nginx: externalIp allow multiple ips

2026-01-12 04:19:22 +08:00 · 2023-09-18 23:33:40 +08:00
parent de9945635b
commit bfec0e24a0
2 changed files with 5 additions and 5 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -208,7 +208,7 @@
                };
                nix-serve = { enable = true; hostname = "nix-store.chn.moe"; };
                smartd.enable = true;
-                nginx = { enable = true; transparentProxy.externalIp = "192.168.1.3"; };
+                nginx = { enable = true; transparentProxy.externalIp = [ "192.168.82.3" ]; };
                misskey = { enable = true; hostname = "xn--qbtm095lrg0bfka60z.chn.moe"; };
                misskey-proxy."xn--qbtm095lrg0bfka60z.chn.moe" = {};
              };
@@ -269,7 +269,7 @@
                  enable = true;
                  transparentProxy =
                  {
-                    externalIp = "74.211.99.69";
+                    externalIp = [ "74.211.99.69" "192.168.82.1" ];
                    map =
                    {
                      "ng01.mirism.one" = 7411;
@@ -347,7 +347,7 @@
                fontconfig.enable = true;
                sshd.enable = true;
                rsshub.enable = true;
-                nginx = { enable = true; transparentProxy.externalIp = "95.111.228.40"; };
+                nginx = { enable = true; transparentProxy.externalIp = [ "95.111.228.40" "192.168.82.2" ]; };
                wallabag.enable = true;
                misskey = { enable = true; hostname = "xn--s8w913fdga.chn.moe"; };
                misskey-proxy."xn--s8w913fdga.chn.moe" = {};
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -6,7 +6,7 @@ inputs:
    transparentProxy =
    {
      enable = mkOption { type = types.bool; default = true; };
-      externalIp = mkOption { type = types.nonEmptyStr; };
+      externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
      map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
    };
    httpProxy = mkOption
@@ -230,7 +230,7 @@ inputs:
          }
          server
          {
-            listen ${nginx.transparentProxy.externalIp}:443;
+            ${concatStringsSep "\n            " (map (ip: "listen ${ip}:443;") nginx.transparentProxy.externalIp)}
            ssl_preread on;
            proxy_bind $remote_addr transparent;
            proxy_pass $transparent_proxy_backend;