satellite/modules/nixos/nginx.nix

{ config, lib, ... }:
let
  cfg = config.satellite.nginx;
in
{
  options.satellite.nginx = {
    domain = lib.mkOption {
      description = "Root domain to use as a default for configurations.";
      type = lib.types.str;
      default = config.satellite.dns.domain;
    };

    at = lib.mkOption {
      description = "Per-subdomain nginx configuration";
      type = lib.types.attrsOf (
        lib.types.submodule (
          { name, config, ... }:
          {
            options.subdomain = lib.mkOption {
              description = ''
                Subdomain to use for host generation.
                Only required if `host` is not set manually.
              '';
              type = lib.types.str;
              default = name;
            };

            options.host = lib.mkOption {
              description = "Host to route requests from";
              type = lib.types.str;
            };

            config.host = "${config.subdomain}.${cfg.domain}";

            options.url = lib.mkOption {
              description = "External https url used to access this host";
              type = lib.types.str;
            };

            config.url = "https://${config.host}";

            options.port = lib.mkOption {
              description = "Port to proxy requests to";
              type = lib.types.nullOr lib.types.port;
              default = null;
            };

            options.files = lib.mkOption {
              description = "Path to serve files from";
              type = lib.types.nullOr lib.types.path;
              default = null;
            };
          }
        )
      );
      default = { };
    };
  };

  config = {
    assertions =
      let
        assertSingleTarget = config: {
          assertion = (config.port == null) == (config.files != null);
          message = ''
            Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
            and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
          '';
        };
      in
      lib.mapAttrsToList (_: assertSingleTarget) cfg.at;

    services.nginx.virtualHosts =
      let
        mkNginxConfig = args: {
          name = args.host;
          value =
            let
              extra =
                if args.port != null then
                  {
                    locations."/" = {
                      proxyPass = "http://localhost:${toString args.port}";
                      proxyWebsockets = true;
                    };
                  }
                else
                  { root = args.files; };
            in
            {
              enableACME = true;
              acmeRoot = null;
              forceSSL = true;
            }
            // extra;
        };
      in
      lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;

    satellite.dns.records =
      let
        mkDnsRecord =
          { subdomain, ... }:
          {
            type = "CNAME";
            zone = cfg.domain;
            at = subdomain;
            to = config.networking.hostName;
          };
      in
      lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
  };
}
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`{ config, lib, ... }:`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`let`
			`cfg = config.satellite.nginx;`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`in`
			`{`
			`options.satellite.nginx = {`
			`domain = lib.mkOption {`
			`description = "Root domain to use as a default for configurations.";`
			`type = lib.types.str;`
Custom octodns setup! 2024-07-08 03:06:27 +02:00			`default = config.satellite.dns.domain;`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`};`
Set up `pounce` on `lapetus` 2024-01-31 21:59:11 +01:00
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`at = lib.mkOption {`
			`description = "Per-subdomain nginx configuration";`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`type = lib.types.attrsOf (`
			`lib.types.submodule (`
			`{ name, config, ... }:`
			`{`
			`options.subdomain = lib.mkOption {`
			`description = ''`
			`Subdomain to use for host generation.`
			Only required if `host` is not set manually.
			`'';`
			`type = lib.types.str;`
			`default = name;`
			`};`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00
Fix octodns setup 2024-10-11 14:11:52 +02:00			`options.host = lib.mkOption {`
			`description = "Host to route requests from";`
			`type = lib.types.str;`
			`};`
Set up diptime and provision invidious hmac key 2024-03-11 16:08:32 +01:00
Fix octodns setup 2024-10-11 14:11:52 +02:00			`config.host = "${config.subdomain}.${cfg.domain}";`
Custom octodns setup! 2024-07-08 03:06:27 +02:00
Fix octodns setup 2024-10-11 14:11:52 +02:00			`options.url = lib.mkOption {`
			`description = "External https url used to access this host";`
			`type = lib.types.str;`
			`};`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00
Fix octodns setup 2024-10-11 14:11:52 +02:00			`config.url = "https://${config.host}";`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00
Fix octodns setup 2024-10-11 14:11:52 +02:00			`options.port = lib.mkOption {`
			`description = "Port to proxy requests to";`
			`type = lib.types.nullOr lib.types.port;`
			`default = null;`
			`};`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00
Fix octodns setup 2024-10-11 14:11:52 +02:00			`options.files = lib.mkOption {`
			`description = "Path to serve files from";`
			`type = lib.types.nullOr lib.types.path;`
			`default = null;`
			`};`
			`}`
			`)`
			`);`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`default = { };`
			`};`
Set up `pounce` on `lapetus` 2024-01-31 21:59:11 +01:00			`};`
Set up diptime and provision invidious hmac key 2024-03-11 16:08:32 +01:00
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`config = {`
			`assertions =`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`let`
			`assertSingleTarget = config: {`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`assertion = (config.port == null) == (config.files != null);`
			`message = ''`
Custom octodns setup! 2024-07-08 03:06:27 +02:00			`Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'`
			`and 'satellite.nginx.at.${config.subdomain}.files' must be specified.`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`'';`
			`};`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`in`
			`lib.mapAttrsToList (_: assertSingleTarget) cfg.at;`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00
			`services.nginx.virtualHosts =`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`let`
			`mkNginxConfig = args: {`
			`name = args.host;`
			`value =`
			`let`
			`extra =`
			`if args.port != null then`
			`{`
			`locations."/" = {`
			`proxyPass = "http://localhost:${toString args.port}";`
			`proxyWebsockets = true;`
			`};`
			`}`
			`else`
			`{ root = args.files; };`
			`in`
			`{`
			`enableACME = true;`
			`acmeRoot = null;`
			`forceSSL = true;`
Attempt to set up guacamole 2024-06-13 15:47:36 +02:00			`}`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`// extra;`
			`};`
			`in`
			`lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;`
Custom octodns setup! 2024-07-08 03:06:27 +02:00
			`satellite.dns.records =`
Fix octodns setup 2024-10-11 14:11:52 +02:00			`let`
			`mkDnsRecord =`
			`{ subdomain, ... }:`
			`{`
			`type = "CNAME";`
			`zone = cfg.domain;`
			`at = subdomain;`
			`to = config.networking.hostName;`
			`};`
			`in`
			`lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;`
Set up diptime and provision invidious hmac key 2024-03-11 16:08:32 +01:00			`};`
Set up `pounce` on `lapetus` 2024-01-31 21:59:11 +01:00			`}`