linde: use variable for domain names, where appropriate
1 file changed, 26 insertions(+), 26 deletions(-)
changed files
M system/linde.nix → system/linde.nix
@@ -477,10 +477,10 @@ reloadServices = [ "caddy" ]; validMinDays = 32; }; acceptTerms = true; - certs."stats.alanpearce.eu" = { - extraDomainNames = [ "*.stats.alanpearce.eu" ]; + certs."stats.${domain}" = { + extraDomainNames = [ "*.stats.${domain}" ]; }; - certs."redis.alanpearce.eu" = { + certs."redis.${domain}" = { group = "redis-website"; reloadServices = [ "redis-website" ]; };@@ -500,14 +500,14 @@ { "http://" = { # Needed for HTTP->HTTPS servers }; - "${hostname}.alanpearce.eu" = { + "${hostname}.${domain}" = { serverAliases = [ "https://" ]; extraConfig = '' respond * 204 ${security-headers {}} ''; }; - "pdns.alanpearce.eu" = { + "pdns.${domain}" = { extraConfig = '' log { output discard@@ -515,14 +515,14 @@ } reverse_proxy 127.0.0.1:8081 ''; }; - "id.alanpearce.eu" = { + "id.${domain}" = { extraConfig = '' encode zstd gzip ${security-headers {}} reverse_proxy http://${config.services.dex.settings.web.http} ''; }; - "files.alanpearce.eu" = { + "files.${domain}" = { extraConfig = '' encode zstd gzip ${security-headers {}}@@ -530,7 +530,7 @@ root * /srv/http/files file_server browse ''; }; - "ntfy.alanpearce.eu" = { + "ntfy.${domain}" = { extraConfig = '' encode zstd gzip ${security-headers {}}@@ -575,7 +575,7 @@ } } ''; }; - "binarycache.alanpearce.eu" = + "binarycache.${domain}" = let ns = config.services.nix-serve; in@@ -584,7 +584,7 @@ extraConfig = '' reverse_proxy ${ns.bindAddress}:${toString ns.port} ''; }; - "ci.alanpearce.eu" = + "ci.${domain}" = let srv = config.services.laminar; in@@ -597,13 +597,13 @@ file_server browse } ''; }; - "stats.alanpearce.eu" = + "stats.${domain}" = let srv = config.services.goatcounter; in { - useACMEHost = "stats.alanpearce.eu"; - serverAliases = [ "*.stats.alanpearce.eu" ]; + useACMEHost = "stats.${domain}"; + serverAliases = [ "*.stats.${domain}" ]; extraConfig = '' reverse_proxy ${srv.address}:${toString srv.port} '';@@ -616,7 +616,7 @@ root * /srv/http/go file_server ''; }; - "glitch.alanpearce.eu" = + "glitch.${domain}" = let srv = config.services.glitchtip; in@@ -810,7 +810,7 @@ }; users.groups.dex = { }; services.dex = let - issuer = "https://id.alanpearce.eu/"; + issuer = "https://id.${domain}/"; in { enable = true;@@ -870,8 +870,8 @@ requirePassFile = config.age.secrets.redis-website.path; settings = { notify-keyspace-events = "KEA"; tls-port = 6379; - tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem"; - tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem"; + tls-cert-file = "/var/lib/acme/redis.${domain}/cert.pem"; + tls-key-file = "/var/lib/acme/redis.${domain}/key.pem"; tls-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt"; tls-auth-clients = false; };@@ -901,7 +901,7 @@ baseURL = "https://searchix.ovh"; in { inherit baseURL; - sentryDSN = "https://b7abe00ca3f349f6bf6594141b934e01@glitch.alanpearce.eu/1"; + sentryDSN = "https://b7abe00ca3f349f6bf6594141b934e01@glitch.${domain}/1"; contentSecurityPolicy = let self = "'self'";@@ -910,17 +910,17 @@ { script-src = [ (baseURL + "/static/") "'unsafe-inline'" - "https://searchix.stats.alanpearce.eu" + "https://searchix.stats.${domain}" "https://browser.sentry-cdn.com" ]; img-src = [ self - "https://searchix.stats.alanpearce.eu" + "https://searchix.stats.${domain}" ]; connect-src = [ self - "https://searchix.stats.alanpearce.eu/count" - "https://glitch.alanpearce.eu" + "https://searchix.stats.${domain}/count" + "https://glitch.${domain}" ]; worker-src = [ "blob:"@@ -932,12 +932,12 @@ src="https://browser.sentry-cdn.com/9.15.0/bundle.min.js" crossorigin="anonymous"></script> <script> Sentry.init({ - dsn: "https://91f03ed699fa42a39cfa114373adb80a@glitch.alanpearce.eu/2", + dsn: "https://91f03ed699fa42a39cfa114373adb80a@glitch.${domain}/2", tracesSampleRate: 0.01, }); </script> - <script data-goatcounter="https://searchix.stats.alanpearce.eu/count" - async src="//searchix.stats.alanpearce.eu/count.v4.js" + <script data-goatcounter="https://searchix.stats.${domain}/count" + async src="//searchix.stats.${domain}/count.v4.js" crossorigin="anonymous" integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script> '';@@ -991,7 +991,7 @@ enable = true; redis.createLocally = true; database.createLocally = true; settings = { - GLITCHTIP_DOMAIN = "https://glitch.alanpearce.eu"; + GLITCHTIP_DOMAIN = "https://glitch.${domain}"; ENABLE_ORGANIZATION_CREATION = true; }; };