mirror of
https://github.com/dolphin-emu/sadm.git
synced 2024-10-06 23:23:27 +00:00
Rework HTTP services into a separate wrapper module for convenience
This commit is contained in:
parent
48b6268c3c
commit
3657a352fc
5
common/default.nix
Normal file
5
common/default.nix
Normal file
@ -0,0 +1,5 @@
|
||||
{
|
||||
imports = [
|
||||
./http.nix
|
||||
];
|
||||
}
|
49
common/http.nix
Normal file
49
common/http.nix
Normal file
@ -0,0 +1,49 @@
|
||||
# Wrapper module to configure nginx and define virtual hosts in a higher level
|
||||
# fashion: enforce standards on TLS usage, simplify the common case of "just
|
||||
# proxy pass to a service running on this port", etc.
|
||||
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.my.http;
|
||||
|
||||
selectVhostsByAttr = attr: lib.filterAttrs (n: v: v ? ${attr}) cfg.vhosts;
|
||||
mapVhostsByAttr = attr: fn: lib.mapAttrs fn (selectVhostsByAttr attr);
|
||||
|
||||
redirectVhosts = mapVhostsByAttr "redirect" (n: vh: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".return = "302 ${vh.redirect}";
|
||||
});
|
||||
|
||||
localProxyVhosts = mapVhostsByAttr "proxyLocalPort" (n: vh: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString vh.proxyLocalPort}";
|
||||
});
|
||||
in {
|
||||
options.my.http.vhosts = with lib; mkOption {
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
};
|
||||
|
||||
config = {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts =
|
||||
redirectVhosts //
|
||||
localProxyVhosts;
|
||||
};
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "root@dolphin-emu.org";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
}
|
12
default.nix
Normal file
12
default.nix
Normal file
@ -0,0 +1,12 @@
|
||||
# Passed to NixOS modules as "my".
|
||||
rec {
|
||||
common = import ./common;
|
||||
roles = import ./roles;
|
||||
|
||||
modules = {
|
||||
imports = [
|
||||
common
|
||||
roles
|
||||
];
|
||||
};
|
||||
}
|
@ -1,14 +1,15 @@
|
||||
{ self, pkgs, agenix, nixpkgs, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
my = import ../..;
|
||||
in {
|
||||
imports = [
|
||||
agenix.nixosModule
|
||||
|
||||
../../roles
|
||||
my.modules
|
||||
|
||||
./hypervisor.nix
|
||||
./hardware.nix
|
||||
./nginx.nix
|
||||
./postgres.nix
|
||||
];
|
||||
|
||||
@ -27,9 +28,12 @@
|
||||
networking.search = [ "dolphin-emu.org" ];
|
||||
|
||||
my.roles = {
|
||||
netplay-index.enable = true;
|
||||
redirector.enable = true;
|
||||
};
|
||||
|
||||
my.http.vhosts."altair.dolphin-emu.org".redirect = "https://github.com/dolphin-emu/sadm";
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
system.configurationRevision = pkgs.lib.mkIf (self ? rev) self.rev;
|
||||
}
|
||||
|
@ -1,23 +0,0 @@
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts = {
|
||||
"altair.dolphin-emu.org" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".return = "302 https://github.com/dolphin-emu/sadm";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "root@dolphin-emu.org";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
@ -26,11 +26,6 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."dolp.in" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/".proxyPass = "http://localhost:${toString port}";
|
||||
};
|
||||
my.http.vhosts."dolp.in".proxyLocalPort = port;
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user