From 45343b1e14a3fd2f581465d3e78adac372918a0c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 1 Feb 2016 16:03:03 +0100 Subject: l 3 *_nginx: allow configuration of ssl --- lass/3modules/owncloud_nginx.nix | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'lass/3modules/owncloud_nginx.nix') diff --git a/lass/3modules/owncloud_nginx.nix b/lass/3modules/owncloud_nginx.nix index 0cb11846..79c9de1d 100644 --- a/lass/3modules/owncloud_nginx.nix +++ b/lass/3modules/owncloud_nginx.nix @@ -46,8 +46,22 @@ let type = str; }; ssl = mkOption { - type = bool; - default = false; + type = with types; submodule ({ + options = { + enable = mkEnableOption "ssl"; + certificate = mkOption { + type = str; + }; + certificate_key = mkOption { + type = str; + }; + ciphers = mkOption { + type = str; + default = "AES128+EECDH:AES128+EDH"; + }; + }; + }); + default = {}; }; }; })); @@ -58,7 +72,7 @@ let group = config.services.nginx.group; imp = { - krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ... }: { + krebs.nginx.servers = flip mapAttrs cfg ( name: { domain, folder, ssl, ... }: { server-names = [ "${domain}" "www.${domain}" @@ -102,7 +116,16 @@ let error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; + ${if ssl.enable then '' + ssl_certificate ${ssl.certificate}; + ssl_certificate_key ${ssl.certificate_key}; + '' else ""} ''; + listen = (if ssl.enable then + [ "80" "443 ssl" ] + else + "80" + ); }); services.phpfpm.poolConfigs = flip mapAttrs cfg (name: { domain, folder, ... }: '' listen = ${folder}/phpfpm.pool -- cgit v1.2.3