clouvider-fra01: refactor HTTP config a bit
This commit is contained in:
parent
e656191b7b
commit
17f7cda651
1 changed files with 16 additions and 16 deletions
|
@ -3,11 +3,21 @@ let
|
|||
inherit (depot.ops) secrets;
|
||||
machineSecrets = secrets.machineSpecific.clouvider-fra01;
|
||||
|
||||
proxyVirtualHosts = {
|
||||
"deluge.int.lukegb.com" = "http://localhost:8112";
|
||||
"radarr.int.lukegb.com" = "http://localhost:7878";
|
||||
"sonarr.int.lukegb.com" = "http://localhost:8989";
|
||||
vhostsConfig = {
|
||||
int = rec {
|
||||
proxy = _apply (value: { locations."/".proxyPass = value; }) {
|
||||
"deluge.int.lukegb.com" = "http://localhost:8112";
|
||||
"radarr.int.lukegb.com" = "http://localhost:7878";
|
||||
"sonarr.int.lukegb.com" = "http://localhost:8989";
|
||||
};
|
||||
serve = _apply (value: { root = value; }) {
|
||||
"login.int.lukegb.com" = depot.web.login-int;
|
||||
"int.lukegb.com" = depot.web.int;
|
||||
};
|
||||
_apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host (f value));
|
||||
};
|
||||
};
|
||||
vhosts = vhostsConfig.int.proxy // vhostsConfig.int.serve;
|
||||
oauth2Host = {
|
||||
locations."/".extraConfig = lib.mkBefore ''
|
||||
error_page 401 = /oauth2/start?rd=https://$host$uri;
|
||||
|
@ -15,16 +25,6 @@ let
|
|||
useACMEHost = "int.lukegb.com";
|
||||
forceSSL = true;
|
||||
};
|
||||
intVirtualHosts = (builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host {
|
||||
locations."/".proxyPass = value;
|
||||
}) proxyVirtualHosts) // {
|
||||
"login.int.lukegb.com" = {
|
||||
root = depot.web.login-int;
|
||||
} // oauth2Host;
|
||||
"int.lukegb.com" = {
|
||||
root = depot.web.int;
|
||||
} // oauth2Host;
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
../lib/zfs.nix
|
||||
|
@ -186,7 +186,7 @@ in {
|
|||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = intVirtualHosts;
|
||||
virtualHosts = vhosts;
|
||||
};
|
||||
services.oauth2_proxy = {
|
||||
enable = true;
|
||||
|
@ -199,7 +199,7 @@ in {
|
|||
};
|
||||
keyFile = machineSecrets.oauth2proxySecrets;
|
||||
redirectURL = "https://login.int.lukegb.com/oauth2/callback";
|
||||
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames intVirtualHosts);
|
||||
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames vhosts);
|
||||
extraConfig = {
|
||||
whitelist-domain = ".int.lukegb.com,int.lukegb.com";
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue