forked from DGNum/infrastructure
feat(dgn-web): Add simpleProxies
This proxies the required host to localhost:$port and enables SSL
This commit is contained in:
parent
9ea6bada0a
commit
af61ae6e61
4 changed files with 81 additions and 28 deletions
|
@ -76,18 +76,10 @@ in
|
|||
|
||||
mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path;
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts.${host} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
dgn-web.simpleProxies.forgejo = {
|
||||
inherit host port;
|
||||
};
|
||||
|
||||
users.users.git = {
|
||||
|
|
|
@ -5,6 +5,7 @@ let
|
|||
token = user: secret "${user}_token_file";
|
||||
|
||||
host = "influx.dgnum.eu";
|
||||
port = 8086;
|
||||
in
|
||||
|
||||
{
|
||||
|
@ -41,13 +42,8 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${host} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8086";
|
||||
};
|
||||
dgn-web.simpleProxies.influxdb = {
|
||||
inherit host port;
|
||||
};
|
||||
|
||||
age-secrets.autoMatch = [ "influxdb2" ];
|
||||
|
|
|
@ -77,15 +77,9 @@ in
|
|||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${host} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
||||
proxyWebsockets = true;
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
dgn-web.simpleProxies.prometheus = {
|
||||
inherit host port;
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
|
||||
age-secrets.autoMatch = [ "prometheus" ];
|
||||
|
|
|
@ -5,12 +5,24 @@ let
|
|||
attrsToList
|
||||
concatStringsSep
|
||||
filterAttrs
|
||||
getAttr
|
||||
mapAttrs
|
||||
mapAttrs'
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
nameValuePair
|
||||
recursiveUpdate
|
||||
;
|
||||
|
||||
inherit (lib.types) attrsOf port;
|
||||
inherit (lib.types)
|
||||
attrs
|
||||
attrsOf
|
||||
bool
|
||||
port
|
||||
str
|
||||
submodule
|
||||
;
|
||||
|
||||
cfg = config.dgn-web;
|
||||
in
|
||||
|
@ -25,6 +37,42 @@ in
|
|||
Map from the web services to their internal ports, it should avoid port clashes.
|
||||
'';
|
||||
};
|
||||
|
||||
simpleProxies = mkOption {
|
||||
type = attrsOf (submodule {
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = port;
|
||||
description = ''
|
||||
Port where the service will listen.
|
||||
'';
|
||||
};
|
||||
|
||||
host = mkOption {
|
||||
type = str;
|
||||
description = ''
|
||||
Hostname of the service.
|
||||
'';
|
||||
};
|
||||
|
||||
proxyWebsockets = mkOption {
|
||||
type = bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to support proxying websocket connections with HTTP/1.1.
|
||||
'';
|
||||
};
|
||||
|
||||
vhostConfig = mkOption {
|
||||
type = attrs;
|
||||
default = { };
|
||||
description = ''
|
||||
Additional virtualHost settings.
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -56,9 +104,32 @@ in
|
|||
)
|
||||
];
|
||||
|
||||
dgn-web.internalPorts = mapAttrs (_: getAttr "port") cfg.simpleProxies;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts = mapAttrs' (
|
||||
_:
|
||||
{
|
||||
host,
|
||||
port,
|
||||
proxyWebsockets,
|
||||
vhostConfig,
|
||||
}:
|
||||
nameValuePair host (
|
||||
recursiveUpdate {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
||||
inherit proxyWebsockets;
|
||||
};
|
||||
} vhostConfig
|
||||
)
|
||||
) cfg.simpleProxies;
|
||||
|
||||
recommendedBrotliSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
|
|
Loading…
Reference in a new issue