mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
chore: nf-fmt-nix
This commit is contained in:
arcnmx
parent
5f163df9ec
commit
7e82a12236
5 changed files with 126 additions and 104 deletions
|
|
@ -1,5 +1,10 @@
|
||||||
let
|
let
|
||||||
tunnelModule = {pkgs, config, lib, ...}: let
|
tunnelModule = {
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
inherit (lib.options) mkOption mkEnableOption;
|
inherit (lib.options) mkOption mkEnableOption;
|
||||||
settingsFormat = pkgs.formats.json {};
|
settingsFormat = pkgs.formats.json {};
|
||||||
in {
|
in {
|
||||||
|
|
@ -21,97 +26,102 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in
|
||||||
pkgs,
|
{
|
||||||
config,
|
pkgs,
|
||||||
utils,
|
config,
|
||||||
gensokyo-zone,
|
utils,
|
||||||
lib,
|
gensokyo-zone,
|
||||||
...
|
lib,
|
||||||
}: let
|
...
|
||||||
inherit (lib.attrsets) mapAttrsToList mapAttrs' nameValuePair filterAttrsRecursive;
|
}: let
|
||||||
inherit (lib.lists) singleton;
|
inherit (lib.attrsets) mapAttrsToList mapAttrs' nameValuePair filterAttrsRecursive;
|
||||||
inherit (lib.modules) mkIf mkMerge mkForce;
|
inherit (lib.lists) singleton;
|
||||||
inherit (lib.options) mkOption;
|
inherit (lib.modules) mkIf mkMerge mkForce;
|
||||||
cfg = config.services.cloudflared;
|
inherit (lib.options) mkOption;
|
||||||
in {
|
cfg = config.services.cloudflared;
|
||||||
options.services.cloudflared = with lib.types; {
|
in {
|
||||||
metricsPort = mkOption {
|
options.services.cloudflared = with lib.types; {
|
||||||
type = nullOr port;
|
metricsPort = mkOption {
|
||||||
default = null;
|
type = nullOr port;
|
||||||
};
|
default = null;
|
||||||
metricsBind = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = "127.0.0.1";
|
|
||||||
};
|
|
||||||
extraArgs = mkOption {
|
|
||||||
type = listOf str;
|
|
||||||
default = [];
|
|
||||||
};
|
|
||||||
tunnels = mkOption {
|
|
||||||
type = attrsOf (submoduleWith {
|
|
||||||
modules = [tunnelModule];
|
|
||||||
shorthandOnlyDefinesConfig = true;
|
|
||||||
specialArgs = {
|
|
||||||
inherit pkgs utils gensokyo-zone;
|
|
||||||
};
|
|
||||||
});
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config.services.cloudflared = {
|
|
||||||
extraArgs = mkIf (cfg.metricsPort != null) [
|
|
||||||
"--metrics" "${cfg.metricsBind}:${toString cfg.metricsPort}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
config.systemd.services = let
|
|
||||||
filterConfig = filterAttrsRecursive (_: v: ! builtins.elem v [null [] {}]);
|
|
||||||
mapIngress = hostname: ingress:
|
|
||||||
{
|
|
||||||
inherit hostname;
|
|
||||||
}
|
|
||||||
// filterConfig (filterConfig ingress);
|
|
||||||
in
|
|
||||||
mkIf cfg.enable (mapAttrs' (uuid: tunnel: let
|
|
||||||
RuntimeDirectory = "cloudflared-tunnel-${uuid}";
|
|
||||||
settings = {
|
|
||||||
tunnel = uuid;
|
|
||||||
credentials-file = tunnel.credentialsFile;
|
|
||||||
warp-routing = filterConfig tunnel.warp-routing;
|
|
||||||
originRequest = filterConfig tunnel.originRequest;
|
|
||||||
ingress =
|
|
||||||
mapAttrsToList mapIngress tunnel.ingress
|
|
||||||
++ mapAttrsToList mapIngress tunnel.extraTunnel.ingress
|
|
||||||
++ singleton {service = tunnel.default;};
|
|
||||||
};
|
};
|
||||||
configPath =
|
metricsBind = mkOption {
|
||||||
if tunnel.extraTunnel.enable
|
type = str;
|
||||||
then "/run/${RuntimeDirectory}/config.yml"
|
default = "127.0.0.1";
|
||||||
else pkgs.writeText "cloudflared.yml" (builtins.toJSON settings);
|
};
|
||||||
args = [
|
extraArgs = mkOption {
|
||||||
"--config=${configPath}"
|
type = listOf str;
|
||||||
