mirror of
https://github.com/CHN-beta/nixos.git
synced 2026-01-12 04:19:22 +08:00
services.nginx.http: rename from httpProxy, allow static site
This commit is contained in:
@@ -83,7 +83,7 @@ inputs:
|
||||
secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
|
||||
};
|
||||
sops.secrets."store/signingKey" = {};
|
||||
nixos.services.nginx.httpProxy.${services.nix-serve.hostname} =
|
||||
nixos.services.nginx.http.${services.nix-serve.hostname} =
|
||||
{ rewriteHttps = true; locations."/".upstream = "http://127.0.0.1:5000"; };
|
||||
}
|
||||
)
|
||||
@@ -169,7 +169,7 @@ inputs:
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy."wallabag.chn.moe" =
|
||||
http."wallabag.chn.moe" =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/" = { upstream = "http://127.0.0.1:4398"; setHeaders.Host = "wallabag.chn.moe"; };
|
||||
|
||||
0
modules/services/nginx/applications/element.nix
Normal file
0
modules/services/nginx/applications/element.nix
Normal file
@@ -24,7 +24,7 @@ inputs:
|
||||
inherit (builtins) map listToAttrs toString;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.httpProxy = listToAttrs (map
|
||||
nixos.services.nginx.http = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
|
||||
@@ -25,7 +25,7 @@ inputs:
|
||||
inherit (builtins) map listToAttrs;
|
||||
in
|
||||
{
|
||||
nixos.services.nginx.httpProxy = listToAttrs (map
|
||||
nixos.services.nginx.http = listToAttrs (map
|
||||
(proxy: with proxy.value;
|
||||
{
|
||||
name = hostname;
|
||||
|
||||
@@ -22,7 +22,7 @@ inputs:
|
||||
inherit (inputs.lib) mkIf;
|
||||
in mkIf vaultwarden.enable
|
||||
{
|
||||
nixos.services.nginx.httpProxy."${vaultwarden.hostname}" =
|
||||
nixos.services.nginx.http."${vaultwarden.hostname}" =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations = let upstream = vaultwarden.upstream; in (listToAttrs (map
|
||||
|
||||
@@ -13,7 +13,7 @@ inputs:
|
||||
externalIp = mkOption { type = types.listOf types.nonEmptyStr; };
|
||||
map = mkOption { type = types.attrsOf types.ints.unsigned; default = {};};
|
||||
};
|
||||
httpProxy = mkOption
|
||||
http = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
@@ -23,12 +23,22 @@ inputs:
|
||||
detectAuth = mkOption { type = types.bool; default = false; };
|
||||
locations = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
websocket = mkOption { type = types.bool; default = false; };
|
||||
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
|
||||
};});
|
||||
type = types.attrsOf (types.oneOf
|
||||
[
|
||||
# http proxy
|
||||
(types.submodule { options =
|
||||
{
|
||||
upstream = mkOption { type = types.nonEmptyStr; };
|
||||
websocket = mkOption { type = types.bool; default = false; };
|
||||
setHeaders = mkOption { type = types.attrsOf types.str; default = {}; };
|
||||
};})
|
||||
# static site
|
||||
(types.submodule { options =
|
||||
{
|
||||
root = mkOption { type = types.nonEmptyStr; };
|
||||
index = mkOption { type = types.nonEmptyStr; default = "index.html"; };
|
||||
};})
|
||||
]);
|
||||
};
|
||||
};});
|
||||
default = {};
|
||||
@@ -101,23 +111,30 @@ inputs:
|
||||
{
|
||||
inherit (location) name;
|
||||
value =
|
||||
{
|
||||
proxyPass = location.value.upstream;
|
||||
proxyWebsockets = location.value.websocket;
|
||||
recommendedProxySettings = false;
|
||||
recommendedProxySettingsNoHost = true;
|
||||
extraConfig = concatStringsSep "\n"
|
||||
(
|
||||
(map
|
||||
(header: ''proxy_set_header ${header.name} "${header.value}";'')
|
||||
(attrsToList location.value.setHeaders))
|
||||
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
|
||||
++ (
|
||||
if site.value.addAuth then
|
||||
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
|
||||
else [])
|
||||
);
|
||||
};
|
||||
if (location.value ? upstream) then
|
||||
{
|
||||
proxyPass = location.value.upstream;
|
||||
proxyWebsockets = location.value.websocket;
|
||||
recommendedProxySettings = false;
|
||||
recommendedProxySettingsNoHost = true;
|
||||
extraConfig = concatStringsSep "\n"
|
||||
(
|
||||
(map
|
||||
(header: ''proxy_set_header ${header.name} "${header.value}";'')
|
||||
(attrsToList location.value.setHeaders))
|
||||
++ (if site.value.detectAuth then ["proxy_hide_header Authorization;"] else [])
|
||||
++ (
|
||||
if site.value.addAuth then
|
||||
["include ${inputs.config.sops.templates."nginx/addAuth/${site.name}-template".path};"]
|
||||
else [])
|
||||
);
|
||||
}
|
||||
else if (location.value ? root) then
|
||||
{
|
||||
root = location.value.root;
|
||||
index = location.value.index;
|
||||
}
|
||||
else {};
|
||||
})
|
||||
(attrsToList site.value.locations));
|
||||
forceSSL = site.value.rewriteHttps;
|
||||
@@ -127,7 +144,7 @@ inputs:
|
||||
else null;
|
||||
};
|
||||
})
|
||||
(attrsToList nginx.httpProxy));
|
||||
(attrsToList nginx.http));
|
||||
recommendedZstdSettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
@@ -188,14 +205,14 @@ inputs:
|
||||
owner = inputs.config.users.users.nginx.name;
|
||||
};
|
||||
})
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.httpProxy)));
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.http)));
|
||||
secrets = { "nginx/maxmind-license".owner = inputs.config.users.users.nginx.name; }
|
||||
// (listToAttrs (map
|
||||
(site: { name = "nginx/detectAuth/${site.name}"; value.owner = inputs.config.users.users.nginx.name; })
|
||||
(filter (site: site.value.detectAuth) (attrsToList nginx.httpProxy))))
|
||||
(filter (site: site.value.detectAuth) (attrsToList nginx.http))))
|
||||
// (listToAttrs (map
|
||||
(site: { name = "nginx/addAuth/${site.name}"; value = {}; })
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.httpProxy))));
|
||||
(filter (site: site.value.addAuth) (attrsToList nginx.http))));
|
||||
};
|
||||
systemd.services.nginx.serviceConfig =
|
||||
{
|
||||
@@ -207,11 +224,11 @@ inputs:
|
||||
nixos.services.acme =
|
||||
{
|
||||
enable = true;
|
||||
certs = map (cert: cert.name) (attrsToList nginx.httpProxy);
|
||||
certs = map (cert: cert.name) (attrsToList nginx.http);
|
||||
};
|
||||
security.acme.certs = listToAttrs (map
|
||||
(cert: { inherit (cert) name; value.group = inputs.config.services.nginx.group; })
|
||||
(attrsToList nginx.httpProxy));
|
||||
(attrsToList nginx.http));
|
||||
})
|
||||
(mkIf nginx.transparentProxy.enable
|
||||
{
|
||||
@@ -227,7 +244,7 @@ inputs:
|
||||
(attrsToList nginx.transparentProxy.map)
|
||||
++ (map
|
||||
(site: { name = site.name; value = (if site.value.http2 then 443 else 3065); })
|
||||
(attrsToList nginx.httpProxy)
|
||||
(attrsToList nginx.http)
|
||||
)
|
||||
))}
|
||||
default 127.0.0.1:443;
|
||||
|
||||
@@ -60,7 +60,7 @@ inputs:
|
||||
nginx =
|
||||
{
|
||||
enable = true;
|
||||
httpProxy.${rsshub.hostname} =
|
||||
http.${rsshub.hostname} =
|
||||
{
|
||||
rewriteHttps = true;
|
||||
locations."/" =
|
||||
|
||||
Reference in New Issue
Block a user