From 6a5789d45bd4f6bfe0623200752bd9dda72f73db Mon Sep 17 00:00:00 2001 From: Joakim Repomaa Date: Fri, 7 Feb 2025 20:27:53 +0200 Subject: [PATCH] refactor --- hosts/apu/configuration.nix | 2 +- hosts/freun.dev/services/gotosocial.nix | 2 +- hosts/freun.dev/services/grafana.nix | 2 +- hosts/freun.dev/services/gtrackmap.nix | 2 +- hosts/freun.dev/services/immich.nix | 2 +- hosts/freun.dev/services/invidious.nix | 2 +- hosts/freun.dev/services/owncast.nix | 2 +- hosts/freun.dev/services/snips.nix | 6 ++-- hosts/freun.dev/services/syncthing.nix | 2 +- hosts/freun.dev/services/vaultwarden.nix | 4 ++- hosts/freun.dev/services/workout-tracker.nix | 2 +- modules/webserver.nix | 32 ++++++++------------ 12 files changed, 27 insertions(+), 33 deletions(-) diff --git a/hosts/apu/configuration.nix b/hosts/apu/configuration.nix index 53ca803..841d690 100644 --- a/hosts/apu/configuration.nix +++ b/hosts/apu/configuration.nix @@ -223,7 +223,7 @@ acme.dnsChallenge = true; vHosts."koti.repomaa.com" = { proxyBuffering = false; - locations."/".proxy = "http://127.0.0.1:8123"; + locations."/".proxyPort = 8123; }; }; diff --git a/hosts/freun.dev/services/gotosocial.nix b/hosts/freun.dev/services/gotosocial.nix index 0465673..358ce4a 100644 --- a/hosts/freun.dev/services/gotosocial.nix +++ b/hosts/freun.dev/services/gotosocial.nix @@ -42,6 +42,6 @@ in ] ); - "${fqdn}".locations."/".proxy = "http://127.0.0.1:${toString port}"; + "${fqdn}".locations."/".proxyPort = port; }; } diff --git a/hosts/freun.dev/services/grafana.nix b/hosts/freun.dev/services/grafana.nix index f540b18..9f7d15c 100644 --- a/hosts/freun.dev/services/grafana.nix +++ b/hosts/freun.dev/services/grafana.nix @@ -43,7 +43,7 @@ in ]; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; services.postgresql = { ensureDatabases = [ "grafana" ]; diff --git a/hosts/freun.dev/services/gtrackmap.nix b/hosts/freun.dev/services/gtrackmap.nix index e9d8d3e..a3f4f0e 100644 --- a/hosts/freun.dev/services/gtrackmap.nix +++ b/hosts/freun.dev/services/gtrackmap.nix @@ -9,5 +9,5 @@ in inherit port; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://localhost:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; } diff --git a/hosts/freun.dev/services/immich.nix b/hosts/freun.dev/services/immich.nix index 28442d5..ce3bf61 100644 --- a/hosts/freun.dev/services/immich.nix +++ b/hosts/freun.dev/services/immich.nix @@ -167,7 +167,7 @@ in wantedBy = [ "multi-user.target" ]; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; fileSystems."${immich_data_dir}" = { device = "//u407959.your-storagebox.de/backup/immich"; diff --git a/hosts/freun.dev/services/invidious.nix b/hosts/freun.dev/services/invidious.nix index e9f80d1..cf0d2d1 100644 --- a/hosts/freun.dev/services/invidious.nix +++ b/hosts/freun.dev/services/invidious.nix @@ -19,5 +19,5 @@ in }; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; } diff --git a/hosts/freun.dev/services/owncast.nix b/hosts/freun.dev/services/owncast.nix index 73b7373..fec2521 100644 --- a/hosts/freun.dev/services/owncast.nix +++ b/hosts/freun.dev/services/owncast.nix @@ -10,5 +10,5 @@ in inherit port; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; } diff --git a/hosts/freun.dev/services/snips.nix b/hosts/freun.dev/services/snips.nix index 328a029..5da83d3 100644 --- a/hosts/freun.dev/services/snips.nix +++ b/hosts/freun.dev/services/snips.nix @@ -15,9 +15,9 @@ in enable = true; description = "Snips pastebin"; environment = { - SNIPS_HTTP_INTERNAL = "http://127.0.0.1:${toString port}"; + SNIPS_HTTP_INTERNAL = "http://[::1]:${toString