aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFinn Behrens <me@kloenk.de>2020-11-14 10:54:10 +0100
committerFinn Behrens <me@kloenk.de>2020-11-19 20:18:44 +0100
commitd0d229c2a7aefbf8ee95bfe8b27bfc5ff58dd292 (patch)
tree309410c4aa9d34923ed0f2dfa229eed31e5564cd
parent681275db2e1d6c0183190735df2d98838b2ba181 (diff)
downloadbrook-d0d229c2a7aefbf8ee95bfe8b27bfc5ff58dd292.tar.gz
brook-d0d229c2a7aefbf8ee95bfe8b27bfc5ff58dd292.tar.xz
brook-d0d229c2a7aefbf8ee95bfe8b27bfc5ff58dd292.zip
fix types
-rw-r--r--nix/nginx.nix15
-rw-r--r--nix/prosody.nix20
2 files changed, 19 insertions, 16 deletions
diff --git a/nix/nginx.nix b/nix/nginx.nix
index d60b884..aa6af00 100644
--- a/nix/nginx.nix
+++ b/nix/nginx.nix
@@ -19,24 +19,27 @@ in
};
acmeHost = mkOption {
- type = types.str;
+ type = types.nullOr types.str;
+ default = null;
description = ''
An additional host address to use for acme handling. Not setting
this option will disable `useACMEHost` and `forceSSL` for this
virtualhost.
'';
};
+
+ enableACME = mkEnableOption "acme certificate creation";
};
config = mkIf cfg.nginx.enable {
services.nginx.virtualHosts."${cfg.nginx.hostAddr}" = {
- serverAliases = [ cfg.nginx.acmeHost ];
- enableACME = false;
+ serverAliases = lib.optional (cfg.nginx.acmeHost != null) cfg.nginx.acmeHost;
useACMEHost = cfg.nginx.acmeHost;
- forceSSL = true;
+ enableACME = cfg.nginx.enableACME;
+ forceSSL = lib.mkDefault true;
locations."/xmpp-bosh" = mkIf cfg.prosody.enable {
- proxyPass = "https://localhost:${cfg.prosody.port}/http-bind";
+ proxyPass = "https://localhost:${toString cfg.prosody.port}/http-bind";
extraConfig = ''
proxy_set_header Host ${cfg.prosody.guest-domain};
proxy_set_header X-Forwarded-For ${cfg.prosody.guest-domain};
@@ -50,7 +53,7 @@ in
};
locations."/metrics" = mkIf cfg.metrics.enable {
- proxyPass = "http://localhost:${cfg.metrics.port}";
+ proxyPass = "http://localhost:${toString cfg.metrics.port}";
};
};
};
diff --git a/nix/prosody.nix b/nix/prosody.nix
index cfbc551..7915fa1 100644
--- a/nix/prosody.nix
+++ b/nix/prosody.nix
@@ -17,7 +17,7 @@ in
};
guest-domain = mkOption {
- type = types.string;
+ type = types.str;
description = ''
The virtualhost prosody uses as an anonymous user scope.
By default prosody can either run in normal user mode, or in
@@ -27,7 +27,7 @@ in
};
certRoot = mkOption {
- type = types.string;
+ type = types.str;
description = ''
Pass in the root path to the certificates that the
prosody virtualhost should use.
@@ -40,21 +40,21 @@ in
modules = { bosh = true; websocket = true; };
virtualHosts."${cfg.prosody.guest-domain}" = {
- enable = true;
- domain = "${cfg.prosody.guest-domain}";
+ enabled = true;
+ domain = cfg.prosody.guest-domain;
ssl = {
cert = "${cfg.prosody.certRoot}/fullchain.pem";
key = "${cfg.prosody.certRoot}/key.pem";
};
extraConfig = ''
- authentication = "anonymous"
- http_host = ${cfg.prosody.guest-domain}
- '';
+ authentication = "anonymous"
+ http_host = ${cfg.prosody.guest-domain}
+ '';
};
- extraConfig = services.prosody.extraConfig + ''
- consider_bosh_secure = true
- '';
+ #extraConfig = config.services.prosody.extraConfig + ''
+ # consider_bosh_secure = true
+ #'';
};
};
}