"--no-autoupdate"
|
default = [];
|
||||||
] ++ cfg.extraArgs ++ tunnel.extraArgs;
|
};
|
||||||
in
|
tunnels = mkOption {
|
||||||
nameValuePair "cloudflared-tunnel-${uuid}" (mkMerge [
|
type = attrsOf (submoduleWith {
|
||||||
|
modules = [tunnelModule];
|
||||||
|
shorthandOnlyDefinesConfig = true;
|
||||||
|
specialArgs = {
|
||||||
|
inherit pkgs utils gensokyo-zone;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config.services.cloudflared = {
|
||||||
|
extraArgs = mkIf (cfg.metricsPort != null) [
|
||||||
|
"--metrics"
|
||||||
|
"${cfg.metricsBind}:${toString cfg.metricsPort}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
config.systemd.services = let
|
||||||
|
filterConfig = filterAttrsRecursive (_: v: ! builtins.elem v [null [] {}]);
|
||||||
|
mapIngress = hostname: ingress:
|
||||||
{
|
{
|
||||||
after = mkIf config.services.tailscale.enable ["tailscale-autoconnect.service"];
|
inherit hostname;
|
||||||
serviceConfig = {
|
|
||||||
RestartSec = 10;
|
|
||||||
ExecStart = mkForce [
|
|
||||||
"${cfg.package}/bin/cloudflared tunnel ${utils.escapeSystemdExecArgs args} run"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
(mkIf tunnel.extraTunnel.enable {
|
// filterConfig (filterConfig ingress);
|
||||||
serviceConfig = {
|
in
|
||||||
inherit RuntimeDirectory;
|
mkIf cfg.enable (mapAttrs' (uuid: tunnel: let
|
||||||
ExecStartPre = [
|
RuntimeDirectory = "cloudflared-tunnel-${uuid}";
|
||||||
(pkgs.writeShellScript "cloudflared-tunnel-${uuid}-prepare" ''
|
settings = {
|
||||||
${utils.genJqSecretsReplacementSnippet settings configPath}
|
tunnel = uuid;
|
||||||
'')
|
credentials-file = tunnel.credentialsFile;
|
||||||
];
|
warp-routing = filterConfig tunnel.warp-routing;
|
||||||
};
|
originRequest = filterConfig tunnel.originRequest;
|
||||||
})
|
ingress =
|
||||||
]))
|
mapAttrsToList mapIngress tunnel.ingress
|
||||||
cfg.tunnels);
|
++ mapAttrsToList mapIngress tunnel.extraTunnel.ingress
|
||||||
}
|
++ singleton {service = tunnel.default;};
|
||||||
|
};
|
||||||
|
configPath =
|
||||||
|
if tunnel.extraTunnel.enable
|
||||||
|
then "/run/${RuntimeDirectory}/config.yml"
|
||||||
|
else pkgs.writeText "cloudflared.yml" (builtins.toJSON settings);
|
||||||
|
args =
|
||||||
|
[
|
||||||
|
"--config=${configPath}"
|
||||||
|
"--no-autoupdate"
|
||||||
|
]
|
||||||
|
++ cfg.extraArgs
|
||||||
|
++ tunnel.extraArgs;
|
||||||
|
in
|
||||||
|
nameValuePair "cloudflared-tunnel-${uuid}" (mkMerge [
|
||||||
|
{
|
||||||
|
after = mkIf config.services.tailscale.enable ["tailscale-autoconnect.service"];
|
||||||
|
serviceConfig = {
|
||||||
|
RestartSec = 10;
|
||||||
|
ExecStart = mkForce [
|
||||||
|
"${cfg.package}/bin/cloudflared tunnel ${utils.escapeSystemdExecArgs args} run"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
(mkIf tunnel.extraTunnel.enable {
|
||||||
|
serviceConfig = {
|
||||||
|
inherit RuntimeDirectory;
|
||||||
|
ExecStartPre = [
|
||||||
|
(pkgs.writeShellScript "cloudflared-tunnel-${uuid}-prepare" ''
|
||||||
|
${utils.genJqSecretsReplacementSnippet settings configPath}
|
||||||
|
'')
|
||||||
|
];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
]))
|
||||||
|
cfg.tunnels);
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
let
|
let
|
||||||
xInit = true;
|
xInit = true;
|
||||||
xCloudflared = {virtualHost}: let
|
xCloudflared = {virtualHost}: let
|
||||||
host = if virtualHost.proxied.cloudflared.host == virtualHost.serverName
|
host =
|
||||||
|
if virtualHost.proxied.cloudflared.host == virtualHost.serverName
|
||||||
then "$server_name"
|
then "$server_name"
