mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
refactor(nginx): proxied xvars defaults
This commit is contained in:
arcnmx
parent
b5c1b9de84
commit
1d19f0821d
3 changed files with 70 additions and 30 deletions
|
|
@ -1,4 +1,5 @@
|
|||
let
|
||||
xInit = true;
|
||||
xCloudflared = {virtualHost}: let
|
||||
host = if virtualHost.proxied.cloudflared.host == virtualHost.serverName
|
||||
then "$server_name"
|
||||
|
|
@ -29,6 +30,23 @@ let
|
|||
${xvars.init "forwarded_server" "$http_x_forwarded_server"}
|
||||
}
|
||||
'';
|
||||
xDefaults = {cfg}: let
|
||||
defaults = {
|
||||
${toString true} = {
|
||||
remote_addr = "$proxied_remote_addr_x";
|
||||
host = "$proxied_host_x";
|
||||
forwarded_server = "$proxied_forwarded_server_x";
|
||||
};
|
||||
"cloudflared" = {
|
||||
remote_addr = "$proxied_remote_addr_cf";
|
||||
host = "$proxied_host_cf";
|
||||
};
|
||||
};
|
||||
in {
|
||||
forwarded_for = "$proxy_add_x_forwarded_for";
|
||||
scheme = "$proxied_scheme";
|
||||
https = "$proxied_https";
|
||||
} // defaults.${cfg.enable};
|
||||
locationModule = {
|
||||
config,
|
||||
virtualHost,
|
||||
|
|
@ -37,7 +55,7 @@ let
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (gensokyo-zone.lib) mkJustBefore mkAlmostOptionDefault;
|
||||
inherit (gensokyo-zone.lib) mkJustBefore mkAlmostOptionDefault mapAlmostOptionDefaults;
|
||||
inherit (lib.options) mkOption;
|
||||
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
|
||||
cfg = config.proxied;
|
||||
|
|
@ -75,12 +93,15 @@ let
|
|||
X-Accel-Buffering = mkOptionDefault true;
|
||||
};
|
||||
};
|
||||
xvars.enable = mkIf cfg.enabled true;
|
||||
xvars = mkIf cfg.enabled {
|
||||
enable = mkIf xInit true;
|
||||
defaults = mkIf (!xInit && cfg.enable != virtualHost.proxied.enable) (mapAlmostOptionDefaults (xDefaults {inherit cfg;}));
|
||||
};
|
||||
extraConfig = mkMerge [
|
||||
(mkIf (cfg.enable == "cloudflared" && virtualHost.proxied.enable != "cloudflared") (
|
||||
mkJustBefore (xCloudflared {inherit virtualHost;})
|
||||
))
|
||||
(mkIf emitVars (
|
||||
(mkIf (xInit && emitVars) (
|
||||
mkJustBefore (xHeadersProxied {inherit xvars;})
|
||||
))
|
||||
];
|
||||
|
|
@ -94,7 +115,7 @@ let
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (gensokyo-zone.lib) mkAlmostOptionDefault orderJustBefore unmerged;
|
||||
inherit (gensokyo-zone.lib) mkAlmostOptionDefault mapAlmostOptionDefaults orderJustBefore unmerged;
|
||||
inherit (lib.options) mkOption;
|
||||
inherit (lib.modules) mkIf mkMerge mkOrder mkDefault;
|
||||
inherit (nixosConfig.services) nginx;
|
||||
|
|
@ -115,6 +136,10 @@ let
|
|||
type = str;
|
||||
default = config.serverName;
|
||||
};
|
||||
originHost = mkOption {
|
||||
type = str;
|
||||
default = config.serverName;
|
||||
};
|
||||
ingressSettings = mkOption {
|
||||
type = unmerged.types.attrs;
|
||||
};
|
||||
|
|
@ -143,7 +168,7 @@ let
|
|||
else "http";
|
||||
in
|
||||
