mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: convert all microvms to use nginx

Browse source
This commit is contained in:
oddlama 2023-06-22 00:51:45 +02:00
parent edb1d8791d
commit f0d2475f74
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
9 changed files with 114 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

49
modules/extra.nix
View file

@ -35,36 +35,6 @@ in {
individually for each cert by the user or via `security.acme.defaults`.
'';
};
nginx.proxiedDomains = mkOption {
default = {};
description = mdDoc "Simplified reverse proxy setup.";
type = types.attrsOf (types.submodule (submod: {
options = {
domain = mkOption {
type = types.str;
description = mdDoc "The public domain for the virtual host.";
};
upstream = mkOption {
type = types.str;
description = mdDoc "The upstream server to which requests are forwarded.";
};
scheme = mkOption {
type = types.str;
default = "http";
description = mdDoc "The scheme to use when connecting to upstream.";
};
useACMEHost = mkOption {
type = types.str;
default = config.lib.extra.matchingWildcardCert submod.config.domain;
description = mdDoc "The acme host certificate to use for the virtual host.";
};
};
}));
};
};
config = {
@ -121,25 +91,6 @@ in {
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
'';
upstreams =
flip mapAttrs config.extra.nginx.proxiedDomains
(name: cfg: {
servers."${cfg.upstream}" = {};
extraConfig = ''
zone ${name} 64k;
keepalive 2;
'';
});
virtualHosts =
flip mapAttrs' config.extra.nginx.proxiedDomains
(name: cfg:
nameValuePair cfg.domain {
forceSSL = true;
inherit (cfg) useACMEHost;
locations."/".proxyPass = "${cfg.scheme}://${name}";
});
};
networking.firewall.allowedTCPPorts = optionals config.services.nginx.enable [80 443];