36 lines
No EOL
1.3 KiB
Nix
36 lines
No EOL
1.3 KiB
Nix
let
|
|
lib = import <nixpkgs/lib>;
|
|
endpoints = (import ../validation/endpoints.nix).getValidatedEndpoints (import ../config/endpoints.nix);
|
|
net = import ../config/network.nix;
|
|
tunnelPolicy = import ../validation/tunnel_ports.nix;
|
|
|
|
normalizeEndpoint = endpoint:
|
|
endpoint // {
|
|
content = endpoint.content // {
|
|
host = if endpoint.type == "forwarding" then net.tunnel.host else endpoint.content.host;
|
|
};
|
|
};
|
|
|
|
normalizedEndpoints = map normalizeEndpoint endpoints;
|
|
|
|
_forwardPortChecks = map (endpoint:
|
|
if endpoint.content.host == net.tunnel.host && !(tunnelPolicy.isAllowedTunnelPort endpoint.content.port) then
|
|
throw "Forwarding endpoint listenPort=${toString endpoint.listenPort} targets tunnel-backed local port ${toString endpoint.content.port}, which is not listed in config/network.nix tunnel.allowedPorts."
|
|
else
|
|
null
|
|
) normalizedEndpoints;
|
|
|
|
mkStreamServer = endpoint: ''
|
|
server {
|
|
listen ${toString endpoint.listenPort};
|
|
proxy_pass ${endpoint.content.host}:${toString endpoint.content.port};
|
|
}
|
|
'';
|
|
|
|
streamConfig = lib.concatStringsSep "\n" (map mkStreamServer normalizedEndpoints);
|
|
in
|
|
{
|
|
validatedEndpoints = normalizedEndpoints;
|
|
inherit streamConfig;
|
|
nginxUsedPorts = lib.unique (map (endpoint: endpoint.listenPort) normalizedEndpoints);
|
|
} |