ecoppens/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(dgn-web): Add simpleProxies

Browse source 
This proxies the required host to localhost:$port and enables SSL
This commit is contained in:
Tom Hubrecht 2024-10-12 18:40:03 +02:00 committed by thubrecht
parent 9ea6bada0a
commit af61ae6e61
4 changed files with 81 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
machines/storage01/forgejo.nix
View file

@ -76,18 +76,10 @@ in
mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path; mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path;
}; };
};
nginx = { dgn-web.simpleProxies.forgejo = {
enable = true; inherit host port;
virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
};
};
};
}; };
users.users.git = { users.users.git = {

10
machines/storage01/influxdb.nix
View file

@ -5,6 +5,7 @@ let
token = user: secret "${user}_token_file"; token = user: secret "${user}_token_file";
host = "influx.dgnum.eu"; host = "influx.dgnum.eu";
port = 8086;
in in
{ {
@ -41,13 +42,8 @@ in
}; };
}; };
services.nginx.virtualHosts.${host} = { dgn-web.simpleProxies.influxdb = {
enableACME = true; inherit host port;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8086";
};
}; };
age-secrets.autoMatch = [ "influxdb2" ]; age-secrets.autoMatch = [ "influxdb2" ];

10
machines/storage01/prometheus.nix
View file

@ -77,15 +77,9 @@ in
]; ];
}; };
services.nginx.virtualHosts.${host} = { dgn-web.simpleProxies.prometheus = {
enableACME = true; inherit host port;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true; proxyWebsockets = true;
recommendedProxySettings = true;
};
}; };
age-secrets.autoMatch = [ "prometheus" ]; age-secrets.autoMatch = [ "prometheus" ];

73
modules/dgn-web.nix
View file

@ -5,12 +5,24 @@ let
attrsToList attrsToList
concatStringsSep concatStringsSep
filterAttrs filterAttrs
getAttr
mapAttrs
mapAttrs'
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
nameValuePair
recursiveUpdate
; ;
inherit (lib.types) attrsOf port; inherit (lib.types)
attrs
attrsOf
bool
port
str
submodule
;
cfg = config.dgn-web; cfg = config.dgn-web;
in in
@ -25,6 +37,42 @@ in
Map from the web services to their internal ports, it should avoid port clashes. Map from the web services to their internal ports, it should avoid port clashes.
''; '';
}; };
simpleProxies = mkOption {
type = attrsOf (submodule {
options = {
port = mkOption {
type = port;
description = ''
Port where the service will listen.
'';
};
host = mkOption {
type = str;
description = ''
Hostname of the service.
'';
};
proxyWebsockets = mkOption {
type = bool;
default = false;
description = ''
Whether to support proxying websocket connections with HTTP/1.1.
'';
};
vhostConfig = mkOption {
type = attrs;
default = { };
description = ''
Additional virtualHost settings.
'';
};
};
});
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -56,9 +104,32 @@ in
) )
]; ];
dgn-web.internalPorts = mapAttrs (_: getAttr "port") cfg.simpleProxies;
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = mapAttrs' (
_:
{
host,
port,
proxyWebsockets,
vhostConfig,
}:
nameValuePair host (
recursiveUpdate {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
inherit proxyWebsockets;
};
} vhostConfig
)
) cfg.simpleProxies;
recommendedBrotliSettings = true; recommendedBrotliSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;