reverse proxy stuff
This commit is contained in:
mjallen18
@@ -48,7 +48,6 @@ in
|
||||
meson
|
||||
nautilus
|
||||
networkmanagerapplet
|
||||
nm-tray
|
||||
nomacs
|
||||
nwg-look
|
||||
overskride
|
||||
|
||||
@@ -12,6 +12,14 @@ let
|
||||
hostAddress = "10.0.1.3";
|
||||
actualUserId = config.users.users.nix-apps.uid;
|
||||
actualGroupId = config.users.groups.jallen-nas.gid;
|
||||
|
||||
# Create reverse proxy configuration using mkReverseProxy
|
||||
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
|
||||
name = "actual";
|
||||
subdomain = cfg.reverseProxy.subdomain;
|
||||
url = "http://${cfg.localAddress}:${toString cfg.port}";
|
||||
middlewares = cfg.reverseProxy.middlewares;
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [ ./options.nix ];
|
||||
@@ -98,19 +106,23 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
|
||||
services.actual.loadBalancer.servers = [
|
||||
{
|
||||
url = "http://${cfg.localAddress}:${toString cfg.port}";
|
||||
}
|
||||
];
|
||||
routers.actual = {
|
||||
entryPoints = [ "websecure" ];
|
||||
rule = "Host(`${cfg.reverseProxy.host}`)";
|
||||
service = "actual";
|
||||
middlewares = cfg.reverseProxy.middlewares;
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
# services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
|
||||
# services.actual.loadBalancer.servers = [
|
||||
# {
|
||||
# url = "http://${cfg.localAddress}:${toString cfg.port}";
|
||||
# }
|
||||
# ];
|
||||
# routers.actual = {
|
||||
# entryPoints = [ "websecure" ];
|
||||
# rule = "Host(`${cfg.reverseProxy.host}`)";
|
||||
# service = "actual";
|
||||
# middlewares = cfg.reverseProxy.middlewares;
|
||||
# tls.certResolver = "letsencrypt";
|
||||
# };
|
||||
# };
|
||||
|
||||
${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable {
|
||||
reverseProxies = [ reverseProxyConfig ];
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{ lib, namespace, ... }:
|
||||
let
|
||||
inherit (lib.${namespace}) mkOpt mkBoolOpt;
|
||||
inherit (lib.${namespace}) mkOpt mkReverseProxyOpt;
|
||||
in
|
||||
with lib;
|
||||
{
|
||||
@@ -13,13 +13,6 @@ with lib;
|
||||
|
||||
dataDir = mkOpt types.str "" "Path to the data dir";
|
||||
|
||||
reverseProxy = {
|
||||
enable = mkBoolOpt false "Enable reverse proxy support";
|
||||
|
||||
host = mkOpt types.str "" "Address of the proxy";
|
||||
|
||||
middlewares = with types; mkOpt (listOf str) [ ] "List of middlewares to use";
|
||||
|
||||
};
|
||||
reverseProxy = mkReverseProxyOpt;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
@@ -18,6 +19,10 @@ let
|
||||
nextcloudPortExtHttp = 9988;
|
||||
nextcloudPortExtHttps = 9943;
|
||||
onlyofficePortExt = 9943;
|
||||
|
||||
nextcloudPhotos = pkgs.${namespace}.photos;
|
||||
nextcloudPdfViewer = pkgs.${namespace}.pdfviewer;
|
||||
nextcloudAssist = pkgs.${namespace}.assistant;
|
||||
in
|
||||
{
|
||||
imports = [ ./options.nix ];
|
||||
@@ -83,13 +88,34 @@ in
|
||||
# datadir = "/data";
|
||||
database.createLocally = true;
|
||||
hostName = "cloud.mjallen.dev";
|
||||
appstoreEnable = true;
|
||||
appstoreEnable = false;
|
||||
caching.redis = true;
|
||||
configureRedis = true;
|
||||
enableImagemagick = true;
|
||||
https = true;
|
||||
secretFile = secretsFile;
|
||||
|
||||
extraApps = {
|
||||
inherit (pkgs.nextcloud31Packages.apps) app_api
|
||||
bookmarks
|
||||
mail
|
||||
calendar
|
||||
contacts
|
||||
integration_openai
|
||||
integration_paperless
|
||||
maps
|
||||
oidc_login
|
||||
onlyoffice
|
