modules/ts-rev-prox: -> ts-reverse-proxy and allow multiple servers
This commit is contained in:
parent
71abc88e64
commit
518fd4d0c8
@ -21,7 +21,7 @@ with lib; {
|
||||
};
|
||||
};
|
||||
|
||||
imports = [ ../modules/ts-rev-prox.nix ];
|
||||
imports = [ ];
|
||||
config = mkIf cfg.enable {
|
||||
sops.secrets = {
|
||||
ca_password = {
|
||||
|
@ -39,7 +39,6 @@ with lib; {
|
||||
};
|
||||
};
|
||||
|
||||
imports = [ ../modules/ts-rev-prox.nix ];
|
||||
config = mkIf config.xinCI.enable {
|
||||
sops.defaultSopsFile = config.xin-secrets.ci;
|
||||
sops.secrets = {
|
||||
@ -72,7 +71,7 @@ with lib; {
|
||||
};
|
||||
ts_proxy_env = {
|
||||
mode = "400";
|
||||
owner = config.services.tsrevprox.user;
|
||||
owner = config.services.ts-reverse-proxy.servers."nix-binary-cache".user;
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
@ -97,7 +96,6 @@ with lib; {
|
||||
};
|
||||
|
||||
nix = {
|
||||
#settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ];
|
||||
settings.allowed-users = [ "root" config.xinCI.user "harmonia" ];
|
||||
gc = {
|
||||
automatic = true;
|
||||
@ -109,9 +107,8 @@ with lib; {
|
||||
systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs);
|
||||
|
||||
services = {
|
||||
tsrevprox = {
|
||||
ts-reverse-proxy.servers."nix-binary-cache" = {
|
||||
enable = true;
|
||||
reverseName = "nix-binary-cache";
|
||||
};
|
||||
harmonia = {
|
||||
enable = true;
|
||||
|
6
flake.lock
generated
6
flake.lock
generated
@ -469,11 +469,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706541995,
|
||||
"narHash": "sha256-H08lKKLU3db/USh17x2sD6f6Zf5tRr0r3cFQEMHF3vQ=",
|
||||
"lastModified": 1718734761,
|
||||
"narHash": "sha256-pzzq+tTx6Pp5BqulZjcVrnxbqBe91aYfS4tKkI/VULg=",
|
||||
"owner": "qbit",
|
||||
"repo": "ts-reverse-proxy",
|
||||
"rev": "32dcd0f1a301833230b003efb84b148ba39230b2",
|
||||
"rev": "ba7b61a85bb2291bd4972dc5f89b647b523c9284",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -148,7 +148,7 @@ in
|
||||
};
|
||||
pr_status_env = {
|
||||
mode = "400";
|
||||
owner = config.services.tsrevprox.user;
|
||||
owner = config.services.ts-reverse-proxy.servers."pr-status-reverse".user;
|
||||
sopsFile = config.xin-secrets.h.secrets.services;
|
||||
};
|
||||
qbit_at_suah_pass_file = {
|
||||
@ -367,11 +367,14 @@ in
|
||||
rooms = [ ];
|
||||
};
|
||||
};
|
||||
tsrevprox = {
|
||||
ts-reverse-proxy = {
|
||||
servers = {
|
||||
"pr-status-reverse" = {
|
||||
enable = true;
|
||||
reverseName = "pr-status";
|
||||
reversePort = 3003;
|
||||
#envFile = config.sops.secrets.pr_status_env.path;
|
||||
};
|
||||
};
|
||||
};
|
||||
sliding-sync = {
|
||||
enable = true;
|
||||
|
@ -5,7 +5,7 @@
|
||||
./rtlamr2mqtt.nix
|
||||
./sliding-sync.nix
|
||||
./ssh-fido-agent.nix
|
||||
./ts-rev-prox.nix
|
||||
./ts-reverse-proxy.nix
|
||||
./tsvnstat.nix
|
||||
./veilid-server.nix
|
||||
./wallabag.nix
|
||||
|
@ -1,105 +0,0 @@
|
||||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.tsrevprox;
|
||||
in
|
||||
{
|
||||
options = with lib; {
|
||||
services.tsrevprox = {
|
||||
enable = lib.mkEnableOption "Enable tsrevprox";
|
||||
|
||||
reversePort = mkOption {
|
||||
type = types.int;
|
||||
default = 5000;
|
||||
description = ''
|
||||
Port to forward connections to.
|
||||
'';
|
||||
};
|
||||
|
||||
reverseIP = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
IP to forward connections to.
|
||||
'';
|
||||
};
|
||||
|
||||
reverseName = mkOption {
|
||||
type = types.str;
|
||||
default = "tsrevprox";
|
||||
description = ''
|
||||
Name used in for the front facing http server (will be a tailscale name).
