diff --git a/nixos/machines/railbird-sf.nix b/nixos/machines/railbird-sf.nix index b425c2ab..5b8bd902 100644 --- a/nixos/machines/railbird-sf.nix +++ b/nixos/machines/railbird-sf.nix @@ -20,6 +20,7 @@ services.org-agenda-api-host = { enable = true; domain = "rbsf.tplinkdns.com"; + extraDomains = [ "org-agenda-api.rbsf.railbird.ai" ]; containerImage = orgAgendaApiImageName; containerImageFile = orgAgendaApiContainer; secretsFile = config.age.secrets.org-api-auth-password.path; diff --git a/nixos/org-agenda-api-host.nix b/nixos/org-agenda-api-host.nix index 91cba81e..aa937720 100644 --- a/nixos/org-agenda-api-host.nix +++ b/nixos/org-agenda-api-host.nix @@ -18,6 +18,13 @@ in description = "Base domain name (service will be at org-agenda-api.)"; }; + extraDomains = mkOption { + type = types.listOf types.str; + default = []; + description = "Additional full domain names to serve (each gets its own ACME cert)"; + example = [ "org-agenda-api.example.com" ]; + }; + acmeEmail = mkOption { type = types.str; default = "IvanMalison@gmail.com"; @@ -93,18 +100,24 @@ in recommendedOptimisation = true; recommendedGzipSettings = true; - virtualHosts."org-agenda-api.${cfg.domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString containerPort}"; - proxyWebsockets = true; - extraConfig = '' - proxy_read_timeout 300s; - proxy_connect_timeout 75s; - ''; + virtualHosts = let + mkVirtualHost = domain: { + name = domain; + value = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString containerPort}"; + proxyWebsockets = true; + extraConfig = '' + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + ''; + }; + }; }; - }; + allDomains = [ "org-agenda-api.${cfg.domain}" ] ++ cfg.extraDomains; + in builtins.listToAttrs (map mkVirtualHost allDomains); }; # Open firewall for HTTP/HTTPS