From 5ee6a1c3b776df92423945be3d14162a881edb90 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 20 Jan 2021 00:21:21 +0000 Subject: [PATCH] ops/nixos/quotes.bfob.gg: add my.quotesdb.listen option --- ops/nixos/clouvider-lon01/default.nix | 5 +++++ ops/nixos/lib/quotes.bfob.gg.nix | 23 +++++++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index a2d302d3e6..0d3caf697c 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -305,5 +305,10 @@ in { }; }; + my.quotesdb.listen = [ + "185.198.188.29" + "[2a0a:54c0:0:17::2]" + ]; + system.stateVersion = "20.09"; } diff --git a/ops/nixos/lib/quotes.bfob.gg.nix b/ops/nixos/lib/quotes.bfob.gg.nix index 7e84777627..e31e08d930 100644 --- a/ops/nixos/lib/quotes.bfob.gg.nix +++ b/ops/nixos/lib/quotes.bfob.gg.nix @@ -1,4 +1,4 @@ -{ config, depot, lib, ... }: +{ config, options, depot, lib, ... }: let inherit (depot.ops) secrets; @@ -7,7 +7,24 @@ let sock = "/run/quotesdb/gunicorn.sock"; in { - config = { + options = with lib; { + my.quotesdb.listen = lib.mkOption { + type = with types; listOf str; + default = [ "127.0.0.1" "[::1]" ]; + }; + }; + + config = let + nginxListen = (map (addr: { + inherit addr; + port = 80; + ssl = false; + }) config.my.quotesdb.listen) ++ (map (addr: { + inherit addr; + port = 443; + ssl = true; + }) config.my.quotesdb.listen); + in { security.acme = { acceptTerms = true; email = lib.mkDefault "letsencrypt@lukegb.com"; @@ -21,11 +38,13 @@ in services.nginx = { enable = lib.mkDefault true; virtualHosts."qdb.bfob.gg" = { + listen = nginxListen; useACMEHost = "bfob.gg"; globalRedirect = "quotes.bfob.gg"; forceSSL = true; }; virtualHosts."quotes.bfob.gg" = { + listen = nginxListen; useACMEHost = "bfob.gg"; forceSSL = true; locations."/static" = {