feat(nginx): enable option for vhost/location

2026-02-09 12:29:19 -08:00 · 2024-03-21 11:25:31 -07:00 · 2024-03-21 11:25:31 -07:00 · 8f227a1bc5
commit 8f227a1bc5
parent a6fced79d5
7 changed files with 116 additions and 31 deletions
--- a/modules/nixos/nginx/enable.nix
+++ b/modules/nixos/nginx/enable.nix
@ -0,0 +1,47 @@
+{
+  lib,
+  ...
+}: let
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (lib.modules) mkIf mkOverride;
+  mkExtraForce = mkOverride 25;
+  locationModule = { config, virtualHost, ... }: {
+    options = with lib.types; {
+      enable = mkEnableOption "enable location" // {
+        default = true;
+      };
+    };
+    config = mkIf (!virtualHost.enable || !config.enable) {
+      extraConfig = mkExtraForce "deny all;";
+    };
+  };
+  hostModule = { config, ... }: {
+    options = with lib.types; {
+      enable = mkEnableOption "enable server" // {
+        default = true;
+      };
+      locations = mkOption {
+        type = attrsOf (submoduleWith {
+          modules = [ locationModule ];
+          shorthandOnlyDefinesConfig = true;
+        });
+      };
+    };
+
+    config = mkIf (!config.enable) {
+      default = mkExtraForce false;
+      extraConfig = mkExtraForce ''
+        deny all;
+      '';
+    };
+  };
+in {
+  options = with lib.types; {
+    services.nginx.virtualHosts = mkOption {
+      type = attrsOf (submoduleWith {
+        modules = [ hostModule ];
+        shorthandOnlyDefinesConfig = true;
+      });
+    };
+  };
+}
--- a/modules/nixos/nginx/listen.nix
+++ b/modules/nixos/nginx/listen.nix
@ -4,17 +4,26 @@
  ...
 }: let
  inherit (lib.options) mkOption mkEnableOption;
-  inherit (lib.modules) mkIf mkDefault mkOptionDefault mkForce mkOverride;
-  inherit (lib.attrsets) mapAttrsToList filterAttrs removeAttrs;
-  inherit (lib.lists) concatMap;
+  inherit (lib.modules) mkIf mkMerge mkOptionDefault mkForce mkOverride mkRenamedOptionModule;
+  inherit (lib.attrsets) attrValues mapAttrs mapAttrsToList;
+  inherit (lib.lists) filter concatMap;
  mkAlmostOptionDefault = mkOverride 1250;
  inherit (config.services) nginx;
-  extraListenAttrs = [ "enable" ];
  listenModule = { config, virtualHost, ... }: {
    options = with lib.types; {
      enable = mkEnableOption "this port" // {
        default = true;
      };
+      addr = mkOption {
+        type = nullOr str;
+        default = null;
+        description = "shorthand to override config.addresses";
+      };
+      addresses = mkOption {
+        type = listOf str;
+        description = "applies to all listen addresses unless set";
+        defaultText = "virtualHost.listenAddresses'";
+      };
      ssl = mkOption {
        type = bool;
        default = false;
@ -22,23 +31,42 @@
      port = mkOption {
        type = nullOr port;
      };
+      extraParameters = mkOption {
+        type = listOf str;
+        default = [ ];
+      };
+      proxyProtocol = mkOption {
+        type = bool;
+        default = false;
+      };
    };
    config = {
      enable = mkIf (config.ssl && !virtualHost.ssl.enable) (mkForce false);
-      _module.freeformType = with lib.types; attrsOf (oneOf [
-        str (listOf str) (nullOr port) bool
-      ]);
      port = mkOptionDefault (
        if config.ssl then nginx.defaultSSLListenPort else nginx.defaultHTTPListenPort
      );
+      addresses = mkMerge [
+        (mkOptionDefault virtualHost.listenAddresses')
+        (mkIf (config.addr != null) (mkAlmostOptionDefault [ config.addr ]))
+      ];
    };
  };
  hostModule = { config, ... }: let
-    cfg = config.listenPorts;
-    enabledPorts = filterAttrs (_: port: port.enable) cfg;
+    cfg = attrValues config.listen';
+    enabledCfg = filter (port: port.enable) cfg;
+    mkListen = listen: addr: let
+      listenAttrs = {
+        inherit addr;
+        inherit (listen) port ssl extraParameters proxyProtocol;
+      };
+    in mapAttrs (_: mkAlmostOptionDefault) listenAttrs;
+    mkListens = listen: map (mkListen listen) listen.addresses;
  in {
+    imports = [
+      (mkRenamedOptionModule [ "listenPorts" ] [ "listen'" ])
+    ];
    options = with lib.types; {
-      listenPorts = mkOption {
+      listen' = mkOption {
        type = attrsOf (submoduleWith {
          modules = [ listenModule ];
          specialArgs = {
@ -47,15 +75,19 @@
        });
        default = { };
      };
+      listenAddresses' = mkOption {
+        type = listOf str;
+        description = "listenAddresses or defaultListenAddresses if empty";
+      };
    };

    config = {
-      listen = let
-        addresses = if config.listenAddresses != [ ] then config.listenAddresses else nginx.defaultListenAddresses;
-      in mkIf (cfg != { }) (mkAlmostOptionDefault (
-        concatMap (addr: mapAttrsToList (_: listen: {
-          addr = mkDefault addr;
-        } // removeAttrs listen extraListenAttrs) enabledPorts) addresses
+      enable = mkIf (cfg != [ ] && enabledCfg == [ ]) (mkForce false);
+      listenAddresses' = mkOptionDefault (
+        if config.listenAddresses != [ ] then config.listenAddresses else nginx.defaultListenAddresses
+      );
+      listen = mkIf (cfg != { }) (mkAlmostOptionDefault (
+        concatMap (mkListens) enabledCfg
      ));
    };
  };