clouvider-fra01: refactor HTTP config a bit
This commit is contained in:
parent
e656191b7b
commit
17f7cda651
1 changed files with 16 additions and 16 deletions
|
@ -3,11 +3,21 @@ let
|
||||||
inherit (depot.ops) secrets;
|
inherit (depot.ops) secrets;
|
||||||
machineSecrets = secrets.machineSpecific.clouvider-fra01;
|
machineSecrets = secrets.machineSpecific.clouvider-fra01;
|
||||||
|
|
||||||
proxyVirtualHosts = {
|
vhostsConfig = {
|
||||||
|
int = rec {
|
||||||
|
proxy = _apply (value: { locations."/".proxyPass = value; }) {
|
||||||
"deluge.int.lukegb.com" = "http://localhost:8112";
|
"deluge.int.lukegb.com" = "http://localhost:8112";
|
||||||
"radarr.int.lukegb.com" = "http://localhost:7878";
|
"radarr.int.lukegb.com" = "http://localhost:7878";
|
||||||
"sonarr.int.lukegb.com" = "http://localhost:8989";
|
"sonarr.int.lukegb.com" = "http://localhost:8989";
|
||||||
};
|
};
|
||||||
|
serve = _apply (value: { root = value; }) {
|
||||||
|
"login.int.lukegb.com" = depot.web.login-int;
|
||||||
|
"int.lukegb.com" = depot.web.int;
|
||||||
|
};
|
||||||
|
_apply = f: builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host (f value));
|
||||||
|
};
|
||||||
|
};
|
||||||
|
vhosts = vhostsConfig.int.proxy // vhostsConfig.int.serve;
|
||||||
oauth2Host = {
|
oauth2Host = {
|
||||||
locations."/".extraConfig = lib.mkBefore ''
|
locations."/".extraConfig = lib.mkBefore ''
|
||||||
error_page 401 = /oauth2/start?rd=https://$host$uri;
|
error_page 401 = /oauth2/start?rd=https://$host$uri;
|
||||||
|
@ -15,16 +25,6 @@ let
|
||||||
useACMEHost = "int.lukegb.com";
|
useACMEHost = "int.lukegb.com";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
};
|
};
|
||||||
intVirtualHosts = (builtins.mapAttrs (name: value: lib.recursiveUpdate oauth2Host {
|
|
||||||
locations."/".proxyPass = value;
|
|
||||||
}) proxyVirtualHosts) // {
|
|
||||||
"login.int.lukegb.com" = {
|
|
||||||
root = depot.web.login-int;
|
|
||||||
} // oauth2Host;
|
|
||||||
"int.lukegb.com" = {
|
|
||||||
root = depot.web.int;
|
|
||||||
} // oauth2Host;
|
|
||||||
};
|
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
../lib/zfs.nix
|
../lib/zfs.nix
|
||||||
|
@ -186,7 +186,7 @@ in {
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = intVirtualHosts;
|
virtualHosts = vhosts;
|
||||||
};
|
};
|
||||||
services.oauth2_proxy = {
|
services.oauth2_proxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -199,7 +199,7 @@ in {
|
||||||
};
|
};
|
||||||
keyFile = machineSecrets.oauth2proxySecrets;
|
keyFile = machineSecrets.oauth2proxySecrets;
|
||||||
redirectURL = "https://login.int.lukegb.com/oauth2/callback";
|
redirectURL = "https://login.int.lukegb.com/oauth2/callback";
|
||||||
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames intVirtualHosts);
|
nginx.virtualHosts = builtins.filter (lib.hasSuffix ".int.lukegb.com") (builtins.attrNames vhosts);
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
whitelist-domain = ".int.lukegb.com,int.lukegb.com";
|
whitelist-domain = ".int.lukegb.com,int.lukegb.com";
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue