refactor(access): pbx

2026-02-09 04:19:19 -08:00 · 2024-06-13 14:51:58 -07:00 · 2024-06-13 14:51:58 -07:00 · 691ffc1797
commit 691ffc1797
parent dc9ee1d789
1 changed files with 73 additions and 55 deletions
--- a/nixos/access/freepbx.nix
+++ b/nixos/access/freepbx.nix
@ -1,74 +1,96 @@
 {
  config,
  access,
  gensokyo-zone,
  lib,
  ...
 }: let
-  inherit (lib.modules) mkIf mkMerge mkDefault;
+  inherit (gensokyo-zone.lib) mapDefaults;
  inherit (lib.modules) mkIf mkDefault;
  inherit (lib.lists) optional;
  inherit (config.services) nginx;
  system = access.systemForService "freepbx";
  inherit (system.exports.services) freepbx;
  upstreamName = "freepbx";
  upstreamName'ucp = "freepbx'ucp";
 in {
  config.services.nginx = {
    upstreams' = {
      ${upstreamName} = {
        servers.access = {
          accessService = mapDefaults {
            inherit (freepbx) name id;
            system = system.name;
            port = "https";
          };
        };
      };
      ${upstreamName'ucp} = {
        servers.access = {
          accessService = mapDefaults {
            inherit (freepbx) name id;
            system = system.name;
            port = "ucp-ssl";
            getAddressFor = "getAddress4For";
          };
        };
      };
    };
    virtualHosts = let
-      proxyScheme = "https";
+      ucpPath = "/socket.io/";
      url = access.proxyUrlFor {
        serviceName = "freepbx";
        portName = proxyScheme;
      };
      ucpUrl = access.proxyUrlFor {
        serviceName = "freepbx";
        portName = "ucp-ssl";
        getAddressFor = "getAddress4For";
      };
      ucpPath = "/socket.io";
      # TODO: ports.asterisk/asterisk-ssl?
-      extraConfig = ''
+      hostCommon = {xvars, ...}: {
-        proxy_buffer_size 128k;
+        extraConfig = ''
-        proxy_buffers 4 256k;
+          proxy_buffer_size 128k;
-        proxy_busy_buffers_size 256k;
+          proxy_buffers 4 256k;
-      '';
+          proxy_busy_buffers_size 256k;
-      locations = {
+          proxy_cookie_flags ~ nosamesite;
-        "/" = {xvars, ...}: {
+          proxy_cookie_domain ~ ${xvars.get.host};
-          xvars.enable = true;
+        '';
-          proxy = {
+        locations = {
-            enable = true;
+          ${ucpPath} = {
-            redirect = {
+            xvars,
            virtualHost,
            ...
          }: {
            proxy = {
              enable = true;
-              fromScheme = xvars.get.proxy_scheme;
+              websocket.enable = true;
              headers.hide.Access-Control-Allow-Origin = true;
            };
            headers.set.Access-Control-Allow-Origin = "${xvars.get.scheme}://${virtualHost.serverName}";
          };
        };
      };
      hostWeb = {...}: {
        imports = [hostCommon];
        locations = {
          "/" = {xvars, ...}: {
            xvars.enable = true;
            proxy = {
              enable = true;
              redirect = {
                enable = true;
                fromScheme = xvars.get.proxy_scheme;
              };
            };
          };
-        };
+          ${ucpPath}.proxy = {
-        ${ucpPath} = {
+            upstream = mkDefault nginx.virtualHosts.freepbx'ucp.proxy.upstream;
          xvars,
          virtualHost,
          ...
        }: {
          proxy = {
            enable = true;
            websocket.enable = true;
            headers.hide.Access-Control-Allow-Origin = true;
          };
          headers.set.Access-Control-Allow-Origin = "${xvars.get.scheme}://${virtualHost.serverName}";
        };
      };
      allLocations = mkMerge [
        locations
        {
          ${ucpPath}.proxy.url = mkDefault nginx.virtualHosts.freepbx'ucp.proxy.url;
        }
      ];
      name.shortServer = mkDefault "pbx";
    in {
-      freepbx = {
+      freepbx = {...}: {
        imports = [hostWeb];
        vouch.enable = mkDefault true;
        ssl.force = true;
-        proxy.url = mkDefault url;
+        proxy.upstream = upstreamName;
-        locations = allLocations;
+        inherit name;
        inherit name extraConfig;
      };
-      freepbx'ucp = {
+      freepbx'ucp = {...}: {
        imports = [hostCommon];
        serverName = mkDefault nginx.virtualHosts.freepbx.serverName;
        ssl.cert.copyFromVhost = "freepbx";
        listen' = {
@ -83,17 +105,14 @@ in {
          };
        };
        proxy = {
-          url = mkDefault ucpUrl;
+          upstream = mkDefault upstreamName'ucp;
          websocket.enable = true;
        };
        vouch.enable = mkDefault true;
        local.denyGlobal = mkDefault nginx.virtualHosts.freepbx.local.denyGlobal;
        locations = {
          inherit (locations) "/socket.io";
        };
        inherit extraConfig;
      };
-      freepbx'local = {
+      freepbx'local = {...}: {
        imports = [hostWeb];
        listen' = {
          http = {};
          https.ssl = true;
@ -106,10 +125,9 @@ in {
          };
        };
        ssl.cert.copyFromVhost = "freepbx";
-        proxy.url = mkDefault nginx.virtualHosts.freepbx.proxy.url;
+        proxy.copyFromVhost = "freepbx";
        local.enable = true;
-        locations = allLocations;
+        inherit name;
        inherit name extraConfig;
      };
    };
  };