Format the entire project.

2023-09-11 20:23:04 +02:00 · 2023-09-11 20:23:04 +02:00 · 6f9db5e3a4
commit 6f9db5e3a4
parent 1dc50ae17d
115 changed files with 3451 additions and 2901 deletions
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -6,48 +6,54 @@
 #   - Nextcloud                                                                              #
 #   - Mail ssl root                                                                          #
 ##############################################################################################
-
-{ options, config, lib, pkgs, ... }:
-
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 with lib;
 with builtins;
+  mkIf (elem "nginx" config.machine.services) {
+    services.nginx = let
+      vHostConfigs = listToAttrs (map
+        (name: {
+          name = replaceStrings [".nix"] [""] name;
+          value = import (./. + (toPath "/nginx_vHosts/${name}")) {inherit options config lib pkgs;};
+        })
+        (attrNames (readDir ./nginx_vHosts)));

-mkIf (elem "nginx" config.machine.services) {
-  services.nginx = let
-    vHostConfigs = listToAttrs (map
-      (name: {
-        name = (replaceStrings [ ".nix" ] [ "" ] name);
-        value = (import (./. + (toPath "/nginx_vHosts/${name}")) { inherit options config lib pkgs; });})
-      (attrNames (readDir ./nginx_vHosts)));
+      mkVHost = vHost: {
+        name = vHost.domain;
+        value =
+          {
+            enableACME = true;
+            forceSSL = true;
+            acmeRoot = "/var/lib/acme/acme-challenge";
+          }
+          // vHostConfigs."${vHost.service}";
+      };

-    mkVHost = vHost: {
-      name = vHost.domain;
-      value = {
-        enableACME = true;
-        forceSSL = true;
-        acmeRoot = "/var/lib/acme/acme-challenge";
-      } // vHostConfigs."${vHost.service}"; };
-
-    vHosts = listToAttrs (map mkVHost config.machine.vHosts);
-
-  in {
-    enable = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
-    sslProtocols = "TLSv1.3 TLSv1.2";
-    commonHttpConfig = ''
-      map $scheme $hsts_header {
-          https   "max-age=31536000; includeSubdomains; preload";
-      }
-      add_header Strict-Transport-Security $hsts_header;
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
-      # add_header X-Frame-Options DENY;
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
-    '';
-    virtualHosts = vHosts;
-  };
-}
+      vHosts = listToAttrs (map mkVHost config.machine.vHosts);
+    in {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
+      sslProtocols = "TLSv1.3 TLSv1.2";
+      commonHttpConfig = ''
+        map $scheme $hsts_header {
+            https   "max-age=31536000; includeSubdomains; preload";
+        }
+        add_header Strict-Transport-Security $hsts_header;
+        add_header 'Referrer-Policy' 'origin-when-cross-origin';
+        # add_header X-Frame-Options DENY;
+        add_header X-Content-Type-Options nosniff;
+        add_header X-XSS-Protection "1; mode=block";
+      '';
+      virtualHosts = vHosts;
+    };
+  }