5b1d32d 100644 --- a/fediversity/garage.nix +++ b/fediversity/garage.nix @@ -14,6 +14,7 @@ let inherit (builtins) toString; inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep; inherit (lib.strings) escapeShellArg; + inherit (lib.attrsets) filterAttrs mapAttrs'; cfg = config.services.garage; fedicfg = config.fediversity.internal.garage; concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset); @@ -159,17 +160,23 @@ in }; }; - services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { - forceSSL = true; - enableACME = true; - serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates? - locations."/" = { - proxyPass = "http://localhost:3902"; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - }; + ## Create a proxy from .web.garage. to localhost:3902 for + ## each bucket that has `website = true`. + services.nginx.virtualHosts = + let + value = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:3902"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; + in mapAttrs' + (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;}) + (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets); systemd.services.ensure-garage = { after = [ "garage.service" ]; diff --git a/vm/garage-vm.nix b/vm/garage-vm.nix index a8f78f3..0ad6998 100644 --- a/vm/garage-vm.nix +++ b/vm/garage-vm.nix @@ -1,17 +1,24 @@ { lib, config, modulesPath, ... }: let - inherit (lib) mkVMOverride; + inherit (lib) mkVMOverride mapAttrs' filterAttrs; + + cfg = config.services.garage; fedicfg = config.fediversity.internal.garage; in { imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; - services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { - forceSSL = mkVMOverride false; - enableACME = mkVMOverride false; - }; + services.nginx.virtualHosts = + let + value = { + forceSSL = mkVMOverride false; + enableACME = mkVMOverride false; + }; + in mapAttrs' + (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;}) + (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets); virtualisation.diskSize = 2048; virtualisation.forwardPorts = [