diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix index 52d13ec9..42b11715 100644 --- a/modules/nixos/cloudflared.nix +++ b/modules/nixos/cloudflared.nix @@ -1,5 +1,10 @@ let - tunnelModule = {pkgs, config, lib, ...}: let + tunnelModule = { + pkgs, + config, + lib, + ... + }: let inherit (lib.options) mkOption mkEnableOption; settingsFormat = pkgs.formats.json {}; in { @@ -21,97 +26,102 @@ let }; }; }; -in { - pkgs, - config, - utils, - gensokyo-zone, - lib, - ... -}: let - inherit (lib.attrsets) mapAttrsToList mapAttrs' nameValuePair filterAttrsRecursive; - inherit (lib.lists) singleton; - inherit (lib.modules) mkIf mkMerge mkForce; - inherit (lib.options) mkOption; - cfg = config.services.cloudflared; -in { - options.services.cloudflared = with lib.types; { - metricsPort = mkOption { - type = nullOr port; - default = null; - }; - metricsBind = mkOption { - type = str; - default = "127.0.0.1"; - }; - extraArgs = mkOption { - type = listOf str; - default = []; - }; - tunnels = mkOption { - type = attrsOf (submoduleWith { - modules = [tunnelModule]; - shorthandOnlyDefinesConfig = true; - specialArgs = { - inherit pkgs utils gensokyo-zone; - }; - }); - }; - }; - config.services.cloudflared = { - extraArgs = mkIf (cfg.metricsPort != null) [ - "--metrics" "${cfg.metricsBind}:${toString cfg.metricsPort}" - ]; - }; - config.systemd.services = let - filterConfig = filterAttrsRecursive (_: v: ! builtins.elem v [null [] {}]); - mapIngress = hostname: ingress: - { - inherit hostname; - } - // filterConfig (filterConfig ingress); - in - mkIf cfg.enable (mapAttrs' (uuid: tunnel: let - RuntimeDirectory = "cloudflared-tunnel-${uuid}"; - settings = { - tunnel = uuid; - credentials-file = tunnel.credentialsFile; - warp-routing = filterConfig tunnel.warp-routing; - originRequest = filterConfig tunnel.originRequest; - ingress = - mapAttrsToList mapIngress tunnel.ingress - ++ mapAttrsToList mapIngress tunnel.extraTunnel.ingress - ++ singleton {service = tunnel.default;}; +in + { + pkgs, + config, + utils, + gensokyo-zone, + lib, + ... + }: let + inherit (lib.attrsets) mapAttrsToList mapAttrs' nameValuePair filterAttrsRecursive; + inherit (lib.lists) singleton; + inherit (lib.modules) mkIf mkMerge mkForce; + inherit (lib.options) mkOption; + cfg = config.services.cloudflared; + in { + options.services.cloudflared = with lib.types; { + metricsPort = mkOption { + type = nullOr port; + default = null; }; - configPath = - if tunnel.extraTunnel.enable - then "/run/${RuntimeDirectory}/config.yml" - else pkgs.writeText "cloudflared.yml" (builtins.toJSON settings); - args = [ - "--config=${configPath}" - "--no-autoupdate" - ] ++ cfg.extraArgs ++ tunnel.extraArgs; - in - nameValuePair "cloudflared-tunnel-${uuid}" (mkMerge [ + metricsBind = mkOption { + type = str; + default = "127.0.0.1"; + }; + extraArgs = mkOption { + type = listOf str; + default = []; + }; + tunnels = mkOption { + type = attrsOf (submoduleWith { + modules = [tunnelModule]; + shorthandOnlyDefinesConfig = true; + specialArgs = { + inherit pkgs utils gensokyo-zone; + }; + }); + }; + }; + config.services.cloudflared = { + extraArgs = mkIf (cfg.metricsPort != null) [ + "--metrics" + "${cfg.metricsBind}:${toString cfg.metricsPort}" + ]; + }; + config.systemd.services = let + filterConfig = filterAttrsRecursive (_: v: ! builtins.elem v [null [] {}]); + mapIngress = hostname: ingress: { - after = mkIf config.services.tailscale.enable ["tailscale-autoconnect.service"]; - serviceConfig = { - RestartSec = 10; - ExecStart = mkForce [ - "${cfg.package}/bin/cloudflared tunnel ${utils.escapeSystemdExecArgs args} run" - ]; - }; + inherit hostname; } - (mkIf tunnel.extraTunnel.enable { - serviceConfig = { - inherit RuntimeDirectory; - ExecStartPre = [ - (pkgs.writeShellScript "cloudflared-tunnel-${uuid}-prepare" '' - ${utils.genJqSecretsReplacementSnippet settings configPath} - '') - ]; - }; - }) - ])) - cfg.tunnels); -} + // filterConfig (filterConfig ingress); + in + mkIf cfg.enable (mapAttrs' (uuid: tunnel: let + RuntimeDirectory = "cloudflared-tunnel-${uuid}"; + settings = { + tunnel = uuid; + credentials-file = tunnel.credentialsFile; + warp-routing = filterConfig tunnel.warp-routing; + originRequest = filterConfig tunnel.originRequest; + ingress = + mapAttrsToList mapIngress tunnel.ingress + ++ mapAttrsToList mapIngress tunnel.extraTunnel.ingress + ++ singleton {service = tunnel.default;}; + }; + configPath = + if tunnel.extraTunnel.enable + then "/run/${RuntimeDirectory}/config.yml" + else pkgs.writeText "cloudflared.yml" (builtins.toJSON settings); + args = + [ + "--config=${configPath}" + "--no-autoupdate" + ] + ++ cfg.extraArgs + ++ tunnel.extraArgs; + in + nameValuePair "cloudflared-tunnel-${uuid}" (mkMerge [ + { + after = mkIf config.services.tailscale.enable ["tailscale-autoconnect.service"]; + serviceConfig = { + RestartSec = 10; + ExecStart = mkForce [ + "${cfg.package}/bin/cloudflared tunnel ${utils.escapeSystemdExecArgs args} run" + ]; + }; + } + (mkIf tunnel.extraTunnel.enable { + serviceConfig = { + inherit RuntimeDirectory; + ExecStartPre = [ + (pkgs.writeShellScript "cloudflared-tunnel-${uuid}-prepare" '' + ${utils.genJqSecretsReplacementSnippet settings configPath} + '') + ]; + }; + }) + ])) + cfg.tunnels); + } diff --git a/modules/nixos/nginx/proxied.nix b/modules/nixos/nginx/proxied.nix index 1ee52f4f..f0949828 100644 --- a/modules/nixos/nginx/proxied.nix +++ b/modules/nixos/nginx/proxied.nix @@ -1,7 +1,8 @@ let xInit = true; xCloudflared = {virtualHost}: let - host = if virtualHost.proxied.cloudflared.host == virtualHost.serverName + host = + if virtualHost.proxied.cloudflared.host == virtualHost.serverName then "$server_name" else "'${virtualHost.proxied.cloudflared.host}'"; in '' @@ -42,11 +43,13 @@ let host = "$proxied_host_cf"; }; }; - in { - forwarded_for = "$proxy_add_x_forwarded_for"; - scheme = "$proxied_scheme"; - https = "$proxied_https"; - } // defaults.${cfg.enable}; + in + { + forwarded_for = "$proxy_add_x_forwarded_for"; + scheme = "$proxied_scheme"; + https = "$proxied_https"; + } + // defaults.${cfg.enable}; locationModule = { config, virtualHost, diff --git a/modules/nixos/nginx/xvars.nix b/modules/nixos/nginx/xvars.nix index 2a01caac..f9e1039d 100644 --- a/modules/nixos/nginx/xvars.nix +++ b/modules/nixos/nginx/xvars.nix @@ -14,8 +14,9 @@ let cfg = config.xvars; defaultValues = filterAttrs (name: value: value != null && value != virtualHost.xvars.defaults.${name} or null) cfg.defaults; defaults = concatStringsSep "\n" (mapAttrsToList ( - name: value: "set $x_${name} ${virtualHost.xvars.lib.escapeString value};" - ) defaultValues); + name: value: "set $x_${name} ${virtualHost.xvars.lib.escapeString value};" + ) + defaultValues); in { options.xvars = with lib.types; { enable = mkEnableOption "$x_variables"; @@ -101,8 +102,9 @@ let config = let defaultValues = filterAttrs (_: value: value != null) cfg.defaults; defaults = concatStringsSep "\n" (mapAttrsToList ( - name: value: "set $x_${name} ${escapeString value};" - ) defaultValues); + name: value: "set $x_${name} ${escapeString value};" + ) + defaultValues); parseReferer = '' set $hack_referer $http_referer; if ($hack_referer ~ "^(https?)://([^/]+)(/.*)$") { diff --git a/modules/system/exports/cloudflared.nix b/modules/system/exports/cloudflared.nix index 9ecfded9..718a9062 100644 --- a/modules/system/exports/cloudflared.nix +++ b/modules/system/exports/cloudflared.nix @@ -6,7 +6,11 @@ inherit (gensokyo-zone.lib) mkAlmostOptionDefault; inherit (lib.modules) mkIf; in { - config.exports.services.cloudflared = {config, systemConfig, ...}: let + config.exports.services.cloudflared = { + config, + systemConfig, + ... + }: let assertMetrics = nixosConfig: let cfg = nixosConfig.services.cloudflared; metricsPort = diff --git a/outputs.nix b/outputs.nix index 2070a500..19918822 100644 --- a/outputs.nix +++ b/outputs.nix @@ -39,7 +39,10 @@ src = inputs.nixpkgs; inherit patches; }; - in if patches != [] then patchedNixpkgs else pkgs; + in + if patches != [] + then patchedNixpkgs + else pkgs; deploy-rs = let deployLib = inputs.deploy-rs.lib.${system}