30 lines
948 B
Nix
30 lines
948 B
Nix
{pkgs, lib, ...}: let
|
|
mkFileCopy = name: file: "cp ${file} $out/${name}";
|
|
mkWellKnownDir = files: pkgs.runCommand "well-known" {} ''
|
|
mkdir -p $out
|
|
${lib.concatStringsSep "\n" (lib.mapAttrsToList mkFileCopy files)}
|
|
'';
|
|
mkWellKnownCfg = files: {
|
|
useACMEHost = "gaze.systems";
|
|
forceSSL = true;
|
|
locations."/.well-known/".extraConfig = ''
|
|
add_header content-type text/plain;
|
|
add_header access-control-allow-origin *;
|
|
alias ${mkWellKnownDir files}/;
|
|
'';
|
|
};
|
|
mkDidWebCfg = domain: {
|
|
"${domain}" = mkWellKnownCfg {
|
|
"did.json" = ../../../secrets/${domain}.did;
|
|
"atproto-did" = pkgs.writeText "server" "did:web:${domain}";
|
|
};
|
|
};
|
|
in {
|
|
services.nginx.virtualHosts = {
|
|
"gaze.systems" = mkWellKnownCfg {
|
|
"atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae";
|
|
};
|
|
} // (mkDidWebCfg "dawn.gaze.systems")
|
|
// (mkDidWebCfg "guestbook.gaze.systems");
|
|
}
|