gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/modules/nixos/nginx/stream.nix
arcnmx 586efcae0e refactor(nginx): proxy upstream modules
2024-04-22 15:10:32 -07:00

86 lines
2.1 KiB
Nix
Raw Blame History

{
gensokyo-zone,
config,
lib,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkAfter mkOptionDefault;
inherit (lib.attrsets) mapAttrsToList;
cfg = config.services.nginx.stream;
serverModule = {config, ...}: {
options = with lib.types; {
enable = mkEnableOption "stream server block" // {
default = true;
};
extraConfig = mkOption {
type = lines;
default = "";
};
streamConfig = mkOption {
type = lines;
internal = true;
};
serverBlock = mkOption {
type = lines;
internal = true;
};
ssl = {
preread.enable = mkEnableOption "ngx_stream_ssl_preread_module";
};
proxy = {
ssl = {
enable = mkEnableOption "ssl upstream";
verify = mkEnableOption "proxy_ssl_verify";
};
url = mkOption {
type = nullOr str;
default = null;
};
};
};
config = {
proxy.ssl.enable = mkIf config.ssl.preread.enable false;
streamConfig = mkMerge [
config.extraConfig
(mkIf config.ssl.preread.enable
"ssl_preread on;"
)
(mkIf config.proxy.ssl.enable
"proxy_ssl on;"
)
(mkIf (config.proxy.ssl.enable && config.proxy.ssl.verify)
"proxy_ssl_verify on;"
)
(mkIf (config.proxy.url != null) (mkAfter
"proxy_pass ${config.proxy.url};"
))
];
serverBlock = mkOptionDefault ''
server {
${config.streamConfig}
}
'';
};
};
in {
options.services.nginx.stream = with lib.types; {
servers = mkOption {
type = attrsOf (submoduleWith {
modules = [serverModule];
shorthandOnlyDefinesConfig = false;
specialArgs = {
inherit gensokyo-zone;
nixosConfig = config;
};
});
default = { };
};
};
config.services.nginx = {
streamConfig = mkMerge (
mapAttrsToList (_: server: mkIf server.enable server.serverBlock) cfg.servers
);
};
}
Reference in a new issue View git blame Copy permalink