gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/access/kitchencam.nix
arcnmx d57c3e7b1a feat(access): kitchen
2024-02-09 18:18:29 -08:00

75 lines
2 KiB
Nix
Raw Blame History

{
config,
lib,
...
}: let
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkDefault;
inherit (config.services.nginx) virtualHosts;
access = config.services.nginx.access.kitchencam;
in {
options.services.nginx.access.kitchencam = with lib.types; {
host = mkOption {
type = str;
default = "kitchencam.local.${config.networking.domain}";
};
url = mkOption {
type = str;
default = "http://${access.host}:8080";
};
streamUrl = mkOption {
type = str;
default = "http://${access.host}:8081";
};
domain = mkOption {
type = str;
default = "kitchen.${config.networking.domain}";
};
localDomain = mkOption {
type = str;
default = "kitchen.local.${config.networking.domain}";
};
tailDomain = mkOption {
type = str;
default = "kitchen.tail.${config.networking.domain}";
};
useACMEHost = mkOption {
type = nullOr str;
default = null;
};
};
config.services.nginx = {
virtualHosts = let
extraConfig = ''
proxy_redirect off;
proxy_buffering off;
'';
locations = {
"/" = {
proxy.websocket.enable = true;
proxyPass = access.url;
};
"/stream" = {
proxy.websocket.enable = true;
proxyPass = access.streamUrl;
};
};
in {
${access.domain} = {
vouch.enable = true;
kTLS = mkDefault true;
inherit (access) useACMEHost;
forceSSL = mkDefault (access.useACMEHost != null);
inherit locations extraConfig;
};
${access.localDomain} = {
serverAliases = mkIf config.services.tailscale.enable [ access.tailDomain ];
inherit (virtualHosts.${access.domain}) useACMEHost;
addSSL = mkDefault (access.useACMEHost != null || virtualHosts.${access.domain}.addSSL || virtualHosts.${access.domain}.forceSSL);
kTLS = mkDefault true;
local.enable = true;
inherit locations extraConfig;
};
};
};
}
Reference in a new issue View git blame Copy permalink