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
default = "tsrevprox";
|
||||
description = ''
|
||||
The user the service will use.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
default = "tsrevprox";
|
||||
description = ''
|
||||
The group the service will use.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/tsrevprox";
|
||||
description = "Path tsrevprox home directory";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.ts-reverse-proxy;
|
||||
defaultText = literalExpression "pkgs.ts-reverse-proxy";
|
||||
description = "The package to use for ts-reverse-proxy";
|
||||
};
|
||||
|
||||
envFile = mkOption {
|
||||
type = types.path;
|
||||
default = "/run/secrets/ts_proxy_env";
|
||||
description = ''
|
||||
Path to a file containing the ts-reverse-proxy token information
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.groups.${cfg.group} = { };
|
||||
users.users.${cfg.user} = {
|
||||
description = "tsrevprox service user";
|
||||
isSystemUser = true;
|
||||
home = "${cfg.dataDir}";
|
||||
createHome = true;
|
||||
group = "${cfg.group}";
|
||||
};
|
||||
|
||||
systemd.services.tsrevprox = {
|
||||
enable = true;
|
||||
description = "tsrevprox server";
|
||||
wants = [ "network-online.target" ];
|
||||
|
||||
environment = { HOME = "${cfg.dataDir}"; };
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
||||
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${cfg.reverseName} -port ${
|
||||
toString cfg.reversePort
|
||||
} -ip ${cfg.reverseIP}";
|
||||
#EnvironmentFile = cfg.envFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
118
modules/ts-reverse-proxy.nix
Normal file
118
modules/ts-reverse-proxy.nix
Normal file
@ -0,0 +1,118 @@
|
||||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.ts-reverse-proxy;
|
||||
enabledServers = filterAttrs (_: conf: conf.enable) cfg.servers;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.ts-reverse-proxy = {
|
||||
package = mkPackageOption pkgs "ts-reverse-proxy" { };
|
||||
|
||||
servers = mkOption {
|
||||
description = "Configuration of multiple `ts-reverse-proxy` instalces.";
|
||||
default = { };
|
||||
|
||||
type = with types; attrsOf (submodule ({ name, ... }: {
|
||||
options = {
|
||||
enable = lib.mkEnableOption "Enable ts-reverse-proxy for ${name}";
|
||||
reversePort = mkOption {
|
||||
type = types.int;
|
||||
default = 5000;
|
||||
description = ''
|
||||
Port to forward connections to.
|
||||
'';
|
||||
};
|
||||
|
||||
reverseIP = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
IP to forward connections to.
|
||||
'';
|
||||
};
|
||||
|
||||
reverseName = mkOption {
|
||||
type = types.str;
|
||||
default = name;
|
||||
description = ''
|
||||
Name used in for the front facing http server (will be a tailscale name).
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
default = name;
|
||||
description = ''
|
||||
The user the service will use.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = with types; oneOf [ str int ];
|
||||
default = name;
|
||||
description = ''
|
||||
The group the service will use.
|
||||
'';
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/${name}";
|
||||
description = "Path ts-reverse-proxy home directory";
|
||||
};
|
||||
|
||||
envFile = mkOption {
|
||||
type = types.path;
|
||||
default = "/run/secrets/ts_proxy_env-${name}";
|
||||
description = ''
|
||||
Path to a file containing the ts-reverse-proxy token information
|
||||
'';
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (enabledServers != { }) {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
users.groups = mapAttrs'
|
||||
(name: _: nameValuePair name { })
|
||||
enabledServers;
|
||||
users.users = mapAttrs'
|
||||
(name: conf: nameValuePair name {
|
||||
description = "System user for ts-reverse-proxy instance ${name}";
|
||||
isSystemUser = true;
|
||||
group = name;
|
||||
home = "${conf.dataDir}";
|
||||
createHome = true;
|
||||
})
|
||||
enabledServers;
|
||||
|
||||
systemd.services = mapAttrs'
|
||||
(name: conf: nameValuePair name {
|
||||
description = "ts-reverse-proxy instance ${name}";
|
||||
enable = true;
|
||||
wants = [ "network-online.target" ];
|
||||
|
||||
environment = { HOME = "${conf.dataDir}"; };
|
||||
|
||||
serviceConfig = {
|
||||
User = conf.user;
|
||||
Group = conf.group;
|
||||
|
||||
ExecStart = "${cfg.package}/bin/ts-reverse-proxy -name ${conf.reverseName} -port ${
|
||||
toString conf.reversePort
|
||||
} -ip ${conf.reverseIP}";
|
||||
#EnvironmentFile = conf.envFile;
|
||||
};
|
||||
})
|
||||
enabledServers;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user