rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(nix): add web-servers module and enable SSL certificates

Browse source
This commit is contained in:
Mohammad Rafiq 2025-07-09 02:41:14 +08:00
parent c85db031dc
commit 9657329282
No known key found for this signature in database
2 changed files with 46 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
nix/modules/server/web-servers.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, config, ... }:
let
inherit (builtins) listToAttrs map;
inherit (config.flake.lib.options) mkStrOption mkPathOption;
inherit (config.flake.lib.services) mkRootDomain;
inherit (config.flake.paths) secrets;
inherit (config.flake.admin) email;
inherit (lib.types) listOf submodule attrs;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkMerge mkIf;
inherit (lib.lists) singleton;
in
{
flake.modules.nixos.default =
{ config, ... }:
let
cfg = config.server.web-servers;
in
{
options.server.web-servers = {
enableSSL = mkEnableOption "";
};
config = mkMerge [
(mkIf cfg.enableSSL {
sops.secrets."keys/cloudflare".sopsFile = secrets + "/keys.yaml";
security.acme = {
acceptTerms = true;
defaults = {
inherit email;
dnsProvider = "cloudflare";
credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
};
certs = {
"rrv.sh".extraDomainNames = singleton "*.rrv.sh";
"bwfiq.com".extraDomainNames = singleton "*.bwfiq.com";
"slayment.com".extraDomainNames = singleton "*.slayment.com";
"aenyrathia.wiki".extraDomainNames = singleton "*.aenyrathia.wiki";
};
};
})
];
};
}