||||
previewgenerator
|
||||
recognize
|
||||
richdocuments
|
||||
user_oidc;
|
||||
|
||||
inherit nextcloudPhotos
|
||||
nextcloudPdfViewer
|
||||
nextcloudAssist;
|
||||
};
|
||||
|
||||
config = {
|
||||
adminuser = "mjallen";
|
||||
adminpassFile = adminpass;
|
||||
|
||||
@@ -8,6 +8,48 @@ with lib;
|
||||
let
|
||||
cfg = config.${namespace}.services.traefik;
|
||||
|
||||
# Process extraServices into service configurations
|
||||
extraServiceConfigs =
|
||||
let
|
||||
makeService = service: nameValuePair service.name {
|
||||
loadBalancer.servers = [
|
||||
{
|
||||
url = service.url;
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
listToAttrs (map makeService cfg.extraServices);
|
||||
|
||||
# Process extraRouters into router configurations
|
||||
extraRouterConfigs =
|
||||
let
|
||||
makeRouter = router: nameValuePair router.subdomain {
|
||||
entryPoints = router.entryPoints;
|
||||
rule = "Host(`${router.subdomain}.${domain}`)";
|
||||
service = router.service;
|
||||
middlewares = router.middlewares ++ [
|
||||
"crowdsec"
|
||||
"whitelist-geoblock"
|
||||
];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
in
|
||||
listToAttrs (map makeRouter cfg.extraRouters);
|
||||
|
||||
# Process reverseProxies into service and router configurations
|
||||
reverseProxyServiceConfigs =
|
||||
let
|
||||
makeService = reverseProxy: nameValuePair reverseProxy.service.name reverseProxy.service.config;
|
||||
in
|
||||
listToAttrs (map makeService cfg.reverseProxies);
|
||||
|
||||
reverseProxyRouterConfigs =
|
||||
let
|
||||
makeRouter = reverseProxy: nameValuePair reverseProxy.router.subdomain reverseProxy.router.config;
|
||||
in
|
||||
listToAttrs (map makeRouter cfg.reverseProxies);
|
||||
|
||||
domain = "mjallen.dev";
|
||||
serverIp = "10.0.1.3";
|
||||
|
||||
@@ -318,7 +360,7 @@ in
|
||||
url = paperlessUrl;
|
||||
}
|
||||
];
|
||||
};
|
||||
} // extraServiceConfigs // reverseProxyServiceConfigs;
|
||||
|
||||
routers = {
|
||||
auth = {
|
||||
@@ -447,7 +489,7 @@ in
|
||||
];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
};
|
||||
} // extraRouterConfigs // reverseProxyRouterConfigs;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,7 +1,34 @@
|
||||
{ lib, namespace, ... }:
|
||||
with lib;
|
||||
let
|
||||
inherit (lib.${namespace}) mkOpt mkBoolOpt;
|
||||
in
|
||||
{
|
||||
options.${namespace}.services.traefik = {
|
||||
enable = mkEnableOption "enable traefik";
|
||||
|
||||
extraServices = mkOpt (types.listOf (types.submodule {
|
||||
options = {
|
||||
name = mkOpt types.str "" "Name of the service";
|
||||
url = mkOpt types.str "http://localhost:8080" "Url of the service";
|
||||
};
|
||||
})) [ ] "List of extra services to forward";
|
||||
|
||||
extraRouters = mkOpt (types.listOf (types.submodule {
|
||||
options = {
|
||||
entryPoints = mkOpt (types.listOf types.str) [ "websecure" ] "Entrypoint";
|
||||
subdomain = mkOpt types.str "" "subdomain of the service";
|
||||
service = mkOpt types.str "" "name of the service";
|
||||
middlewares = mkOpt (types.listOf (types.enum [
|
||||
"authentik"
|
||||
"onlyoffice-websocket"
|
||||
"crowdsec"
|
||||
"whitelist-geoblock"
|
||||
"internal-ipallowlist"
|
||||
])) [ ] "List of middlewares to enable";
|
||||
};
|
||||
})) [ ] "List of extra services to forward";
|
||||
|
||||
reverseProxies = mkOpt (types.listOf types.attrs) [ ] "List of reverse proxy configurations from mkReverseProxy";
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user