qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

modules/ts-rev-prox: -> ts-reverse-proxy and allow multiple servers

Browse Source
This commit is contained in:
Aaron Bieber 2024-06-18 13:11:56 -06:00
parent 71abc88e64
commit 518fd4d0c8
No known key found for this signature in database
7 changed files with 134 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configs/ca.nix
View File

@ -21,7 +21,7 @@ with lib; {
}; };
}; };
imports = [ ../modules/ts-rev-prox.nix ]; imports = [ ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
sops.secrets = { sops.secrets = {
ca_password = { ca_password = {

7
configs/ci.nix
View File

@ -39,7 +39,6 @@ with lib; {
}; };
}; };
imports = [ ../modules/ts-rev-prox.nix ];
config = mkIf config.xinCI.enable { config = mkIf config.xinCI.enable {
sops.defaultSopsFile = config.xin-secrets.ci; sops.defaultSopsFile = config.xin-secrets.ci;
sops.secrets = { sops.secrets = {
@ -72,7 +71,7 @@ with lib; {
}; };
ts_proxy_env = { ts_proxy_env = {
mode = "400"; mode = "400";
owner = config.services.tsrevprox.user; owner = config.services.ts-reverse-proxy.servers."nix-binary-cache".user;
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -97,7 +96,6 @@ with lib; {
}; };
nix = { nix = {
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ]; settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
gc = { gc = {
automatic = true; automatic = true;
@ -109,9 +107,8 @@ with lib; {
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs); systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
services = { services = {
tsrevprox = { ts-reverse-proxy.servers."nix-binary-cache" = {
enable = true; enable = true;
reverseName = "nix-binary-cache";
}; };
harmonia = { harmonia = {
enable = true; enable = true;

6
flake.lock generated
View File

@ -469,11 +469,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1706541995, "lastModified": 1718734761,
"narHash": "sha256-H08lKKLU3db/USh17x2sD6f6Zf5tRr0r3cFQEMHF3vQ=", "narHash": "sha256-pzzq+tTx6Pp5BqulZjcVrnxbqBe91aYfS4tKkI/VULg=",
"owner": "qbit", "owner": "qbit",
"repo": "ts-reverse-proxy", "repo": "ts-reverse-proxy",
"rev": "32dcd0f1a301833230b003efb84b148ba39230b2", "rev": "ba7b61a85bb2291bd4972dc5f89b647b523c9284",
"type": "github" "type": "github"
}, },
"original": { "original": {

15
hosts/h/default.nix
View File

@ -148,7 +148,7 @@ in
}; };
pr_status_env = { pr_status_env = {
mode = "400"; mode = "400";
owner = config.services.tsrevprox.user; owner = config.services.ts-reverse-proxy.servers."pr-status-reverse".user;
sopsFile = config.xin-secrets.h.secrets.services; sopsFile = config.xin-secrets.h.secrets.services;
}; };
qbit_at_suah_pass_file = { qbit_at_suah_pass_file = {
@ -367,11 +367,14 @@ in
rooms = [ ]; rooms = [ ];
}; };
}; };
tsrevprox = { ts-reverse-proxy = {
enable = true; servers = {
reverseName = "pr-status"; "pr-status-reverse" = {
reversePort = 3003; enable = true;
#envFile = config.sops.secrets.pr_status_env.path; reverseName = "pr-status";
reversePort = 3003;
};
};
}; };
sliding-sync = { sliding-sync = {
enable = true; enable = true;

2
modules/default.nix
View File

@ -5,7 +5,7 @@
./rtlamr2mqtt.nix ./rtlamr2mqtt.nix
./sliding-sync.nix ./sliding-sync.nix
./ssh-fido-agent.nix ./ssh-fido-agent.nix
./ts-rev-prox.nix ./ts-reverse-proxy.nix
./tsvnstat.nix ./tsvnstat.nix
./veilid-server.nix ./veilid-server.nix
./wallabag.nix ./wallabag.nix

