Infra/proxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add initial config

Browse source
This commit is contained in:
Katharina Heidenreich 2026-04-04 22:19:24 +02:00
commit fb98563bb6
26 changed files with 576 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

36
intermediate/nginx.nix Normal file
View file

@ -0,0 +1,36 @@
let
lib = import <nixpkgs/lib>;
endpoints = (import ../validation/endpoints.nix).getValidatedEndpoints (import ../config/endpoints.nix);
net = import ../config/network.nix;
tunnelPolicy = import ../validation/tunnel_ports.nix;
normalizeEndpoint = endpoint:
endpoint // {
content = endpoint.content // {
host = if endpoint.type == "forwarding" then net.tunnel.host else endpoint.content.host;
};
};
normalizedEndpoints = map normalizeEndpoint endpoints;
_forwardPortChecks = map (endpoint:
if endpoint.content.host == net.tunnel.host && !(tunnelPolicy.isAllowedTunnelPort endpoint.content.port) then
throw "Forwarding endpoint listenPort=${toString endpoint.listenPort} targets tunnel-backed local port ${toString endpoint.content.port}, which is not listed in config/network.nix tunnel.allowedPorts."
else
null
) normalizedEndpoints;
mkStreamServer = endpoint: ''
server {
listen ${toString endpoint.listenPort};
proxy_pass ${endpoint.content.host}:${toString endpoint.content.port};
}
'';
streamConfig = lib.concatStringsSep "\n" (map mkStreamServer normalizedEndpoints);
in
{
validatedEndpoints = normalizedEndpoints;
inherit streamConfig;
nginxUsedPorts = lib.unique (map (endpoint: endpoint.listenPort) normalizedEndpoints);
}