web-redirect: init new service for simple domain redirects

2025-03-17 02:25:28 +00:00 · 2025-03-17 02:25:28 +00:00 · 55000c365a
parent addbf7ac3e
commit 55000c365a
4 changed files with 42 additions and 19 deletions
--- a/hosts/orm/default.nix
+++ b/hosts/orm/default.nix
@ -61,15 +61,10 @@
    enable = true;
    domain = "actual.unspecified.systems";
  };
-
-  services.nginx = {
+  fountain.services.web-redirect = {
    enable = true;
-    virtualHosts = {
-      "actual.qenya.tel" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".return = "301 https://actual.unspecified.systems$request_uri";
-      };
+    domains = {
+      "actual.qenya.tel" = "actual.unspecified.systems";
    };
  };

--- a/hosts/yevaud/default.nix
+++ b/hosts/yevaud/default.nix
@ -40,20 +40,17 @@
    enable = true;
    domain = "git.unspecified.systems";
  };
+  fountain.services.web-redirect = {
+    enable = true;
+    domains = {
+      "git.katherina.rocks" = "git.unspecified.systems";
+      "git.qenya.tel" = "git.unspecified.systems";
+    };
+  };

  services.nginx = {
    enable = true;
    virtualHosts = {
-      "git.katherina.rocks" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".return = "301 https://git.unspecified.systems$request_uri";
-      };
-      "git.qenya.tel" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."/".return = "301 https://git.unspecified.systems$request_uri";
-      };
      "birdsong.network" = {
        forceSSL = true;
        enableACME = true;
--- a/services/default.nix
+++ b/services/default.nix
@ -8,5 +8,6 @@
    ./navidrome.nix
    ./pipewire-low-latency.nix
    ./remote-builder.nix
+    ./web-redirect.nix
  ];
 }
--- a/services/web-redirect.nix
+++ b/services/web-redirect.nix
@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkOption mkEnableOption types;
+  cfg = config.fountain.services.web-redirect;
+in
+{
+  options.fountain.services.web-redirect = {
+    enable = mkEnableOption "Module to do simple 301 redirects from one domain to another";
+    domains = mkOption {
+      type = types.attrsOf types.str;
+      description = "Mapping from source domain to destination domain";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts = builtins.mapAttrs
+        (name: value: {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".return = "301 https://${value}$request_uri";
+        })
+        cfg.domains;
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}