rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(modules/nginx): simplify ssl conditional logic and merge virtual hosts

Browse source
This commit is contained in:
Mohammad Rafiq 2025-06-13 00:02:29 +08:00
parent 23236b19cb
commit d6da064163
No known key found for this signature in database
1 changed files with 14 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

21
modules/nixos/server/web-servers/nginx/default.nix
View file

@ -1,26 +1,30 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (lib) mkOption mkEnableOption mkIf; inherit (lib)
mkMerge
mkOption
mkEnableOption
mkIf
;
inherit (lib.pantheon) mkStrOption; inherit (lib.pantheon) mkStrOption;
inherit (builtins) listToAttrs map; inherit (builtins) listToAttrs map;
inherit (config.server.web-servers) enableSSL;
cfg = config.server.web-servers.nginx; cfg = config.server.web-servers.nginx;
defaultSink = mkIf cfg.enableDefaultSink { defaultSink = mkIf cfg.enableDefaultSink {
"_" = { "_" = {
default = true; default = true;
rejectSSL = mkIf enableSSL true; rejectSSL = true;
locations."/" = { locations."/" = {
return = "444"; return = "444";
}; };
}; };
}; };
sslCheck = if config.server.web-servers.enableSSL then true else false;
proxyPasses = listToAttrs ( proxyPasses = listToAttrs (
map (proxy: { map (proxy: {
name = proxy.source; name = proxy.source;
value = { value = {
forceSSL = mkIf enableSSL true; enableACME = sslCheck;
enableACME = mkIf enableSSL true; acmeRoot = null;
acmeRoot = mkIf enableSSL null;
locations."/" = { locations."/" = {
proxyPass = proxy.target; proxyPass = proxy.target;
} // proxy.extraConfig; } // proxy.extraConfig;
@ -69,7 +73,10 @@ in
]; ];
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = defaultSink // proxyPasses; virtualHosts = mkMerge [
defaultSink
proxyPasses
];
}; };
}; };
} }