Correction indentation

haproxy-acme.nix

@@ -36,65 +36,65 @@ in
 
     services.haproxy.enable = true;
 
-    services.haproxy.config = "
-global
-  log /dev/log local0
-  log /dev/log local1 notice
-  user haproxy
-  group haproxy
-  ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-  ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
-  ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
-  ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
-defaults
-  option forwardfor
-  option http-server-close
-  timeout client 10s
-  timeout connect 4s
-  timeout server 30s
-userlist LOUTRE
-  user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy.
-frontend public
-  bind :::80 v4v6
-  bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1
-  mode http
-  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
-  acl haproxy-acl path_beg /haproxy
-  redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl
-  http-response set-header Strict-Transport-Security max-age=15768000
-  use_backend letsencrypt-backend if letsencrypt-acl
-  use_backend haproxy_stats if haproxy-acl
+    services.haproxy.config = ''
+      global
+        log /dev/log local0
+        log /dev/log local1 notice
+        user haproxy
+        group haproxy
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+        ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
+        ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+        ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
+      defaults
+        option forwardfor
+        option http-server-close
+        timeout client 10s
+        timeout connect 4s
+        timeout server 30s
+      userlist LOUTRE
+        user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy.
+      frontend public
+        bind :::80 v4v6
+        bind :::443 v4v6 ssl crt /var/lib/acme/${cfg.domaine}/full.pem alpn h2,http/1.1
+        mode http
+        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
+        acl haproxy-acl path_beg /haproxy
+        redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl
+        http-response set-header Strict-Transport-Security max-age=15768000
+        use_backend letsencrypt-backend if letsencrypt-acl
+        use_backend haproxy_stats if haproxy-acl
 
-${concatStrings (
-  mapAttrsToList (name: value:
-    "  acl ${name}-acl hdr(host) -i ${name}.${cfg.domaine}\n"
-  + "  use_backend ${name}-backend if ${name}-acl\n"
-  ) cfg.services)}
+      ${concatStrings (
+        mapAttrsToList (name: value:
+          "  acl ${name}-acl hdr(host) -i ${name}.${cfg.domaine}\n"
+        + "  use_backend ${name}-backend if ${name}-acl\n"
+        ) cfg.services)}
 
-backend letsencrypt-backend
-  mode http
-  server letsencrypt 127.0.0.1:${toString nginx_port}
-backend haproxy_stats
-  mode http
-  stats enable
-  stats hide-version
-  acl AuthOK_LOUTRE http_auth(LOUTRE)
-  http-request auth realm LOUTRE if !AuthOK_LOUTRE
+      backend letsencrypt-backend
+        mode http
+        server letsencrypt 127.0.0.1:${toString nginx_port}
+      backend haproxy_stats
+        mode http
+        stats enable
+        stats hide-version
+        acl AuthOK_LOUTRE http_auth(LOUTRE)
+        http-request auth realm LOUTRE if !AuthOK_LOUTRE
 
-${concatStrings (
-  mapAttrsToList (name: value:
-    ''
-    backend ${name}-backend
-      mode http
-      server ${name} ${value.ip}:${toString value.port}
-      ${(if value.auth then (
-        "\n  acl AuthOK_LOUTRE http_auth(LOUTRE)\n"
-      + "  http-request auth realm LOUTRE if !AuthOK_LOUTRE\n"
-      ) else "")}
+      ${concatStrings (
+        mapAttrsToList (name: value:
+          ''
+          backend ${name}-backend
+            mode http
+            server ${name} ${value.ip}:${toString value.port}
+            ${(if value.auth then (
+              "\n  acl AuthOK_LOUTRE http_auth(LOUTRE)\n"
+            + "  http-request auth realm LOUTRE if !AuthOK_LOUTRE\n"
+            ) else "")}
+          ''
+        ) cfg.services)}
 
-    ''
-  ) cfg.services)}
-      ";
+    '';
 
     services.nginx.enable = true;
     services.nginx.virtualHosts = {