cluster/simulacrum/nowhere: make optional

cluster/simulacrum/nowhere/default.nix

@@ -58,44 +58,46 @@ in
   imports = [
     ./options.nix
   ];
-  defaults = {
+  config = lib.mkIf config.nowhere.enable {
-    networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
+    defaults = {
-    security.pki.certificateFiles = [
+      networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
-      "${ca}/ca.pem"
+      security.pki.certificateFiles = [
-    ];
+        "${ca}/ca.pem"
-  };
+      ];
-
-  nowhere.certs = {
-    inherit ca;
-    intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
-      CN = "Simulacrum Intermediate CA";
     };
-  };
 
-  nodes.nowhere = { config, depot, ... }: {
+    nowhere.certs = {
-    networking = {
+      inherit ca;
-      firewall.allowedTCPPorts = [ 443 ];
+      intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
-      interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
+        CN = "Simulacrum Intermediate CA";
-        address = hour.interfaces.primary.addrPublic;
+      };
-        prefixLength = 32;
-        via = getNodeAddr name;
-      }) depot.gods.fromLight;
-      nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
     };
-    services.nginx = {
+
-      enable = true;
+    nodes.nowhere = { config, depot, ... }: {
-      recommendedProxySettings = true;
+      networking = {
-      virtualHosts = lib.mapAttrs (name: link: let
+        firewall.allowedTCPPorts = [ 443 ];
-        cert = genHostCert name;
+        interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
-      in {
+          address = hour.interfaces.primary.addrPublic;
-        forceSSL = true;
+          prefixLength = 32;
-        sslCertificate = "${cert}/cert.pem";
+          via = getNodeAddr name;
-        sslCertificateKey = "${cert}/cert-key.pem";
+        }) depot.gods.fromLight;
-        locations."/" = {
+        nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
-          proxyPass = config.links.${link}.url;
+      };
-          extraConfig = "proxy_ssl_verify off;";
+      services.nginx = {
-        };
+        enable = true;
-      }) lift.nowhere.names;
+        recommendedProxySettings = true;
+        virtualHosts = lib.mapAttrs (name: link: let
+          cert = genHostCert name;
+        in {
+          forceSSL = true;
+          sslCertificate = "${cert}/cert.pem";
+          sslCertificateKey = "${cert}/cert-key.pem";
+          locations."/" = {
+            proxyPass = config.links.${link}.url;
+            extraConfig = "proxy_ssl_verify off;";
+          };
+        }) lift.nowhere.names;
+      };
     };
   };
 }

cluster/simulacrum/nowhere/options.nix

@@ -2,6 +2,7 @@
 
 {
   options.nowhere = {
+    enable = lib.mkEnableOption "Nowhere";
     names = lib.mkOption {
       description = "Hostnames that point Nowhere.";
       type = with lib.types; attrsOf str;