Attempt to set up guacamole

modules/nixos/default.nix

@@ -3,6 +3,7 @@
 {
   # example = import ./example.nix;
   cloudflared = import ./cloudflared.nix;
+  ports = import ./ports.nix;
   nginx = import ./nginx.nix;
   pilot = import ./pilot.nix;
   pounce = import ./pounce.nix;

modules/nixos/nginx.nix

@@ -1,25 +1,85 @@
-{ lib, ... }: {
-  options.satellite.proxy = lib.mkOption {
-    type = lib.types.functionTo (lib.types.functionTo lib.types.anything);
-    description = "Helper function for generating a quick proxy config";
+{ config, lib, ... }:
+let cfg = config.satellite.nginx;
+in
+{
+  options.satellite.nginx = {
+    domain = lib.mkOption {
+      description = "Root domain to use as a default for configurations.";
+      type = lib.types.str;
+    };
+
+    at = lib.mkOption {
+      description = "Per-subdomain nginx configuration";
+      type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
+        options.name = lib.mkOption {
+          description = "Attribute name leading to this submodule";
+          type = lib.types.str;
+        };
+
+        config.name = name;
+
+        options.host = lib.mkOption {
+          description = "Host to route requests from";
+          type = lib.types.str;
+          default = "${name}.${cfg.domain}";
+        };
+
+        options.url = lib.mkOption {
+          description = "External https url used to access this host";
+          type = lib.types.str;
+        };
+
+        config.url = "https://${config.host}";
+
+        options.port = lib.mkOption {
+          description = "Port to proxy requests to";
+          type = lib.types.nullOr lib.types.port;
+          default = null;
+        };
+
+        options.files = lib.mkOption {
+          description = "Path to serve files from";
+          type = lib.types.nullOr lib.types.path;
+          default = null;
+        };
+      }));
+      default = { };
+    };
   };
 
-  options.satellite.static = lib.mkOption {
-    type = lib.types.functionTo lib.types.anything;
-    description = "Helper function for generating a quick file serving config";
-  };
+  config = {
+    assertions =
+      let assertSingleTarget = config:
+        {
+          assertion = (config.port == null) == (config.files != null);
+          message = ''
+            Precisely one of the options 'satellite.nginx.at.${config.name}.port'
+            and 'satellite.nginx.at.${config.name}.files' must be specified.
+          '';
+        };
+      in lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
 
-  config.satellite.proxy = port: extra: {
-    enableACME = true;
-    acmeRoot = null;
-    forceSSL = true;
-    locations."/" = { proxyPass = "http://localhost:${toString port}"; } // extra;
-  };
-
-  config.satellite.static = root: {
-    inherit root;
-    enableACME = true;
-    acmeRoot = null;
-    forceSSL = true;
+    services.nginx.virtualHosts =
+      let mkNginxConfig = { host, port, files }: {
+        name = host;
+        value =
+          let extra =
+            if port != null then {
+              locations."/" = {
+                proxyPass = "http://localhost:${toString port}";
+                proxyWebsockets = true;
+              };
+            }
+            else {
+              root = files;
+            };
+          in
+          {
+            enableACME = true;
+            acmeRoot = null;
+            forceSSL = true;
+          } // extra;
+      };
+      in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
   };
 }

modules/nixos/ports.nix

@@ -0,0 +1,9 @@
+# Generic interface for working specifying a single-source of truth for ports!
+{ lib, ... }:
+{
+  options.satellite.ports = lib.mkOption {
+    description = "Record of custom app-port mappings to use throughput the config";
+    type = lib.types.lazyAttrsOf lib.types.port;
+    default = { };
+  };
+}