diff --git a/ops/nixos/clouvider-fra01/default.nix b/ops/nixos/clouvider-fra01/default.nix index fe9d03d264..f594bb1e39 100644 --- a/ops/nixos/clouvider-fra01/default.nix +++ b/ops/nixos/clouvider-fra01/default.nix @@ -3,11 +3,21 @@ let inherit (depot.ops) secrets; machineSecrets = secrets.machineSpecific.clouvider-fra01; - proxyVirtualHosts = { - "deluge.int.lukegb.com" = "http://localhost:8112"; - "radarr.int.lukegb.com" = "http://localhost:7878"; - "sonarr.int.lukegb.com" = "http://localhost:8989"; + vhostsConfig = { + int = rec { + proxy = _apply (value: { locations."/".proxyPass = value; }) { + "deluge.int.lukegb.com" = "http://localhost:8112"; + "radarr.int.lukegb.com" = "http://localhost:7878"; + "sonarr.int.lukegb.com" = "http://localhost:8989"; + }; + serve = _apply (value: { root = value; }) { + "login.int.lukegb.com" = depot.web.login-int; + "int.lukegb.com" = depot.web.int; + }; + _apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host (f value)); + }; }; + vhosts = vhostsConfig.int.proxy // vhostsConfig.int.serve; oauth2Host = { locations."/".extraConfig = lib.mkBefore '' error_page 401 = /oauth2/start?rd=https://$host$uri; @@ -15,16 +25,6 @@ let useACMEHost = "int.lukegb.com"; forceSSL = true; }; - intVirtualHosts = (builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host { - locations."/".proxyPass = value; - }) proxyVirtualHosts) // { - "login.int.lukegb.com" = { - root = depot.web.login-int; - } // oauth2Host; - "int.lukegb.com" = { - root = depot.web.int; - } // oauth2Host; - }; in { imports = [ ../lib/zfs.nix @@ -186,7 +186,7 @@ in { services.nginx = { enable = true; - virtualHosts = intVirtualHosts; + virtualHosts = vhosts; }; services.oauth2_proxy = { enable = true; @@ -199,7 +199,7 @@ in { }; keyFile = machineSecrets.oauth2proxySecrets; redirectURL = "https://login.int.lukegb.com/oauth2/callback"; - nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames intVirtualHosts); + nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames vhosts); extraConfig = { whitelist-domain = ".int.lukegb.com,int.lukegb.com"; };