2024-10-29 17:09:20 +01:00
2 changed files with 30 additions and 16 deletions
--- a/fediversity/garage.nix
+++ b/fediversity/garage.nix
@ -14,6 +14,7 @@ let
  inherit (builtins) toString;
  inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep;
  inherit (lib.strings) escapeShellArg;
+  inherit (lib.attrsets) filterAttrs mapAttrs';
  cfg = config.services.garage;
  fedicfg = config.fediversity.internal.garage;
  concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset);
@ -159,17 +160,23 @@ in
      };
    };

-    services.nginx.virtualHosts.${fedicfg.web.rootDomain} = {
-      forceSSL = true;
-      enableACME = true;
-      serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates?
-      locations."/" = {
-        proxyPass = "http://localhost:3902";
-        extraConfig = ''
-          proxy_set_header Host $host;
-        '';
-      };
-    };
+    ## Create a proxy from <bucket>.web.garage.<domain> to localhost:3902 for
+    ## each bucket that has `website = true`.
+    services.nginx.virtualHosts =
+      let
+        value = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://localhost:3902";
+            extraConfig = ''
+              proxy_set_header Host $host;
+            '';
+          };
+        };
+      in mapAttrs'
+        (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
+        (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);

    systemd.services.ensure-garage = {
      after = [ "garage.service" ];
--- a/vm/garage-vm.nix
+++ b/vm/garage-vm.nix
@ -1,17 +1,24 @@
 { lib, config, modulesPath, ... }:

 let
-  inherit (lib) mkVMOverride;
+  inherit (lib) mkVMOverride mapAttrs' filterAttrs;
+
+  cfg = config.services.garage;

  fedicfg = config.fediversity.internal.garage;

 in {
  imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];

-  services.nginx.virtualHosts.${fedicfg.web.rootDomain} = {
-    forceSSL = mkVMOverride false;
-    enableACME = mkVMOverride false;
-  };
+  services.nginx.virtualHosts =
+    let
+      value = {
+        forceSSL = mkVMOverride false;
+        enableACME = mkVMOverride false;
+      };
+    in mapAttrs'
+      (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
+      (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);

  virtualisation.diskSize = 2048;
  virtualisation.forwardPorts = [