Add extraDomains support and register rbsf.railbird.ai

- org-agenda-api-host now supports extraDomains option for additional domain names, each with its own ACME certificate - Add org-agenda-api.rbsf.railbird.ai as extra domain on railbird-sf Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-31 22:43:02 -08:00
parent 91db521dfd
commit 06dde4652d
2 changed files with 25 additions and 11 deletions
--- a/nixos/machines/railbird-sf.nix
+++ b/nixos/machines/railbird-sf.nix
@@ -20,6 +20,7 @@
  services.org-agenda-api-host = {
    enable = true;
    domain = "rbsf.tplinkdns.com";
+    extraDomains = [ "org-agenda-api.rbsf.railbird.ai" ];
    containerImage = orgAgendaApiImageName;
    containerImageFile = orgAgendaApiContainer;
    secretsFile = config.age.secrets.org-api-auth-password.path;
--- a/nixos/org-agenda-api-host.nix
+++ b/nixos/org-agenda-api-host.nix
@@ -18,6 +18,13 @@ in
      description = "Base domain name (service will be at org-agenda-api.<domain>)";
    };

+    extraDomains = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "Additional full domain names to serve (each gets its own ACME cert)";
+      example = [ "org-agenda-api.example.com" ];
+    };
+
    acmeEmail = mkOption {
      type = types.str;
      default = "IvanMalison@gmail.com";
@@ -93,18 +100,24 @@ in
      recommendedOptimisation = true;
      recommendedGzipSettings = true;

-      virtualHosts."org-agenda-api.${cfg.domain}" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString containerPort}";
-          proxyWebsockets = true;
-          extraConfig = ''
-            proxy_read_timeout 300s;
-            proxy_connect_timeout 75s;
-          '';
+      virtualHosts = let
+        mkVirtualHost = domain: {
+          name = domain;
+          value = {
+            enableACME = true;
+            forceSSL = true;
+            locations."/" = {
+              proxyPass = "http://127.0.0.1:${toString containerPort}";
+              proxyWebsockets = true;
+              extraConfig = ''
+                proxy_read_timeout 300s;
+                proxy_connect_timeout 75s;
+              '';
+            };
+          };
        };
-      };
+        allDomains = [ "org-agenda-api.${cfg.domain}" ] ++ cfg.extraDomains;
+      in builtins.listToAttrs (map mkVirtualHost allDomains);
    };

    # Open firewall for HTTP/HTTPS