feat(dgn-web): Add simpleProxies

This proxies the required host to localhost:$port and enables SSL
2024-10-12 18:40:03 +02:00 · 2024-10-12 18:40:03 +02:00 · af61ae6e61
commit af61ae6e61
parent 9ea6bada0a
4 changed files with 81 additions and 28 deletions
--- a/machines/storage01/forgejo.nix
+++ b/machines/storage01/forgejo.nix
@ -76,18 +76,10 @@ in

      mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path;
    };
+  };

-    nginx = {
-      enable = true;
-
-      virtualHosts.${host} = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString port}";
-        };
-      };
-    };
+  dgn-web.simpleProxies.forgejo = {
+    inherit host port;
  };

  users.users.git = {
--- a/machines/storage01/influxdb.nix
+++ b/machines/storage01/influxdb.nix
@ -5,6 +5,7 @@ let
  token = user: secret "${user}_token_file";

  host = "influx.dgnum.eu";
+  port = 8086;
 in

 {
@ -41,13 +42,8 @@ in
    };
  };

-  services.nginx.virtualHosts.${host} = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8086";
-    };
+  dgn-web.simpleProxies.influxdb = {
+    inherit host port;
  };

  age-secrets.autoMatch = [ "influxdb2" ];
--- a/machines/storage01/prometheus.nix
+++ b/machines/storage01/prometheus.nix
@ -77,15 +77,9 @@ in
    ];
  };

-  services.nginx.virtualHosts.${host} = {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${builtins.toString port}";
-      proxyWebsockets = true;
-      recommendedProxySettings = true;
-    };
+  dgn-web.simpleProxies.prometheus = {
+    inherit host port;
+    proxyWebsockets = true;
  };

  age-secrets.autoMatch = [ "prometheus" ];
--- a/modules/dgn-web.nix
+++ b/modules/dgn-web.nix
@ -5,12 +5,24 @@ let
    attrsToList
    concatStringsSep
    filterAttrs
+    getAttr
+    mapAttrs
+    mapAttrs'
    mkEnableOption
    mkIf
    mkOption
+    nameValuePair
+    recursiveUpdate
    ;

-  inherit (lib.types) attrsOf port;
+  inherit (lib.types)
+    attrs
+    attrsOf
+    bool
+    port
+    str
+    submodule
+    ;

  cfg = config.dgn-web;
 in
@ -25,6 +37,42 @@ in
        Map from the web services to their internal ports, it should avoid port clashes.
      '';
    };
+
+    simpleProxies = mkOption {
+      type = attrsOf (submodule {
+        options = {
+          port = mkOption {
+            type = port;
+            description = ''
+              Port where the service will listen.
+            '';
+          };
+
+          host = mkOption {
+            type = str;
+            description = ''
+              Hostname of the service.
+            '';
+          };
+
+          proxyWebsockets = mkOption {
+            type = bool;
+            default = false;
+            description = ''
+              Whether to support proxying websocket connections with HTTP/1.1.
+            '';
+          };
+
+          vhostConfig = mkOption {
+            type = attrs;
+            default = { };
+            description = ''
+              Additional virtualHost settings.
+            '';
+          };
+        };
+      });
+    };
  };

  config = mkIf cfg.enable {
@ -56,9 +104,32 @@ in
      )
    ];

+    dgn-web.internalPorts = mapAttrs (_: getAttr "port") cfg.simpleProxies;
+
    services.nginx = {
      enable = true;

+      virtualHosts = mapAttrs' (
+        _:
+        {
+          host,
+          port,
+          proxyWebsockets,
+          vhostConfig,
+        }:
+        nameValuePair host (
+          recursiveUpdate {
+            forceSSL = true;
+            enableACME = true;
+
+            locations."/" = {
+              proxyPass = "http://127.0.0.1:${builtins.toString port}";
+              inherit proxyWebsockets;
+            };
+          } vhostConfig
+        )
+      ) cfg.simpleProxies;
+
      recommendedBrotliSettings = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;