all repos — nixfiles @ aab739c34b303b0ec082775cb76084291ab310ef

System and user configuration, managed by nix and home-manager

linde: use variable for domain names, where appropriate

Alan Pearce
commit

aab739c34b303b0ec082775cb76084291ab310ef

parent

739ba7d7f1101679f79cfa455ae2cee9e207f631

1 file changed, 26 insertions(+), 26 deletions(-)

changed files
M system/linde.nixsystem/linde.nix
@@ -477,10 +477,10 @@ reloadServices = [ "caddy" ];
validMinDays = 32; }; acceptTerms = true; - certs."stats.alanpearce.eu" = { - extraDomainNames = [ "*.stats.alanpearce.eu" ]; + certs."stats.${domain}" = { + extraDomainNames = [ "*.stats.${domain}" ]; }; - certs."redis.alanpearce.eu" = { + certs."redis.${domain}" = { group = "redis-website"; reloadServices = [ "redis-website" ]; };
@@ -500,14 +500,14 @@ {
"http://" = { # Needed for HTTP->HTTPS servers }; - "${hostname}.alanpearce.eu" = { + "${hostname}.${domain}" = { serverAliases = [ "https://" ]; extraConfig = '' respond * 204 ${security-headers {}} ''; }; - "pdns.alanpearce.eu" = { + "pdns.${domain}" = { extraConfig = '' log { output discard
@@ -515,14 +515,14 @@ }
reverse_proxy 127.0.0.1:8081 ''; }; - "id.alanpearce.eu" = { + "id.${domain}" = { extraConfig = '' encode zstd gzip ${security-headers {}} reverse_proxy http://${config.services.dex.settings.web.http} ''; }; - "files.alanpearce.eu" = { + "files.${domain}" = { extraConfig = '' encode zstd gzip ${security-headers {}}
@@ -530,7 +530,7 @@ root * /srv/http/files
file_server browse ''; }; - "ntfy.alanpearce.eu" = { + "ntfy.${domain}" = { extraConfig = '' encode zstd gzip ${security-headers {}}
@@ -575,7 +575,7 @@ }
} ''; }; - "binarycache.alanpearce.eu" = + "binarycache.${domain}" = let ns = config.services.nix-serve; in
@@ -584,7 +584,7 @@ extraConfig = ''
reverse_proxy ${ns.bindAddress}:${toString ns.port} ''; }; - "ci.alanpearce.eu" = + "ci.${domain}" = let srv = config.services.laminar; in
@@ -597,13 +597,13 @@ file_server browse
} ''; }; - "stats.alanpearce.eu" = + "stats.${domain}" = let srv = config.services.goatcounter; in { - useACMEHost = "stats.alanpearce.eu"; - serverAliases = [ "*.stats.alanpearce.eu" ]; + useACMEHost = "stats.${domain}"; + serverAliases = [ "*.stats.${domain}" ]; extraConfig = '' reverse_proxy ${srv.address}:${toString srv.port} '';
@@ -616,7 +616,7 @@ root * /srv/http/go
file_server ''; }; - "glitch.alanpearce.eu" = + "glitch.${domain}" = let srv = config.services.glitchtip; in
@@ -810,7 +810,7 @@ };
users.groups.dex = { }; services.dex = let - issuer = "https://id.alanpearce.eu/"; + issuer = "https://id.${domain}/"; in { enable = true;
@@ -870,8 +870,8 @@ requirePassFile = config.age.secrets.redis-website.path;
settings = { notify-keyspace-events = "KEA"; tls-port = 6379; - tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem"; - tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem"; + tls-cert-file = "/var/lib/acme/redis.${domain}/cert.pem"; + tls-key-file = "/var/lib/acme/redis.${domain}/key.pem"; tls-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt"; tls-auth-clients = false; };
@@ -901,7 +901,7 @@ baseURL = "https://searchix.ovh";
in { inherit baseURL; - sentryDSN = "https://b7abe00ca3f349f6bf6594141b934e01@glitch.alanpearce.eu/1"; + sentryDSN = "https://b7abe00ca3f349f6bf6594141b934e01@glitch.${domain}/1"; contentSecurityPolicy = let self = "'self'";
@@ -910,17 +910,17 @@ {
script-src = [ (baseURL + "/static/") "'unsafe-inline'" - "https://searchix.stats.alanpearce.eu" + "https://searchix.stats.${domain}" "https://browser.sentry-cdn.com" ]; img-src = [ self - "https://searchix.stats.alanpearce.eu" + "https://searchix.stats.${domain}" ]; connect-src = [ self - "https://searchix.stats.alanpearce.eu/count" - "https://glitch.alanpearce.eu" + "https://searchix.stats.${domain}/count" + "https://glitch.${domain}" ]; worker-src = [ "blob:"
@@ -932,12 +932,12 @@ src="https://browser.sentry-cdn.com/9.15.0/bundle.min.js"
crossorigin="anonymous"></script> <script> Sentry.init({ - dsn: "https://91f03ed699fa42a39cfa114373adb80a@glitch.alanpearce.eu/2", + dsn: "https://91f03ed699fa42a39cfa114373adb80a@glitch.${domain}/2", tracesSampleRate: 0.01, }); </script> - <script data-goatcounter="https://searchix.stats.alanpearce.eu/count" - async src="//searchix.stats.alanpearce.eu/count.v4.js" + <script data-goatcounter="https://searchix.stats.${domain}/count" + async src="//searchix.stats.${domain}/count.v4.js" crossorigin="anonymous" integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script> '';
@@ -991,7 +991,7 @@ enable = true;
redis.createLocally = true; database.createLocally = true; settings = { - GLITCHTIP_DOMAIN = "https://glitch.alanpearce.eu"; + GLITCHTIP_DOMAIN = "https://glitch.${domain}"; ENABLE_ORGANIZATION_CREATION = true; }; };