mkIf (cfg.enable == "cloudflared") {
|
||||
ingressSettings.${config.serverName} = {
|
||||
ingressSettings.${cfg.cloudflared.host} = {
|
||||
service = "${scheme}://localhost:${toString listen.port}";
|
||||
originRequest = let
|
||||
noTLSVerify =
|
||||
|
|
@ -151,18 +176,21 @@ let
|
|||
then "noTLSVerify"
|
||||
else null;
|
||||
httpHostHeader =
|
||||
if cfg.cloudflared.host != config.serverName
|
||||
if cfg.cloudflared.host != cfg.cloudflared.originHost
|
||||
then "httpHostHeader"
|
||||
else null;
|
||||
in {
|
||||
${noTLSVerify} = true;
|
||||
${httpHostHeader} = cfg.cloudflared.host;
|
||||
${httpHostHeader} = cfg.cloudflared.originHost;
|
||||
};
|
||||
};
|
||||
getIngress = {}: unmerged.mergeAttrs cfg.cloudflared.ingressSettings;
|
||||
};
|
||||
};
|
||||
xvars.enable = mkIf cfg.enabled true;
|
||||
xvars = mkIf cfg.enabled {
|
||||
enable = mkIf xInit true;
|
||||
defaults = mkIf (!xInit) (mapAlmostOptionDefaults (xDefaults {inherit cfg;}));
|
||||
};
|
||||
local.denyGlobal = mkIf listenProxied (mkDefault true);
|
||||
listen' = mkIf listenProxied {
|
||||
proxied = {
|
||||
|
|
@ -181,7 +209,7 @@ let
|
|||
(mkIf (cfg.enable == "cloudflared") (
|
||||
mkOrder orderJustBefore (xCloudflared {virtualHost = config;})
|
||||
))
|
||||
(mkIf (cfg.enabled && config.xvars.enable) (
|
||||
(mkIf (xInit && cfg.enabled && config.xvars.enable) (
|
||||
mkOrder (orderJustBefore + 25) (xHeadersProxied {inherit xvars;})
|
||||
))
|
||||
];
|
||||
|
|
|
|||
|
|
@ -374,12 +374,12 @@ let
|
|||
in {
|
||||
xvars = {
|
||||
parseReferer = mkIf (anyLocations needsReferer) true;
|
||||
defaults = mkIf (anyLocations (loc: loc.proxy.enabled)) (mkOptionDefault (mapOptionDefaults rec {
|
||||
defaults = mkIf (anyLocations (loc: loc.proxy.enabled)) (mapOptionDefaults rec {
|
||||
proxy_scheme = null;
|
||||
proxy_host = "$proxy_host";
|
||||
proxy_port = "$proxy_port";
|
||||
proxy_hostport = "${proxy_host}:${proxy_port}";
|
||||
}));
|
||||
});
|
||||
};
|
||||
proxy = mkIf (cfg.copyFromVhost != null) confCopy;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2,12 +2,20 @@ let
|
|||
locationModule = {
|
||||
config,
|
||||
virtualHost,
|
||||
gensokyo-zone,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (gensokyo-zone.lib) mkJustBefore;
|
||||
inherit (lib.options) mkEnableOption mkOption;
|
||||
inherit (lib.attrsets) mapAttrs;
|
||||
inherit (lib.modules) mkIf;
|
||||
inherit (lib.attrsets) mapAttrs mapAttrsToList filterAttrs;
|
||||
inherit (lib.strings) concatStringsSep;
|
||||
cfg = config.xvars;
|
||||
defaultValues = filterAttrs (name: value: value != null && value != virtualHost.xvars.defaults.${name} or null) cfg.defaults;
|
||||
defaults = concatStringsSep "\n" (mapAttrsToList (
|
||||
name: value: "set $x_${name} ${virtualHost.xvars.lib.escapeString value};"
|
||||
) defaultValues);
|
||||
in {
|
||||
options.xvars = with lib.types; {
|
||||
enable = mkEnableOption "$x_variables";