port}"; SNIPS_HTTP_EXTERNAL = "https://${fqdn}"; - SNIPS_SSH_INTERNAL = "ssh://0.0.0.0:${toString sshPort}"; + SNIPS_SSH_INTERNAL = "ssh://[::0]:${toString sshPort}"; SNIPS_SSH_EXTERNAL = "ssh://${fqdn}:${toString sshPort}"; SNIPS_HOST_KEY_PATH = "/var/lib/snips/keys/snips"; SNIPS_DB_FILEPATH = "/var/lib/snips/snips.db"; @@ -38,7 +38,7 @@ in }; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; networking.firewall.allowedTCPPorts = [ sshPort ]; } diff --git a/hosts/freun.dev/services/syncthing.nix b/hosts/freun.dev/services/syncthing.nix index 8ad070e..06b7e9e 100644 --- a/hosts/freun.dev/services/syncthing.nix +++ b/hosts/freun.dev/services/syncthing.nix @@ -14,7 +14,7 @@ in settings.gui.insecureSkipHostCheck = true; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://localhost:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; fileSystems."${storage_dir}" = { device = "//u407959.your-storagebox.de/backup/syncthing"; diff --git a/hosts/freun.dev/services/vaultwarden.nix b/hosts/freun.dev/services/vaultwarden.nix index f5dc279..461bb25 100644 --- a/hosts/freun.dev/services/vaultwarden.nix +++ b/hosts/freun.dev/services/vaultwarden.nix @@ -1,6 +1,7 @@ { lib, ... }: let fqdn = "pw.freun.dev"; + port = 8000; in { services.vaultwarden = { @@ -21,10 +22,11 @@ in SMTP_PORT = 587; HELO_NAME = "freun.dev"; ROCKET_LIMITS = "{json=10485760}"; + ROCKET_PORT = port; }; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:8000"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; services.postgresql = { ensureDatabases = [ "vaultwarden" ]; diff --git a/hosts/freun.dev/services/workout-tracker.nix b/hosts/freun.dev/services/workout-tracker.nix index f465f8e..07b3fb9 100644 --- a/hosts/freun.dev/services/workout-tracker.nix +++ b/hosts/freun.dev/services/workout-tracker.nix @@ -31,5 +31,5 @@ in }; }; - modules.webserver.vHosts.${fqdn}.locations."/".proxy = "http://127.0.0.1:${toString port}"; + modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port; } diff --git a/modules/webserver.nix b/modules/webserver.nix index fff7afe..b4ffcc8 100644 --- a/modules/webserver.nix +++ b/modules/webserver.nix @@ -2,21 +2,11 @@ let cfg = config.modules.webserver; - nginxVhost = options: { - forceSSL = true; - enableACME = true; - acmeRoot = lib.mkIf cfg.acme.dnsChallenge null; - } // options; - - nginxProxy = options: { - proxyWebsockets = true; - } // options; - types = { location = lib.types.submodule { options = { - proxy = lib.mkOption { - type = lib.types.nullOr lib.types.str; + proxyPort = lib.mkOption { + type = lib.types.nullOr lib.types.int; default = null; }; extraConfig = lib.mkOption { @@ -28,10 +18,6 @@ let vhost = lib.types.submodule { options = { - http2 = lib.mkOption { - type = lib.types.bool; - default = true; - }; proxyBuffering = lib.mkOption { type = lib.types.bool; default = true; @@ -74,15 +60,21 @@ in recommendedOptimisation = true; virtualHosts = lib.mapAttrs - (_: { proxyBuffering, locations, http2 }: nginxVhost { - inherit http2; + (_: { proxyBuffering, locations }: { + forceSSL = true; + enableACME = true; + http2 = true; + acmeRoot = lib.mkIf cfg.acme.dnsChallenge null; extraConfig = lib.mkIf (!proxyBuffering) '' proxy_buffering off; ''; locations = lib.mapAttrs - (_: { proxy, extraConfig }: lib.mergeAttrsList [ + (_: { proxyPort, extraConfig }: lib.mergeAttrsList [ { inherit extraConfig; } - (if (lib.isString proxy) then (nginxProxy { proxyPass = proxy; }) else { }) + (if (lib.isInt proxyPort) then { + proxyWebsockets = true; + proxyPass = "http://localhost:${toString proxyPort}"; + } else { }) ]) locations; })