|
||||||
else "'${virtualHost.proxied.cloudflared.host}'";
|
else "'${virtualHost.proxied.cloudflared.host}'";
|
||||||
in ''
|
in ''
|
||||||
|
|
@ -42,11 +43,13 @@ let
|
||||||
host = "$proxied_host_cf";
|
host = "$proxied_host_cf";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in {
|
in
|
||||||
forwarded_for = "$proxy_add_x_forwarded_for";
|
{
|
||||||
scheme = "$proxied_scheme";
|
forwarded_for = "$proxy_add_x_forwarded_for";
|
||||||
https = "$proxied_https";
|
scheme = "$proxied_scheme";
|
||||||
} // defaults.${cfg.enable};
|
https = "$proxied_https";
|
||||||
|
}
|
||||||
|
// defaults.${cfg.enable};
|
||||||
locationModule = {
|
locationModule = {
|
||||||
config,
|
config,
|
||||||
virtualHost,
|
virtualHost,
|
||||||
|
|
|
||||||
|
|
@ -14,8 +14,9 @@ let
|
||||||
cfg = config.xvars;
|
cfg = config.xvars;
|
||||||
defaultValues = filterAttrs (name: value: value != null && value != virtualHost.xvars.defaults.${name} or null) cfg.defaults;
|
defaultValues = filterAttrs (name: value: value != null && value != virtualHost.xvars.defaults.${name} or null) cfg.defaults;
|
||||||
defaults = concatStringsSep "\n" (mapAttrsToList (
|
defaults = concatStringsSep "\n" (mapAttrsToList (
|
||||||
name: value: "set $x_${name} ${virtualHost.xvars.lib.escapeString value};"
|
name: value: "set $x_${name} ${virtualHost.xvars.lib.escapeString value};"
|
||||||
) defaultValues);
|
)
|
||||||
|
defaultValues);
|
||||||
in {
|
in {
|
||||||
options.xvars = with lib.types; {
|
options.xvars = with lib.types; {
|
||||||
enable = mkEnableOption "$x_variables";
|
enable = mkEnableOption "$x_variables";
|
||||||
|
|
@ -101,8 +102,9 @@ let
|
||||||
config = let
|
config = let
|
||||||
defaultValues = filterAttrs (_: value: value != null) cfg.defaults;
|
defaultValues = filterAttrs (_: value: value != null) cfg.defaults;
|
||||||
defaults = concatStringsSep "\n" (mapAttrsToList (
|
defaults = concatStringsSep "\n" (mapAttrsToList (
|
||||||
name: value: "set $x_${name} ${escapeString value};"
|
name: value: "set $x_${name} ${escapeString value};"
|
||||||
) defaultValues);
|
)
|
||||||
|
defaultValues);
|
||||||
parseReferer = ''
|
parseReferer = ''
|
||||||
set $hack_referer $http_referer;
|
set $hack_referer $http_referer;
|
||||||
if ($hack_referer ~ "^(https?)://([^/]+)(/.*)$") {
|
if ($hack_referer ~ "^(https?)://([^/]+)(/.*)$") {
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,11 @@
|
||||||
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
|
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
|
||||||
inherit (lib.modules) mkIf;
|
inherit (lib.modules) mkIf;
|
||||||
in {
|
in {
|
||||||
config.exports.services.cloudflared = {config, systemConfig, ...}: let
|
config.exports.services.cloudflared = {
|
||||||
|
config,
|
||||||
|
systemConfig,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
assertMetrics = nixosConfig: let
|
assertMetrics = nixosConfig: let
|
||||||
cfg = nixosConfig.services.cloudflared;
|
cfg = nixosConfig.services.cloudflared;
|
||||||
metricsPort =
|
metricsPort =
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,10 @@
|
||||||
src = inputs.nixpkgs;
|
src = inputs.nixpkgs;
|
||||||
inherit patches;
|
inherit patches;
|
||||||
};
|
};
|
||||||
in if patches != [] then patchedNixpkgs else pkgs;
|
in
|
||||||
|
if patches != []
|
||||||
|
then patchedNixpkgs
|
||||||
|
else pkgs;
|
||||||
deploy-rs = let
|
deploy-rs = let
|
||||||
deployLib =
|
deployLib =
|
||||||
inputs.deploy-rs.lib.${system}
|
inputs.deploy-rs.lib.${system}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue