mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

test

Browse Source
This commit is contained in:
mjallen18
2025-09-30 18:29:34 -05:00
parent ec23a7fe14
commit 751b4f9f69
37 changed files with 814 additions and 971 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/examples/file-utils.nix
View File

@@ -44,7 +44,7 @@ in
# Example of using these functions together
nixosConfigurations = lib.mapAttrs' (
name:
_name:
{ system, hostname, ... }:
{
name = hostname;

10
lib/examples/reverseproxy.nix
View File

@@ -1,5 +1,5 @@
# Example usage of the reverse proxy utilities
{ inputs, lib, ... }:
{ lib, ... }:
let
inherit (lib.mjallen-lib.reverseproxy)
mkReverseProxy
@@ -89,11 +89,15 @@ in
domain = "example.com";
priority = 20;
rule = "Host(`custom.example.com`) && PathPrefix(`/api`)";
middlewares = [ "crowdsec" "whitelist-geoblock" "rate-limit" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"rate-limit"
];
};
# Example usage in a Traefik configuration:
#
#
# mjallen.services.traefik = {
# enable = true;
# extraServices = multipleProxies.extraServices;

4
lib/examples/system-utils.nix
View File

@@ -19,7 +19,7 @@ in
nixosSystems = inputs.self.mjallen-lib.file.filterNixOSSystems allSystems;
in
inputs.nixpkgs.lib.mapAttrs' (
name:
_name:
{ system, hostname, ... }:
let
# Create extended lib with mjallen-lib
@@ -86,7 +86,7 @@ in
allHomes = inputs.self.mjallen-lib.file.scanHomes ../homes;
in
inputs.nixpkgs.lib.mapAttrs' (
name:
_name:
{
system,
username,

239
lib/reverseproxy/default.nix
View File

@@ -1,77 +1,112 @@
{ inputs }:
let
inherit (inputs.nixpkgs.lib)
mkOption
types
listToAttrs
nameValuePair
;
in
rec {
# Create a service configuration for Traefik
mkService = {
name,
url,
loadBalancer ? { },
}: {
inherit name url;
config = {
loadBalancer = {
servers = [{ inherit url; }];
} // loadBalancer;
mkService =
{
name,
url,
loadBalancer ? { },
}:
{
inherit name url;
config = {
loadBalancer = {
servers = [ { inherit url; } ];
}
// loadBalancer;
};
};
};
# Create a router configuration for Traefik
mkRouter = {
subdomain,
domain ? "mjallen.dev",
service,
entryPoints ? [ "websecure" ],
middlewares ? [ "crowdsec" "whitelist-geoblock" ],
priority ? null,
rule ? null,
tls ? { certResolver = "letsencrypt"; },
}: {
inherit subdomain service entryPoints middlewares;
config = {
inherit entryPoints service middlewares tls;
rule = if rule != null then rule else "Host(`${subdomain}.${domain}`)";
} // (if priority != null then { inherit priority; } else { });
};
mkRouter =
{
subdomain,
domain ? "mjallen.dev",
service,
entryPoints ? [ "websecure" ],
middlewares ? [
"crowdsec"
"whitelist-geoblock"
],
priority ? null,
rule ? null,
tls ? {
certResolver = "letsencrypt";
},
}:
{
inherit
subdomain
service
entryPoints
middlewares
;
config = {
inherit
entryPoints
service
middlewares
tls
;
rule = if rule != null then rule else "Host(`${subdomain}.${domain}`)";
}
// (if priority != null then { inherit priority; } else { });
};
# Create both service and router for a simple reverse proxy setup
mkReverseProxy = {
name,
subdomain,
url,
domain ? "mjallen.dev",
entryPoints ? [ "websecure" ],
middlewares ? [ "crowdsec" "whitelist-geoblock" ],
priority ? null,
rule ? null,
tls ? { certResolver = "letsencrypt"; },
loadBalancer ? { },
}: {
service = mkService {
inherit name url loadBalancer;
mkReverseProxy =
{
name,
subdomain,
url,
domain ? "mjallen.dev",
entryPoints ? [ "websecure" ],
middlewares ? [
"crowdsec"
"whitelist-geoblock"
],
priority ? null,
rule ? null,
tls ? {
certResolver = "letsencrypt";
},
loadBalancer ? { },
}:
{
service = mkService {
inherit name url loadBalancer;
};
router = mkRouter {
inherit
subdomain
domain
entryPoints
middlewares
priority
rule
tls
;
service = name;
};
};
router = mkRouter {
inherit subdomain domain entryPoints middlewares priority rule tls;
service = name;
};
};
# Convert a list of services to the format expected by Traefik module
servicesToConfig = services:
listToAttrs (map (service: nameValuePair service.name service.config) services);
servicesToConfig =
services: listToAttrs (map (service: nameValuePair service.name service.config) services);
# Convert a list of routers to the format expected by Traefik module
routersToConfig = routers:
listToAttrs (map (router: nameValuePair router.subdomain router.config) routers);
routersToConfig =
routers: listToAttrs (map (router: nameValuePair router.subdomain router.config) routers);
# Helper to create multiple reverse proxies at once
mkReverseProxies = proxies:
mkReverseProxies =
proxies:
let
results = map mkReverseProxy proxies;
services = map (result: result.service) results;
@@ -91,31 +126,47 @@ rec {
middlewares = {
# Authentication middleware
auth = [ "authentik" ];
# Basic security (default)
basic = [ "crowdsec" "whitelist-geoblock" ];
basic = [
"crowdsec"
"whitelist-geoblock"
];
# Internal only access
internal = [ "crowdsec" "whitelist-geoblock" "internal-ipallowlist" ];
internal = [
"crowdsec"
"whitelist-geoblock"
"internal-ipallowlist"
];
# WebSocket support
websocket = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
websocket = [
"crowdsec"
"whitelist-geoblock"
"onlyoffice-websocket"
];
# Authenticated with basic security
authBasic = [ "crowdsec" "whitelist-geoblock" "authentik" ];
authBasic = [
"crowdsec"
"whitelist-geoblock"
"authentik"
];
};
# Common service URL builders
urls = {
# Local container service
container = containerName: port: "http://\${config.containers.${containerName}.localAddress}:${toString port}";
container =
containerName: port: "http://\${config.containers.${containerName}.localAddress}:${toString port}";
# Local host service
localhost = port: "http://127.0.0.1:${toString port}";
# Network service
network = ip: port: "http://${ip}:${toString port}";
# Server IP service (using your server IP pattern)
server = port: "http://\${serverIp}:${toString port}";
};
@@ -123,31 +174,47 @@ rec {
# Pre-configured reverse proxy templates
templates = {
# Standard web application
webapp = { name, subdomain, port, ... }@args:
mkReverseProxy ({
url = urls.localhost port;
middlewares = middlewares.basic;
} // args);
webapp =
{ port, ... }@args:
mkReverseProxy (
{
url = urls.localhost port;
middlewares = middlewares.basic;
}
// args
);
# Authenticated web application
authWebapp = { name, subdomain, port, ... }@args:
mkReverseProxy ({
url = urls.localhost port;
middlewares = middlewares.authBasic;
} // args);
# Authenticated web application
authWebapp =
{ port, ... }@args:
mkReverseProxy (
{
url = urls.localhost port;
middlewares = middlewares.authBasic;
}
// args
);
# Container-based service
containerService = { name, subdomain, containerName, port, ... }@args:
mkReverseProxy ({
url = urls.container containerName port;
middlewares = middlewares.basic;
} // args);
containerService =
{ containerName, port, ... }@args:
mkReverseProxy (
{
url = urls.container containerName port;
middlewares = middlewares.basic;
}
// args
);
# Internal-only service
internalService = { name, subdomain, port, ... }@args:
mkReverseProxy ({
url = urls.localhost port;
middlewares = middlewares.internal;
} // args);
internalService =
{ port, ... }@args:
mkReverseProxy (
{
url = urls.localhost port;
middlewares = middlewares.internal;
}
// args
);
};
}