gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(nginx): ssl.cert.enable

Browse source
This commit is contained in:
arcnmx 2024-03-21 12:20:56 -07:00
parent 8f227a1bc5
commit f326a5f1f8
2 changed files with 27 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/nixos/nginx/ssl.nix
View file

@ -5,6 +5,7 @@
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkDefault mkOptionDefault mkOverride;
inherit (lib.trivial) warnIf;
mkAlmostOptionDefault = mkOverride 1250;
forceRedirectConfig = virtualHost: ''
if ($x_scheme = http) {
@ -42,6 +43,7 @@
readOnly = true;
};
cert = {
enable = mkEnableOption "ssl cert via name.shortServer";
name = mkOption {
type = nullOr str;
default = null;
@ -67,6 +69,9 @@
ssl = {
enable = mkOptionDefault (cfg.cert.name != null || cfg.cert.keyPath != null);
forced = mkOptionDefault (cfg.force != false && cfg.force != "reject");
cert.name = mkIf cfg.cert.enable (warnIf (config.name.shortServer == null) "ssl.cert.enable set but name.shortServer is null" (
mkAlmostOptionDefault config.name.shortServer
));
};
addSSL = mkIf (cfg.enable && (cfg.force == false || emitForce)) (mkDefault true);
forceSSL = mkIf (cfg.enable && cfg.force == true && !emitForce) (mkDefault true);