summaryrefslogtreecommitdiffstats
path: root/lass/3modules/wordpress_nginx.nix
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-08 03:23:28 +0100
committertv <tv@krebsco.de>2016-02-08 03:35:29 +0100
commit8e93530796982db49ddeb06201d2f5bb57d51ccc (patch)
tree0c2982f48ca668cc034f4c10485c6a5b0e841d81 /lass/3modules/wordpress_nginx.nix
parent7a9f130c1230faf9662000dbd9ba8f06170bf254 (diff)
parent5856d240888e89dbed141087c9580026f52dff59 (diff)
Merge remote-tracking branch 'cloudkrebs/master'
Diffstat (limited to 'lass/3modules/wordpress_nginx.nix')
-rw-r--r--lass/3modules/wordpress_nginx.nix29
1 files changed, 28 insertions, 1 deletions
diff --git a/lass/3modules/wordpress_nginx.nix b/lass/3modules/wordpress_nginx.nix
index 974aacd83..bfed9e7c6 100644
--- a/lass/3modules/wordpress_nginx.nix
+++ b/lass/3modules/wordpress_nginx.nix
@@ -53,6 +53,23 @@ let
"1" = "test.testsite.de";
};
};
+ ssl = mkOption {
+ type = with types; submodule ({
+ options = {
+ enable = mkEnableOption "ssl";
+ certificate = mkOption {
+ type = str;
+ };
+ certificate_key = mkOption {
+ type = str;
+ };
+ ciphers = mkOption {
+ type = str;
+ default = "AES128+EECDH:AES128+EDH";
+ };
+ };
+ });
+ };
};
}));
default = {};
@@ -68,7 +85,7 @@ let
# }
#'';
- krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ... }: {
+ krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, multiSite, ssl, ... }: {
server-names = [
"${domain}"
"www.${domain}"
@@ -114,7 +131,17 @@ let
error_log /tmp/nginx_err.log;
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
+ ${if ssl.enable then ''
+ ssl_certificate ${ssl.certificate};
+ ssl_certificate_key ${ssl.certificate_key};
+ '' else ""}
+
'';
+ listen = (if ssl.enable then
+ [ "80" "443 ssl" ]
+ else
+ "80"
+ );
});
services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: ''
listen = ${folder}/phpfpm.pool