feat(bbuddy): hakurei access

2026-02-09 12:29:19 -08:00 · 2024-03-22 11:36:30 -07:00 · 2024-03-22 11:36:30 -07:00 · 34bca016b4
commit 34bca016b4
parent c51fdb847b
8 changed files with 97 additions and 29 deletions
--- a/nixos/access/barcodebuddy.nix
+++ b/nixos/access/barcodebuddy.nix
@ -0,0 +1,53 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (config.services) barcodebuddy nginx;
+  name.shortServer = mkDefault "bbuddy";
+  serverName = "bbuddy_internal";
+  extraConfig = ''
+    set $x_proxy_host ${serverName};
+  '';
+in {
+  config.services.nginx.virtualHosts = {
+    barcodebuddy'php = mkIf barcodebuddy.enable {
+      inherit serverName;
+      proxied.enable = mkDefault true;
+      local.denyGlobal = true;
+    };
+    barcodebuddy = {
+      inherit name extraConfig;
+      vouch = {
+        enable = true;
+        requireAuth = false;
+      };
+      locations = {
+        "/api/" = {
+          proxy.headers.enableRecommended = true;
+          proxyPass = mkDefault "${nginx.virtualHosts.barcodebuddy.locations."/".proxyPass}/api/";
+        };
+        "/" = {
+          proxy.headers.enableRecommended = true;
+          vouch.requireAuth = true;
+          proxyPass = mkIf barcodebuddy.enable (mkDefault
+            "http://localhost:${toString nginx.defaultHTTPListenPort}"
+          );
+        };
+      };
+    };
+    barcodebuddy'local = {
+      inherit name extraConfig;
+      ssl.cert.copyFromVhost = "barcodebuddy";
+      local.enable = mkDefault true;
+      locations."/" = {
+        proxy.headers.enableRecommended = true;
+        proxyPass = mkDefault nginx.virtualHosts.barcodebuddy.locations."/".proxyPass;
+        extraConfig = ''
+          proxy_redirect $x_scheme://${serverName}/ $x_scheme://$x_host/;
+        '';
+      };
+    };
+  };
+}
--- a/nixos/access/grocy.nix
+++ b/nixos/access/grocy.nix
@ -23,7 +23,7 @@ in {
      local.enable = mkDefault true;
      locations."/" = mkIf (!grocy.enable) {
        proxyPass = mkDefault (if grocy.enable
-          then "http://localhost:${nginx.defaultHTTPListenPort}"
+          then "http://localhost:${toString nginx.defaultHTTPListenPort}"
          else nginx.virtualHosts.grocy.locations."/".proxyPass
        );
        proxy.headers.enableRecommended = true;
--- a/nixos/barcodebuddy.nix
+++ b/nixos/barcodebuddy.nix
@ -5,17 +5,17 @@
 in {
  config.services.barcodebuddy = {
    enable = mkDefault true;
-    hostName = mkDefault "barcodebuddy";
+    hostName = mkDefault "barcodebuddy'php";
    reverseProxy.enable = mkDefault true;
    settings = {
      EXTERNAL_GROCY_URL = "https://grocy.${config.networking.domain}";
      DISABLE_AUTHENTICATION = true;
    };
-    nginxPhpConfig = mkMerge [
+    nginxConfig = mkMerge [
      ''
        include ${config.sops.secrets.barcodebuddy-fastcgi-params.path};
      ''
-      (mkIf nginx.virtualHosts.barcodebuddy.proxied.enabled (mkAfter ''
+      (mkIf cfg.reverseProxy.enable (mkAfter ''
        set $bbuddy_https "";
        if ($x_scheme = https) {
          set $bbuddy_https 1;
@ -26,22 +26,12 @@ in {
      ''))
    ];
  };
-  config.services.nginx.virtualHosts.barcodebuddy = mkIf cfg.enable {
-    proxied.xvars.enable = true;
-    vouch = {
-      enable = true;
-      requireAuth = false;
+  config.services.nginx.virtualHosts.barcodebuddy'php = mkIf cfg.enable {
+    proxied = {
+      enable = cfg.reverseProxy.enable;
+      xvars.enable = true;
    };
    name.shortServer = mkDefault "bbuddy";
-    locations = {
-      "= /api/index.php" = {
-        vouch.requireAuth = false;
-        extraConfig = cfg.nginxPhpConfig;
-      };
-      "~ \\.php$" = {
-        vouch.requireAuth = true;
-      };
-    };
  };
  config.users.users.barcodebuddy = mkIf cfg.enable {
    uid = 912;