|
||||
|
|
@ -34,6 +42,7 @@ let
|
|||
get = xvars.get // get;
|
||||
};
|
||||
};
|
||||
extraConfig = mkIf (cfg.enable && defaultValues != {}) (mkJustBefore defaults);
|
||||
_module.args.xvars = config.xvars.lib;
|
||||
};
|
||||
};
|
||||
|
|
@ -45,9 +54,9 @@ let
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (gensokyo-zone.lib) mkJustBefore;
|
||||
inherit (gensokyo-zone.lib) mkJustBefore mapOptionDefaults;
|
||||
inherit (lib.options) mkOption mkEnableOption;
|
||||
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
|
||||
inherit (lib.modules) mkIf mkMerge;
|
||||
inherit (lib.attrsets) attrValues filterAttrs mapAttrs mapAttrsToList;
|
||||
inherit (lib.lists) any;
|
||||
inherit (lib.strings) concatStringsSep hasPrefix hasInfix;
|
||||
|
|
@ -73,15 +82,6 @@ let
|
|||
parseReferer = mkEnableOption "$x_referer_{scheme,host,path}";
|
||||
defaults = mkOption {
|
||||
type = attrsOf (nullOr str);
|
||||
default = rec {
|
||||
scheme = "$scheme";
|
||||
forwarded_for = remote_addr;
|
||||
remote_addr = "$remote_addr";
|
||||
forwarded_server = host;
|
||||
host = "$host";
|
||||
referer = "$http_referer";
|
||||
https = "$https";
|
||||
};
|
||||
};
|
||||
lib = mkOption {
|
||||
type = attrs;
|
||||
|
|
@ -99,9 +99,10 @@ let
|
|||
};
|
||||
};
|
||||
config = let
|
||||
defaultValues = filterAttrs (_: value: value != null) cfg.defaults;
|
||||
defaults = concatStringsSep "\n" (mapAttrsToList (
|
||||
name: value: "set $x_${name} ${escapeString value};"
|
||||
) (filterAttrs (_: value: value != null) cfg.defaults));
|
||||
) defaultValues);
|
||||
parseReferer = ''
|
||||
set $hack_referer $http_referer;
|
||||
if ($hack_referer ~ "^(https?)://([^/]+)(/.*)$") {
|
||||
|
|
@ -116,11 +117,22 @@ let
|
|||
(mkIf (anyLocations (loc: loc.xvars.enable)) true)
|
||||
(mkIf cfg.parseReferer true)
|
||||
];
|
||||
defaults = mkIf cfg.parseReferer (mkOptionDefault {
|
||||
referer_scheme = null;
|
||||
referer_host = null;
|
||||
referer_path = null;
|
||||
});
|
||||
defaults = mkMerge [
|
||||
(mapOptionDefaults rec {
|
||||
scheme = "$scheme";
|
||||
forwarded_for = remote_addr;
|
||||
remote_addr = "$remote_addr";
|
||||
forwarded_server = host;
|
||||
host = "$host";
|
||||
referer = "$http_referer";
|
||||
https = "$https";
|
||||
})
|
||||
(mkIf cfg.parseReferer (mapOptionDefaults {
|
||||
referer_scheme = null;
|
||||
referer_host = null;
|
||||
referer_path = null;
|
||||
}))
|
||||
];
|
||||
lib = {
|
||||
get = mapAttrs (name: default:
|
||||
if cfg.enable
|
||||
|
|
@ -132,7 +144,7 @@ let
|
|||
};
|
||||
};
|
||||
extraConfig = mkMerge [
|
||||
(mkIf cfg.enable (mkJustBefore defaults))
|
||||
(mkIf (cfg.enable && defaultValues != {}) (mkJustBefore defaults))
|
||||
(mkIf (cfg.enable && cfg.parseReferer) (mkJustBefore parseReferer))
|
||||
];
|
||||
_module.args.xvars = config.xvars.lib;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue