gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(hakurei): access

Browse source
This commit is contained in:
arcnmx 2024-01-20 15:33:51 -08:00
parent 7ded53ccc1
commit e95cec051f
5 changed files with 62 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

21
nixos/access/proxmox.nix
View file

@ -1,15 +1,29 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkIf mkDefault;
inherit (lib.strings) escapeRegex;
inherit (lib.lists) singleton optional;
inherit (config.services) tailscale;
proxyPass = "https://reisen.local.gensokyo.zone:8006/";
unencrypted = pkgs.mkSnakeOil {
name = "prox-local-cert";
domain = singleton "prox.local.${config.networking.domain}"
++ optional tailscale.enable "prox.tail.${config.networking.domain}";
};
sslCertificate = unencrypted.fullchain;
sslCertificateKey = unencrypted.key;
in {
services.nginx.virtualHosts."prox.${config.networking.domain}" = {
locations."/" = {
extraConfig = ''
if ($http_x_forwarded_proto = http) {
return 302 https://$host$request_uri;
}
set $prox_prefix ''';
include ${config.sops.secrets.access-proxmox.path};
if ($request_uri ~ "^/([^/]+).*") {
@ -24,7 +38,7 @@ in {
if ($prox_prefix != $prox_expected) {
return 501;
}
if ($request_uri ~ "^/([^/]+)") {
if ($request_uri ~ "^/([^/]+)$") {
rewrite /(.*) /prox/$1 last;
}
rewrite /[^/]+/(.*) /prox/$1;
@ -49,12 +63,15 @@ in {
};
services.nginx.virtualHosts."prox.local.${config.networking.domain}" = {
local.enable = mkDefault true;
forceSSL = mkDefault true;
inherit sslCertificate sslCertificateKey;
locations."/" = {
inherit proxyPass;
};
};
services.nginx.virtualHosts."prox.tail.${config.networking.domain}" = mkIf config.services.tailscale.enable {
services.nginx.virtualHosts."prox.tail.${config.networking.domain}" = mkIf tailscale.enable {
local.enable = mkDefault true;
inherit sslCertificate sslCertificateKey;
locations."/" = {
inherit proxyPass;
};

8
nixos/access/zigbee2mqtt.nix
View file

@ -5,7 +5,7 @@
}:
let
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
inherit (lib.modules) mkIf mkDefault mkOptionDefault;
cfg = config.services.zigbee2mqtt;
access = config.services.nginx.access.zigbee2mqtt;
proxyPass = mkDefault "http://${access.host}:${toString access.port}";
@ -51,6 +51,12 @@ in {
inherit proxyPass extraConfig;
};
};
"z2m.tail.${config.networking.domain}" = mkIf config.services.tailscale.enable {
local.enable = true;
locations."/" = {
inherit proxyPass extraConfig;
};
};
};
};
}