modules.services.nixvirt: allow more web forward

2026-01-12 01:29:24 +08:00 · 2025-07-26 22:01:49 +08:00
parent 72337e2c7e
commit 48bab70958
2 changed files with 36 additions and 19 deletions
--- a/devices/srv3/default.nix
+++ b/devices/srv3/default.nix
@@ -59,7 +59,7 @@ inputs:
                  { host = 22000; guest = 22000; }
                ];
                udp = [{ host = 22000; guest = 22000; }];
-                web = [ "natsume.nohost.me" ];
+                web = { httpsProxy = [ "natsume.nohost.me" ]; httpProxy = [ "natsume.nohost.me" ]; };
              };
            };
          };
@@ -72,7 +72,11 @@ inputs:
            {
              address = 4;
              vnc.openFirewall = false;
-              portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
+              portForward =
+              {
+                tcp = [{ host = 5693; guest = 22; }];
+                web = { httpsProxy = [ "example.chn.moe" ]; httpProxy = [ "example.chn.moe" ]; };
+              };
            };
          };
          reonokiy =
@@ -85,7 +89,15 @@ inputs:
          {
            memory.sizeMB = 4 * 1024;
            cpu.count = 4;
-            network = { address = 6; portForward.tcp = [{ host = 5695; guest = 22; }]; };
+            network =
+            {
+              address = 6;
+              portForward =
+              {
+                tcp = [{ host = 5695; guest = 22; }];
+                web = { httpsProxy = [ "littlewing.yumieko.com" ]; httpRedirect = [ "littlewing.yumieko.com" ]; };
+              };
+            };
            storage.iso = "${inputs.topInputs.self.src.guix}";
          };
        };
--- a/modules/services/nixvirt.nix
+++ b/modules/services/nixvirt.nix
@@ -55,7 +55,12 @@ inputs:
                  default = [];
                };
                udp = tcp;
-                web = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+                web = rec
+                {
+                  httpsProxy = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
+                  httpProxy = httpsProxy;
+                  httpRedirect = httpsProxy;
+                };
              };
            };
          };}));
@@ -241,23 +246,23 @@ inputs:
      };
      services =
      {
-        nginx =
-          let hosts = builtins.concatLists (builtins.map
-            (vm: builtins.map
-              (domain:
-              {
-                inherit domain;
-                ip = "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}";
-              })
-              vm.network.portForward.web)
-            (builtins.attrValues nixvirt.instance));
-          in
+        nginx = inputs.lib.mkMerge (builtins.map
+          (vm: let ip = "192.168.${builtins.toString nixvirt.subnet}.${builtins.toString vm.network.address}"; in
          {
            transparentProxy.map = builtins.listToAttrs (builtins.map
-              (host: { name = host.domain; value = "${host.ip}" + ":443"; }) hosts);
-            http = builtins.listToAttrs (builtins.map
-              (host: { name = host.domain; value.proxy.upstream = "http://${host.ip}" + ":80"; }) hosts);
-          };
+              (host: inputs.lib.nameValuePair host "${ip}:443")
+              vm.network.portForward.web.httpsProxy);
+            http = inputs.lib.mkMerge
+            [
+              (builtins.listToAttrs (builtins.map
+                (host: inputs.lib.nameValuePair host { proxy.upstream = "http://${ip}" + ":80"; })
+                vm.network.portForward.web.httpProxy))
+              (builtins.listToAttrs (builtins.map
+                (host: inputs.lib.nameValuePair host { rewriteHttps = {}; })
+                vm.network.portForward.web.httpRedirect))
+            ];
+          })
+          (builtins.attrValues nixvirt.instance));
        kvm = {};
      };
    };