chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:19:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

vps6: enable nextcloud

Browse Source
This commit is contained in:
陈浩南
2023-10-04 16:20:32 +08:00
parent 7fb51ba080
commit ea02adcf4d
4 changed files with 60 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock generated
View File

@@ -942,11 +942,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1696406292,
"narHash": "sha256-XgLBlpKm0Lv62v9ylP/6mlxpb2mnWk5cnnJONmX/vsA=",
"lastModified": 1696407757,
"narHash": "sha256-odgzg6AzGsP8Zq2xOGHkkokL2h84xjq4X2QGSqGeyMI=",
"owner": "CHN-beta",
"repo": "nixpkgs",
"rev": "60efae979503a7eed6ee896aa0bcff5037d3f81d",
"rev": "f8dbe95b4cb997c8d28adda7dc37824c4d0cd16b",
"type": "github"
},
"original": {

3
flake.nix
View File

@@ -308,6 +308,7 @@
vaultwarden = { enable = true; upstream.address = "internal.vps7.chn.moe"; };
element.instances."element.chn.moe" = {};
photoprism.instances."photoprism.chn.moe".upstream.address = "internal.vps7.chn.moe";
nextcloud.proxy = { enable = true; upstream = "internal.vps7.chn.moe"; };
};
};
coturn.enable = true;
@@ -378,7 +379,7 @@
synapse.instances."synapse.chn.moe" = {};
vaultwarden.enable = true;
photoprism.instances."photoprism.chn.moe" = {};
nextcloud.instances."nextcloud.chn.moe" = {};
nextcloud.instance.enable = true;
};
};
wallabag.enable = true;

52
modules/services/nginx/applications/nextcloud.nix
View File

@@ -1,34 +1,48 @@
inputs:
{
options.nixos.services.nginx.applications.nextcloud.instances = let inherit (inputs.lib) mkOption types; in mkOption
options.nixos.services.nginx.applications.nextcloud = let inherit (inputs.lib) mkOption types; in
{
type = types.attrsOf (types.submodule (submoduleInputs: { options =
instance.enable = mkOption
{
hostname = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
upstream = mkOption { type = types.nonEmptyStr; default = "127.0.0.1"; };
};}));
default = {};
type = types.addCheck types.bool (value: value -> inputs.config.nixos.services.nextcloud.enable);
default = false;
};
proxy =
{
enable = mkOption
{
type = types.addCheck types.bool
(value: value -> !inputs.config.nixos.services.nginx.applications.nextcloud.instance.enable);
default = false;
};
upstream = mkOption { type = types.nonEmptyStr; };
};
};
config =
let
inherit (inputs.config.nixos.services.nginx.applications.nextcloud) instances;
inherit (inputs.config.nixos.services.nginx.applications) nextcloud;
inherit (inputs.lib) mkIf mkMerge;
inherit (inputs.localLib) attrsToList;
inherit (builtins) map listToAttrs;
in mkMerge
[
(mkIf (instances != {}) { services.nextcloud.maxUploadSize = "10G"; })
(mkIf (nextcloud.instance.enable)
{
nixos.services.nginx.http = listToAttrs (map
(instance: { name = instance.value.hostname; value.rewriteHttps = true; })
(attrsToList instances));
services.nginx.virtualHosts = listToAttrs (map
(instance:
{
name = instance.value.hostname;
value = inputs.config.services.nextcloud.nginx.recommendedConfig { inherit (instance.value) upstream; };
})
(attrsToList instances));
}
nixos.services.nginx.http.${inputs.config.nixos.services.nextcloud.hostname}.rewriteHttps = true;
services.nginx.virtualHosts.${inputs.config.nixos.services.nextcloud.hostname} = mkMerge
[
(inputs.config.services.nextcloud.nginx.recommendedConfig { upstream = "127.0.0.1"; })
{ listen = [ { addr = "0.0.0.0"; port = 8417; ssl = true; extraParameters = [ "proxy_protocol" ]; } ]; }
];
})
(mkIf (nextcloud.proxy.enable)
{
nixos.services.nginx.streamProxy.map.${inputs.config.nixos.services.nextcloud.hostname} =
{
upstream = "${nextcloud.proxy.upstream}:8417";
rewriteHttps = true;
proxyProtocol = true;
};
})
];
}

25
modules/services/nginx/default.nix
View File

@@ -56,6 +56,7 @@ inputs:
{
enable = mkOption { type = types.bool; default = false; };
port = mkOption { type = types.ints.unsigned; default = 5575; };
portWithProxyProtocol = mkOption { type = types.ints.unsigned; default = 5576; };
map = mkOption
{
type = types.attrsOf (types.oneOf
@@ -65,6 +66,7 @@ inputs:
{
upstream = mkOption { type = types.nonEmptyStr; };
rewriteHttps = mkOption { type = types.bool; default = false; };
proxyProtocol = mkOption { type = types.bool; default = false; };
};})
]);
default = {};
@@ -346,6 +348,17 @@ inputs:
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log stream_proxy;
}
server
{
listen 127.0.0.1:${toString nginx.streamProxy.portWithProxyProtocol};
proxy_protocol on;
ssl_preread on;
proxy_pass $stream_proxy_backend;
proxy_connect_timeout 10s;
proxy_socket_keepalive on;
proxy_buffer_size 128k;
access_log syslog:server=unix:/dev/log stream_proxy;
}
'';
virtualHosts = listToAttrs (map
(site:
@@ -360,9 +373,15 @@ inputs:
})
(filter (site: site.value.rewriteHttps or false) (attrsToList nginx.streamProxy.map)));
};
nixos.services.nginx.transparentProxy.map = listToAttrs (map
(site: { name = site.name; value = nginx.streamProxy.port; })
(attrsToList nginx.streamProxy.map));
nixos.services.nginx.transparentProxy.map = listToAttrs
(
(map
(site: { name = site.name; value = nginx.streamProxy.port; })
(filter (site: !(site.value.proxyProtocol or false)) (attrsToList nginx.streamProxy.map)))
++ (map
(site: { name = site.name; value = nginx.streamProxy.portWithProxyProtocol; })
(filter (site: site.value.proxyProtocol or false) (attrsToList nginx.streamProxy.map)))
);
})
];
}