diff --git a/nixos/common/modules/meta.nix b/nixos/common/modules/meta.nix index 63585fa..524e82b 100644 --- a/nixos/common/modules/meta.nix +++ b/nixos/common/modules/meta.nix @@ -20,15 +20,15 @@ let }; }; in { - options = { - meta.exposes = mkOption { + options.meta = { + exposes = mkOption { type = with types; attrsOf (submodule exposesOpts); description = '' Exposed services ''; }; - meta.ipv4 = mkOption { + ipv4 = mkOption { type = types.str; description = '' Own IPv4 Address diff --git a/nixos/common/modules/vault.nix b/nixos/common/modules/vault.nix index 1df023b..90b86c8 100644 --- a/nixos/common/modules/vault.nix +++ b/nixos/common/modules/vault.nix @@ -2,7 +2,7 @@ with lib; let cfg = config.services.v.vault; - hostIP = config.deployment.targetHost; + hostIP = config.meta.ipv4; # Find all vault hosts that do not have the same IP as the current host vault_hosts = diff --git a/nixos/hosts/olympus/nginx/configuration.nix b/nixos/hosts/olympus/nginx/configuration.nix index 2e926c7..ff5e447 100644 --- a/nixos/hosts/olympus/nginx/configuration.nix +++ b/nixos/hosts/olympus/nginx/configuration.nix @@ -1,5 +1,7 @@ -{ pkgs, hosts, ... }: +{ pkgs, config, hosts, lib, ... }: let + inherit (builtins) filter hasAttr attrValues concatMap; + proxy = url: { enableACME = true; forceSSL = true; @@ -22,6 +24,16 @@ let add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; + + hostsWithExposes = + filter (hasAttr "exposes") (attrValues hosts.${config.networking.domain}); + exposes = { ip, exposes, ... }: + map ({ domain, port }: { inherit ip domain port; }) (attrValues exposes); + mkVhost = { ip, domain, port }: { + "${domain}" = proxy "http://${ip}:${toString port}"; + }; + vhosts = lib.foldr (el: acc: acc // mkVhost el) { } + (concatMap exposes hostsWithExposes); in { # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -45,107 +57,106 @@ in { package = pkgs.nginxMainline; # Templated - virtualHosts.${hosts.olympus.hedgedoc.exposes.md.domain} = proxy "http://hedgedoc.olympus:${toString hosts.olympus.hedgedoc.exposes.md.port}/"; - - # 0x76.dev - virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; - virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000"; - virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000"; - virtualHosts."grafana.0x76.dev" = - proxy "http://victoriametrics.olympus:2342"; - virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000"; - virtualHosts."ntfy.0x76.dev" = proxy "http://ntfy.olympus:80"; - virtualHosts."ci.0x76.dev" = proxy "http://woodpecker.olympus:8000"; - virtualHosts."dex.0x76.dev" = proxy "http://dex.olympus:5556"; - virtualHosts."pass.0x76.dev" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://vaultwarden.olympus:8222"; - proxyWebsockets = true; + virtualHosts = vhosts // { + # 0x76.dev + "ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/"; + "git.0x76.dev" = proxy "http://gitea.olympus:3000"; + "o.0x76.dev" = proxy "http://minio.olympus:9000"; + "grafana.0x76.dev" = proxy "http://victoriametrics.olympus:2342"; + "outline.0x76.dev" = proxy "http://outline.olympus:3000"; + "ntfy.0x76.dev" = proxy "http://ntfy.olympus:80"; + "ci.0x76.dev" = proxy "http://woodpecker.olympus:8000"; + "dex.0x76.dev" = proxy "http://dex.olympus:5556"; + "pass.0x76.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://vaultwarden.olympus:8222"; + proxyWebsockets = true; + }; + locations."/notifications/hub/negotiate" = { + proxyPass = "http://vaultwarden.olympus:8222"; + proxyWebsockets = true; + }; + locations."/notifications/hub" = { + proxyPass = "http://vaultwarden.olympus:3012"; + proxyWebsockets = true; + }; }; - locations."/notifications/hub/negotiate" = { - proxyPass = "http://vaultwarden.olympus:8222"; - proxyWebsockets = true; - }; - locations."/notifications/hub" = { - proxyPass = "http://vaultwarden.olympus:3012"; - proxyWebsockets = true; - }; - }; - # Redshifts - virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008"; + # Redshifts + "andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008"; - # Meow - virtualHosts."meowy.tech" = { - enableACME = true; - forceSSL = true; - locations."/".extraConfig = '' - add_header Content-Type 'text/html; charset=UTF-8'; - return 200 '