diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/by-name/an/anubis/module.nix | 90 | ||||
| -rw-r--r-- | modules/by-name/at/atuin-sync/module.nix | 12 | ||||
| -rw-r--r-- | modules/by-name/co/constants/module.nix | 2 | ||||
| -rw-r--r-- | modules/by-name/et/etesync/module.nix | 14 | ||||
| -rw-r--r-- | modules/by-name/gi/git-back/module.nix | 10 | ||||
| -rw-r--r-- | modules/by-name/re/redlib/module.nix | 10 |
6 files changed, 98 insertions, 40 deletions
diff --git a/modules/by-name/an/anubis/module.nix b/modules/by-name/an/anubis/module.nix new file mode 100644 index 0000000..e30a0a0 --- /dev/null +++ b/modules/by-name/an/anubis/module.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.anubis; + + anubisInstances = + lib.mapAttrs (domain: conf: { + settings = { + TARGET = conf.target; + BIND = "/run/anubis/anubis-${domain}/anubis.sock"; + METRICS_BIND = "/run/anubis/anubis-${domain}/anubis-metrics.sock"; + }; + }) + cfg.instances; + + nginxVirtualHosts = lib.mapAttrs' (domain: conf: + lib.nameValuePair domain { + locations."/" = { + proxyPass = "http://unix:${config.services.anubis.instances."${domain}".settings.BIND}"; + + recommendedProxySettings = true; + proxyWebsockets = true; + }; + + enableACME = true; + forceSSL = true; + }) + cfg.instances; +in { + options.vhack.anubis.instances = lib.mkOption { + description = '' + Protect this reverse proxy with anubis. + + The attr key is the subdomain, the value the config. + ''; + + type = lib.types.attrsOf (lib.types.submodule { + options = { + target = lib.mkOption { + description = "nginx `proxyPass` target"; + type = lib.types.str; + example = "http://127.0.0.1:8080"; + }; + }; + config = {}; + }); + + default = {}; + + example = lib.literalExample '' + { + target = "http://127.0.0.1:$${toString config.servies.<name>.port}"; + } + ''; + }; + + config = { + users = { + users.nginx.extraGroups = [ + config.services.anubis.defaultOptions.group + ]; + + users.anubis = { + uid = config.vhack.constants.ids.uids.anubis; + group = "anubis"; + }; + groups.anubis.gid = config.vhack.constants.ids.gids.anubis; + }; + + services = { + anubis = { + defaultOptions.settings.COOKIE_DYNAMIC_DOMAIN = true; + instances = anubisInstances; + }; + + nginx = { + enable = true; + + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts = nginxVirtualHosts; + }; + }; + }; +} diff --git a/modules/by-name/at/atuin-sync/module.nix b/modules/by-name/at/atuin-sync/module.nix index 0db2e29..e0d75bb 100644 --- a/modules/by-name/at/atuin-sync/module.nix +++ b/modules/by-name/at/atuin-sync/module.nix @@ -19,17 +19,9 @@ in { config = lib.mkIf cfg.enable { vhack.nginx.enable = true; - services = { - nginx.virtualHosts."${cfg.fqdn}" = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.atuin.port}"; - recommendedProxySettings = true; - }; - - enableACME = true; - forceSSL = true; - }; + vhack.anubis.instances."${cfg.fqdn}".target = "http://127.0.0.1:${toString config.services.atuin.port}"; + services = { atuin = { enable = true; package = vhackPackages.atuin-server-only; diff --git a/modules/by-name/co/constants/module.nix b/modules/by-name/co/constants/module.nix index 1513b0c..fa9ce17 100644 --- a/modules/by-name/co/constants/module.nix +++ b/modules/by-name/co/constants/module.nix @@ -53,6 +53,7 @@ sharkey = 339; redis-sharkey = 340; grocy = 341; + anubis = 342; # As per the NixOS file, the uids should not be greater or equal to 400; }; @@ -64,6 +65,7 @@ inherit (uids) acme + anubis dhcpcd etebase-server knot-resolver diff --git a/modules/by-name/et/etesync/module.nix b/modules/by-name/et/etesync/module.nix index bcabc8a..4dc8575 100644 --- a/modules/by-name/et/etesync/module.nix +++ b/modules/by-name/et/etesync/module.nix @@ -45,26 +45,14 @@ in { ]; services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { "etebase.vhack.eu" = { - enableACME = true; - forceSSL = true; - locations = { # TODO: Maybe fix permissions to use pregenerated static files which would # improve performance. #"/static" = { # root = config.services.etebase-server.settings.global.static_root; #}; - "/" = { - proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}"; - }; }; serverAliases = [ "dav.vhack.eu" @@ -72,6 +60,8 @@ in { }; }; }; + vhack.anubis.instances."etebase.vhack.eu".target = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}"; + users = { users.etebase-server.uid = config.vhack.constants.ids.uids.etebase-server; groups.etebase-server.gid = config.vhack.constants.ids.gids.etebase-server; diff --git a/modules/by-name/gi/git-back/module.nix b/modules/by-name/gi/git-back/module.nix index 96f4913..7df1bac 100644 --- a/modules/by-name/gi/git-back/module.nix +++ b/modules/by-name/gi/git-back/module.nix @@ -28,14 +28,6 @@ in { }; }; - services.nginx = { - enable = true; - virtualHosts."${cfg.domain}" = { - locations."/".proxyPass = "http://127.0.0.1:8000"; - - enableACME = true; - forceSSL = true; - }; - }; + vhack.anubis.instances."${cfg.domain}".target = "http://127.0.0.1:8000"; }; } diff --git a/modules/by-name/re/redlib/module.nix b/modules/by-name/re/redlib/module.nix index 909c9f1..4d3c600 100644 --- a/modules/by-name/re/redlib/module.nix +++ b/modules/by-name/re/redlib/module.nix @@ -23,14 +23,6 @@ in { openFirewall = false; }; - services.nginx = { - enable = true; - virtualHosts.${domain} = { - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.redlib.port}"; - - enableACME = true; - forceSSL = true; - }; - }; + vhack.anubis.instances."${domain}".target = "http://127.0.0.1:${toString config.services.redlib.port}"; }; } |