clouvider-fra01: refactor HTTP config a bit

This commit is contained in:
Luke Granger-Brown 2020-05-31 23:53:39 +01:00
parent e656191b7b
commit 17f7cda651

View file

@ -3,11 +3,21 @@ let
inherit (depot.ops) secrets; inherit (depot.ops) secrets;
machineSecrets = secrets.machineSpecific.clouvider-fra01; machineSecrets = secrets.machineSpecific.clouvider-fra01;
proxyVirtualHosts = { vhostsConfig = {
int = rec {
proxy = _apply (value: { locations."/".proxyPass = value; }) {
"deluge.int.lukegb.com" = "http://localhost:8112"; "deluge.int.lukegb.com" = "http://localhost:8112";
"radarr.int.lukegb.com" = "http://localhost:7878"; "radarr.int.lukegb.com" = "http://localhost:7878";
"sonarr.int.lukegb.com" = "http://localhost:8989"; "sonarr.int.lukegb.com" = "http://localhost:8989";
}; };
serve = _apply (value: { root = value; }) {
"login.int.lukegb.com" = depot.web.login-int;
"int.lukegb.com" = depot.web.int;
};
_apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host (f value));
};
};
vhosts = vhostsConfig.int.proxy // vhostsConfig.int.serve;
oauth2Host = { oauth2Host = {
locations."/".extraConfig = lib.mkBefore '' locations."/".extraConfig = lib.mkBefore ''
error_page 401 = /oauth2/start?rd=https://$host$uri; error_page 401 = /oauth2/start?rd=https://$host$uri;
@ -15,16 +25,6 @@ let
useACMEHost = "int.lukegb.com"; useACMEHost = "int.lukegb.com";
forceSSL = true; forceSSL = true;
}; };
intVirtualHosts = (builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host {
locations."/".proxyPass = value;
}) proxyVirtualHosts) // {
"login.int.lukegb.com" = {
root = depot.web.login-int;
} // oauth2Host;
"int.lukegb.com" = {
root = depot.web.int;
} // oauth2Host;
};
in { in {
imports = [ imports = [
../lib/zfs.nix ../lib/zfs.nix
@ -186,7 +186,7 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = intVirtualHosts; virtualHosts = vhosts;
}; };
services.oauth2_proxy = { services.oauth2_proxy = {
enable = true; enable = true;
@ -199,7 +199,7 @@ in {
}; };
keyFile = machineSecrets.oauth2proxySecrets; keyFile = machineSecrets.oauth2proxySecrets;
redirectURL = "https://login.int.lukegb.com/oauth2/callback"; redirectURL = "https://login.int.lukegb.com/oauth2/callback";
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames intVirtualHosts); nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames vhosts);
extraConfig = { extraConfig = {
whitelist-domain = ".int.lukegb.com,int.lukegb.com"; whitelist-domain = ".int.lukegb.com,int.lukegb.com";
}; };