mirror of
https://github.com/SebastianStork/nixos-config.git
synced 2026-03-22 16:39:07 +01:00
Reduce use of lib.optionalString
This commit is contained in:
parent
31bc84ee6c
commit
018565dd38
SSH key fingerprint:
SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
2 changed files with 24 additions and 25 deletions
|
|
@ -18,8 +18,8 @@ in
|
||||||
[
|
[
|
||||||
"--keep 10"
|
"--keep 10"
|
||||||
"--keep-since 7d"
|
"--keep-since 7d"
|
||||||
(lib.optionalString cfg.onlyCleanRoots "--no-gc")
|
|
||||||
]
|
]
|
||||||
|
++ lib.optional cfg.onlyCleanRoots "--no-gc"
|
||||||
|> lib.concatStringsSep " ";
|
|> lib.concatStringsSep " ";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -13,11 +13,6 @@ let
|
||||||
publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain));
|
publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain));
|
||||||
privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain);
|
privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain);
|
||||||
|
|
||||||
webPorts = [
|
|
||||||
80
|
|
||||||
443
|
|
||||||
];
|
|
||||||
|
|
||||||
mkVirtualHost =
|
mkVirtualHost =
|
||||||
{
|
{
|
||||||
domain,
|
domain,
|
||||||
|
|
@ -28,24 +23,25 @@ let
|
||||||
}:
|
}:
|
||||||
lib.nameValuePair domain {
|
lib.nameValuePair domain {
|
||||||
logFormat = "output file ${config.services.caddy.logDir}/${domain}.log { mode 640 }";
|
logFormat = "output file ${config.services.caddy.logDir}/${domain}.log { mode 640 }";
|
||||||
extraConfig = lib.concatLines [
|
extraConfig =
|
||||||
(lib.optionalString (self.lib.isPrivateDomain domain) (
|
|
||||||
let
|
let
|
||||||
certDir = config.security.acme.certs.${domain}.directory;
|
certDir = config.security.acme.certs.${domain}.directory;
|
||||||
in
|
in
|
||||||
''
|
[
|
||||||
tls ${certDir}/fullchain.pem ${certDir}/key.pem
|
(lib.optionals (self.lib.isPrivateDomain domain) [
|
||||||
bind ${config.custom.networking.overlay.address}
|
"tls ${certDir}/fullchain.pem ${certDir}/key.pem"
|
||||||
''
|
"bind ${config.custom.networking.overlay.address}"
|
||||||
))
|
])
|
||||||
(lib.optionalString (port != null) "reverse_proxy localhost:${toString port}")
|
(lib.optional (port != null) "reverse_proxy localhost:${toString port}")
|
||||||
(lib.optionalString (files != null) ''
|
(lib.optionals (files != null) [
|
||||||
root * ${files}
|
"root * ${files}"
|
||||||
encode
|
"encode"
|
||||||
file_server
|
"file_server"
|
||||||
'')
|
])
|
||||||
(lib.optionalString (extraConfig != null) extraConfig)
|
(lib.optional (extraConfig != null) extraConfig)
|
||||||
];
|
]
|
||||||
|
|> lib.concatLists
|
||||||
|
|> lib.concatLines;
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
@ -95,7 +91,10 @@ in
|
||||||
message = "Each caddy virtual host must set exactly one of `port` or `files`";
|
message = "Each caddy virtual host must set exactly one of `port` or `files`";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = lib.mkIf publicHostsExist webPorts;
|
networking.firewall.allowedTCPPorts = lib.mkIf publicHostsExist [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue