Use configuration options for remaining hardcoded values in module

2025-11-22 02:41:35 +01:00 · 2024-08-18 15:26:33 +02:00
parent 5accbb4283
commit 9ac950e8a1
3 changed files with 40 additions and 12 deletions
--- a/nix/demo-server/default.nix
+++ b/nix/demo-server/default.nix
@@ -66,6 +66,10 @@
    enable = true;
    package = localArchtikaPackage;
    jwtSecret = "a42kVyAhTImYxZeebZkApoAZLmf0VtDA";
+    domain = "demo.archtika.com";
+    acmeEmail = "thilo.hohlt@tutanota.com";
+    dnsProvider = "porkbun";
+    dnsEnvironmentFile = /var/lib/porkbun.env;
  };

  system.stateVersion = "24.11";
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -50,6 +50,30 @@ in
      default = 10000;
      description = "Port on which the web application runs.";
    };
+
+    domain = mkOption {
+      type = types.str;
+      default = null;
+      description = "Domain to use for the application.";
+    };
+
+    acmeEmail = mkOption {
+      type = types.str;
+      default = null;
+      description = "Email to notify for the SSL certificate renewal process.";
+    };
+
+    dnsProvider = mkOption {
+      type = types.str;
+      default = null;
+      description = "DNS provider for the DNS-01 challenge (required for wildcard domains).";
+    };
+
+    dnsEnvironmentFile = mkOption {
+      type = types.path;
+      default = null;
+      description = "API secrets for the DNS-01 challenge (required for wildcard domains).";
+    };
  };

  config = mkIf cfg.enable {
@@ -104,7 +128,7 @@ in
      };

      script = ''
-        ORIGIN=https://demo.archtika.com PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
+        ORIGIN=https://${cfg.domain} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${cfg.package}/web-app
      '';
    };

@@ -129,8 +153,8 @@ in
      recommendedTlsSettings = true;

      virtualHosts = {
-        "demo.archtika.com" = {
-          useACMEHost = "demo.archtika.com";
+        "${cfg.domain}" = {
+          useACMEHost = cfg.domain;
          forceSSL = true;
          locations = {
            "/" = {
@@ -156,8 +180,8 @@ in
            };
          };
        };
-        "~^(?<subdomain>.+)\\.demo\\.archtika\\.com$" = {
-          useACMEHost = "demo.archtika.com";
+        "~^(?<subdomain>.+)\\.${lib.strings.escapeRegex cfg.domain}$" = {
+          useACMEHost = cfg.domain;
          forceSSL = true;
          locations = {
            "/" = {
@@ -172,12 +196,12 @@ in

    security.acme = {
      acceptTerms = true;
-      defaults.email = "thilo.hohlt@tutanota.com";
-      certs."demo.archtika.com" = {
-        domain = "demo.archtika.com";
-        extraDomainNames = ["*.demo.archtika.com"];
-        dnsProvider = "porkbun";
-        environmentFile = /var/lib/porkbun.env;
+      defaults.email = cfg.acmeEmail;
+      certs."${cfg.domain}" = {
+        domain = cfg.domain;
+        extraDomainNames = [ "*.${cfg.domain}" ];
+        dnsProvider = cfg.dnsProvider;
+        environmentFile = cfg.dnsEnvironmentFile;
        group = config.services.nginx.group;
      };
    };