2023-08-31 01:55:45 +03:00
|
|
|
{ depot, lib, ... }:
|
2023-06-05 00:29:13 +03:00
|
|
|
|
|
|
|
let
|
2023-08-31 01:55:45 +03:00
|
|
|
inherit (depot.lib.meta) domain;
|
2023-06-05 00:29:13 +03:00
|
|
|
|
|
|
|
acmeUseDNS = name: conf: {
|
|
|
|
name = conf.useACMEHost or conf.serverName or name;
|
|
|
|
value = {
|
|
|
|
dnsProvider = "pdns";
|
|
|
|
webroot = null;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
isACME = _: conf: conf ? enableACME && conf.enableACME;
|
|
|
|
in
|
|
|
|
|
2022-08-09 21:10:25 +03:00
|
|
|
{
|
|
|
|
services.websites = {
|
2023-06-05 00:29:13 +03:00
|
|
|
nodes.host = [ "checkmate" "thunderskin" "VEGAS" "prophet" ];
|
2023-08-31 01:55:45 +03:00
|
|
|
nixos.host = { config, depot, ... }: let
|
|
|
|
|
|
|
|
importWebsites = expr: import expr {
|
|
|
|
tools = depot.lib.nginx;
|
|
|
|
inherit (depot) packages;
|
|
|
|
};
|
|
|
|
|
|
|
|
websites = depot.lib.nginx.mappers.mapSubdomains (importWebsites ./websites.nix);
|
|
|
|
|
|
|
|
in {
|
2023-06-05 00:29:13 +03:00
|
|
|
services.nginx.virtualHosts = websites;
|
|
|
|
security.acme.certs = lib.mapAttrs' acmeUseDNS (lib.filterAttrs isACME websites);
|
|
|
|
consul.services.nginx = {
|
|
|
|
mode = "external";
|
|
|
|
definition = {
|
|
|
|
name = "static-lb";
|
|
|
|
address = depot.reflection.interfaces.primary.addrPublic;
|
|
|
|
port = 443;
|
|
|
|
checks = lib.singleton {
|
|
|
|
interval = "60s";
|
|
|
|
tcp = "127.0.0.1:80";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2022-08-09 21:10:25 +03:00
|
|
|
};
|
2023-06-05 00:29:13 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
monitoring.blackbox.targets = {
|
|
|
|
web = {
|
|
|
|
address = "https://www.${domain}";
|
|
|
|
module = "https2xx";
|
2022-08-09 21:10:25 +03:00
|
|
|
};
|
|
|
|
};
|
2023-11-03 00:50:27 +02:00
|
|
|
|
2023-12-04 00:59:13 +02:00
|
|
|
dns.records = let
|
|
|
|
oldStaticAddr = [ depot.hours.VEGAS.interfaces.primary.addrPublic ];
|
|
|
|
in lib.mkMerge [
|
2023-12-03 18:51:48 +02:00
|
|
|
(lib.genAttrs [ "www" "draw" "stop-using-nix-env" "whoami" ] (lib.const {
|
|
|
|
consulService = "static-lb";
|
|
|
|
}))
|
|
|
|
{
|
|
|
|
CNAME = {
|
|
|
|
name = "@";
|
|
|
|
type = "CNAME";
|
|
|
|
target = [ "www.${domain}." ];
|
|
|
|
};
|
2023-12-04 00:59:13 +02:00
|
|
|
|
|
|
|
autoconfig.target = oldStaticAddr;
|
|
|
|
|
|
|
|
ktp.target = oldStaticAddr;
|
|
|
|
legacy.target = oldStaticAddr;
|
|
|
|
|
|
|
|
# jokes
|
|
|
|
"bone-ds-dc.com-ldap".target = oldStaticAddr;
|
|
|
|
rzentrale.target = oldStaticAddr;
|
|
|
|
wunschnachricht.target = oldStaticAddr;
|
2023-12-03 18:51:48 +02:00
|
|
|
}
|
|
|
|
];
|
2022-08-09 21:10:25 +03:00
|
|
|
}
|