Inherit nextcloud vHost config from module.

2019-09-08 15:27:22 +02:00 · 2019-09-08 15:27:22 +02:00 · 5c081e2797
commit 5c081e2797
parent 21b2170e67
2 changed files with 7 additions and 97 deletions
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -7,7 +7,7 @@
 #   - Mail ssl root                                                                          #
 ##############################################################################################

-{ config, lib, pkgs, ... }:
+{ options, config, lib, pkgs, ... }:

 with lib;
 with builtins;
@ -17,7 +17,7 @@ mkIf (elem "nginx" config.machine.services) {
    vHostConfigs = listToAttrs (map
      (name: {
        name = (replaceStrings [ ".nix" ] [ "" ] name);
-        value = (import (./. + (toPath "/nginx_vHosts/${name}")) { inherit config lib pkgs; });})
+        value = (import (./. + (toPath "/nginx_vHosts/${name}")) { inherit options config lib pkgs; });})
      (attrNames (readDir ./nginx_vHosts)));

    mkVHost = vHost: {
--- a/services/nginx_vHosts/nextcloud.nix
+++ b/services/nginx_vHosts/nextcloud.nix
@ -1,103 +1,13 @@
-{ config, lib, pkgs, ... }:
+{ options, config, lib, pkgs, ... }:

 with lib;

 {
-  vHost = {
-    root = pkgs.nextcloud;
+  vHost = let
+    nextConf = import (lib.elemAt options.services.nextcloud.nginx.enable.declarations 0) { inherit config lib pkgs; };
+  in {
+    inherit ((elemAt nextConf.config.content.contents 2).content.services.nginx.virtualHosts.${config.services.nextcloud.hostName}) root extraConfig locations;
    enableACME = config.services.nextcloud.https;
    forceSSL = config.services.nextcloud.https;
-    locations = {
-      "= /robots.txt" = {
-        priority = 100;
-        extraConfig = ''
-          allow all;
-          log_not_found off;
-          access_log off;
-        '';
-      };
-      "/" = {
-        priority = 200;
-        extraConfig = "rewrite ^ /index.php$request_uri;";
-      };
-      "~ ^/store-apps" = {
-        priority = 201;
-        extraConfig = "root ${config.services.nextcloud.home};";
-      };
-      "= /.well-known/carddav" = {
-        priority = 210;
-        extraConfig = "return 301 $scheme://$host/remote.php/dav;";
-      };
-      "= /.well-known/caldav" = {
-        priority = 210;
-        extraConfig = "return 301 $scheme://$host/remote.php/dav;";
-      };
-      "~ ^\\/(?:build|tests|config|lib|3rdparty|templates|data)\\/" = {
-        priority = 300;
-        extraConfig = "deny all;";
-      };
-      "~ ^\\/(?:\\.|autotest|occ|issue|indie|db_|console)" = {
-        priority = 300;
-        extraConfig = "deny all;";
-      };
-      "~ ^\\/(?:index|remote|public|cron|core/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|ocs-provider\\/.+|ocm-provider\\/.+)\\.php(?:$|\\/)" = {
-        priority = 500;
-        extraConfig = ''
-          include ${config.services.nginx.package}/conf/fastcgi.conf;
-          fastcgi_split_path_info ^(.+\.php)(\\/.*)$;
-          fastcgi_param PATH_INFO $fastcgi_path_info;
-          fastcgi_param HTTPS ${if config.services.nextcloud.https then "on" else "off"};
-          fastcgi_param modHeadersAvailable true;
-          fastcgi_param front_controller_active true;
-          fastcgi_pass unix:/run/phpfpm/nextcloud;
-          fastcgi_intercept_errors on;
-          fastcgi_request_buffering off;
-          fastcgi_read_timeout 120s;
-        '';
-      };
-      "~ ^/(?:updater|ocs-provider|ocm-provider)(?:$|\\/)".extraConfig = ''
-        try_files $uri/ =404;
-        index index.php;
-      '';
-      "~ \\.(?:css|js|woff2?|svg|gif)$".extraConfig = ''
-        try_files $uri /index.php$request_uri;
-        add_header Cache-Control "public, max-age=15778463";
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Robots-Tag none;
-        add_header X-Download-Options noopen;
-        add_header X-Permitted-Cross-Domain-Policies none;
-        add_header Referrer-Policy no-referrer;
-        access_log off;
-      '';
-      "~ \\.(?:png|html|ttf|ico|jpg|jpeg)$".extraConfig = ''
-        try_files $uri /index.php$request_uri;
-        access_log off;
-      '';
-    };
-    extraConfig = ''
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
-      add_header X-Robots-Tag none;
-      add_header X-Download-Options noopen;
-      add_header X-Permitted-Cross-Domain-Policies none;
-      add_header Referrer-Policy no-referrer;
-      error_page 403 /core/templates/403.php;
-      error_page 404 /core/templates/404.php;
-      client_max_body_size ${config.services.nextcloud.maxUploadSize};
-      fastcgi_buffers 64 4K;
-      fastcgi_hide_header X-Powered-By;
-      gzip on;
-      gzip_vary on;
-      gzip_comp_level 4;
-      gzip_min_length 256;
-      gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-      gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-      ${optionalString config.services.nextcloud.webfinger ''
-        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-      ''}
-    '';
  };
 }.vHost