105
modules/ts-rev-prox.nix
View File

@ -1,105 +0,0 @@
{ lib
, config
, pkgs
, ...
}:
let
cfg = config.services.tsrevprox;
in
{
options = with lib; {
services.tsrevprox = {
enable = lib.mkEnableOption "Enable tsrevprox";
reversePort = mkOption {
type = types.int;
default = 5000;
description = ''
Port to forward connections to.
'';
};
reverseIP = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
IP to forward connections to.
'';
};
reverseName = mkOption {
type = types.str;
default = "tsrevprox";
description = ''
Name used in for the front facing http server (will be a tailscale name).
'';
};
user = mkOption {
type = with types; oneOf [ str int ];
default = "tsrevprox";
description = ''
The user the service will use.
'';
};
group = mkOption {
type = with types; oneOf [ str int ];
default = "tsrevprox";
description = ''
The group the service will use.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/tsrevprox";
description = "Path tsrevprox home directory";
};
package = mkOption {
type = types.package;
default = pkgs.ts-reverse-proxy;
defaultText = literalExpression "pkgs.ts-reverse-proxy";
description = "The package to use for ts-reverse-proxy";
};
envFile = mkOption {
type = types.path;
default = "/run/secrets/ts_proxy_env";
description = ''
Path to a file containing the ts-reverse-proxy token information
'';
};
};
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
description = "tsrevprox service user";
isSystemUser = true;
home = "${cfg.dataDir}";
createHome = true;
group = "${cfg.group}";
};
systemd.services.tsrevprox = {
enable = true;
description = "tsrevprox server";
wants = [ "network-online.target" ];
environment = { HOME = "${cfg.dataDir}"; };
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
toString cfg.reversePort
} -ip ${cfg.reverseIP}";
#EnvironmentFile = cfg.envFile;
};
};
};
}

118
modules/ts-reverse-proxy.nix Normal file
View File

@ -0,0 +1,118 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.services.ts-reverse-proxy;
enabledServers = filterAttrs (_: conf: conf.enable) cfg.servers;
in
{
options = {
services.ts-reverse-proxy = {
package = mkPackageOption pkgs "ts-reverse-proxy" { };
servers = mkOption {
description = "Configuration of multiple `ts-reverse-proxy` instalces.";
default = { };
type = with types; attrsOf (submodule ({ name, ... }: {
options = {
enable = lib.mkEnableOption "Enable ts-reverse-proxy for ${name}";
reversePort = mkOption {
type = types.int;
default = 5000;
description = ''
Port to forward connections to.
'';
};
reverseIP = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
IP to forward connections to.
'';
};
reverseName = mkOption {
type = types.str;
default = name;
description = ''
Name used in for the front facing http server (will be a tailscale name).
'';
};
user = mkOption {
type = with types; oneOf [ str int ];
default = name;
description = ''
The user the service will use.
'';
};
group = mkOption {
type = with types; oneOf [ str int ];
default = name;
description = ''
The group the service will use.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/${name}";
description = "Path ts-reverse-proxy home directory";
};
envFile = mkOption {
type = types.path;
default = "/run/secrets/ts_proxy_env-${name}";
description = ''
Path to a file containing the ts-reverse-proxy token information
'';
};
};
}));
};
};
};
config = mkIf (enabledServers != { }) {
environment.systemPackages = [ cfg.package ];
users.groups = mapAttrs'
(name: _: nameValuePair name { })
enabledServers;
users.users = mapAttrs'
(name: conf: nameValuePair name {
description = "System user for ts-reverse-proxy instance ${name}";
isSystemUser = true;
group = name;
home = "${conf.dataDir}";
createHome = true;
})
enabledServers;
systemd.services = mapAttrs'
(name: conf: nameValuePair name {
description = "ts-reverse-proxy instance ${name}";
enable = true;
wants = [ "network-online.target" ];
environment = { HOME = "${conf.dataDir}"; };
serviceConfig = {
User = conf.user;
Group = conf.group;
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${conf.reverseName} -port ${
toString conf.reversePort
} -ip ${conf.reverseIP}";
#EnvironmentFile = conf.envFile;
};
})
enabledServers;
};
}