ac6717fe3c
As suggested by sterni, this makes the self-redirect of a machine to its configuration a generic module working by convention. In the process of moving this two small fixes have been applied: * redirect is only applied if the URI is `/`, this is required for ACME to work * addSSL = true is added, otherwise we have a certificate but no TLS listener Change-Id: Icaef041ff681253a61e36926417bdb2844e3f93d Reviewed-on: https://cl.tvl.fyi/c/depot/+/5313 Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
27 lines
632 B
Nix
27 lines
632 B
Nix
# Redirect the hostname of a machine to its configuration in a web
|
|
# browser.
|
|
#
|
|
# Works by convention, assuming that the machine has its configuration
|
|
# at //ops/machines/${hostname}.
|
|
{ config, ... }:
|
|
|
|
let
|
|
host = "${config.networking.hostName}.${config.networking.domain}";
|
|
in
|
|
{
|
|
imports = [
|
|
./base.nix
|
|
];
|
|
|
|
config.services.nginx.virtualHosts."${host}" = {
|
|
serverName = host;
|
|
addSSL = true; # SSL is not forced on these redirects
|
|
enableACME = true;
|
|
|
|
extraConfig = ''
|
|
location = / {
|
|
return 302 https://at.tvl.fyi/?q=%2F%2Fops%2Fmachines%2F${config.networking.hostName};
|
|
}
|
|
'';
|
|
};
|
|
}
|