47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
network = import ../data/network.nix;
|
|
rproxyServices = builtins.mapAttrs (name: service: {
|
|
serverName = "${name}.${network.local_domain}";
|
|
listen = [ {addr = "0.0.0.0"; port = 80;} ];
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:${builtins.toString service.reverse_proxy.port}/";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
extraConfig = ''
|
|
allow ${network.network.subnet};
|
|
deny all;
|
|
'';
|
|
}) network.reverse_proxy;
|
|
serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
|
|
fallback = {
|
|
serverName = "_";
|
|
listen = [ {addr = "0.0.0.0"; port = 80;} ];
|
|
locations."/" = {
|
|
return = "404";
|
|
extraConfig = ''
|
|
add_header Content-Type text/plain;
|
|
'';
|
|
};
|
|
|
|
extraConfig = ''
|
|
return 404 "This domain is not configured. Available services: ${serviceNamesMessage}";
|
|
'';
|
|
};
|
|
in {
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
|
|
virtualHosts = rproxyServices // {fallback = fallback;};
|
|
};
|
|
|
|
# TODO add 443 for https
|
|
networking.firewall.allowedTCPPorts = [80];
|
|
}
|