use merge to segment the complex nginx proxy settings

2026-02-05 05:32:46 -06:00
parent 2a290f2fe2
commit 08cc3379ad
7 changed files with 357 additions and 337 deletions
--- a/modules/servers/synapse.nix
+++ b/modules/servers/synapse.nix
@@ -25,42 +25,42 @@ in
    synapse = setup.mkOptions "synapse" "pYLemuAfsrzNBaH77xSu" 8008;
    element = setup.mkOptions "element" "55a608953f6d64c199" 5345;
  };
-  config = lib.mkIf (cfg.enable && config.my.secureHost) {
-    my.servers = {
-      synapse = { inherit domain; };
-      element = { inherit domain; };
-    };
-    users.groups.matrix-synapse = { inherit gid; };
-    users.users.matrix-synapse = {
-      inherit uid;
-      isSystemUser = true;
-      group = "matrix-synapse";
-    };
-    sops.secrets = {
-      synapse = {
-        sopsFile = ../../secrets/env.yaml;
-        owner = "matrix-synapse";
+  config = lib.mkMerge [
+    (lib.mkIf (cfg.enable && config.my.secureHost) {
+      my.servers = {
+        synapse = { inherit domain; };
+        element = { inherit domain; };
+      };
+      users.groups.matrix-synapse = { inherit gid; };
+      users.users.matrix-synapse = {
+        inherit uid;
+        isSystemUser = true;
        group = "matrix-synapse";
      };
-      "iqQCY4iAWO-ca/pem" = {
-        sopsFile = ../../secrets/certs.yaml;
-        owner = "nginx";
-        group = "nginx";
+      sops.secrets = {
+        synapse = {
+          sopsFile = ../../secrets/env.yaml;
+          owner = "matrix-synapse";
+          group = "matrix-synapse";
+        };
+        "iqQCY4iAWO-ca/pem" = {
+          sopsFile = ../../secrets/certs.yaml;
+          owner = "nginx";
+          group = "nginx";
+        };
+        "matrix/key" = {
+          sopsFile = ../../secrets/certs.yaml;
+          owner = "matrix-synapse";
+          group = "matrix-synapse";
+        };
+        "matrix/cert" = {
+          sopsFile = ../../secrets/certs.yaml;
+          owner = "matrix-synapse";
+          group = "matrix-synapse";
+        };
      };
-      "matrix/key" = {
-        sopsFile = ../../secrets/certs.yaml;
-        owner = "matrix-synapse";
-        group = "matrix-synapse";
-      };
-      "matrix/cert" = {
-        sopsFile = ../../secrets/certs.yaml;
-        owner = "matrix-synapse";
-        group = "matrix-synapse";
-      };
-    };
-    networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
-    services = {
-      matrix-synapse = {
+      networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
+      services.matrix-synapse = {
        inherit (cfg) enable;
        extraConfigFiles = [
          config.sops.secrets.synapse.path
@@ -100,7 +100,10 @@ in
          ];
        };
      };
-      nginx.virtualHosts = lib.mkIf cfg.enableProxy {
+    })
+    (lib.mkIf (cfg.enableProxy && config.my.enableProxy) {
+      my.servers.synapse.useDefaultProxy = false;
+      services.nginx.virtualHosts = {
        "${cfgE.host}" = {
          enableACME = true;
          forceSSL = true;
@@ -132,6 +135,6 @@ in
          # '';
        };
      };
-    };
-  };
+    })
+  ];
 }