cluster/services/ways: init

This commit is contained in:
Max Headroom 2024-07-04 01:57:36 +02:00
parent e68ec76011
commit 98cb84c4d0
4 changed files with 116 additions and 0 deletions

View file

@ -0,0 +1,16 @@
{ config, lib, ... }:
{
imports = [
./options
];
services.ways = {
nodes.host = config.services.websites.nodes.host;
nixos.host = ./host.nix;
};
dns.records = lib.mapAttrs (name: cfg: {
consulService = "${name}.ways-proxy";
}) (lib.filterAttrs (_: cfg: !cfg.internal) config.ways);
}

View file

@ -0,0 +1,58 @@
{ cluster, depot, lib, ... }:
let
inherit (depot.lib.meta) domain;
externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;
in
{
services.nginx.virtualHosts = lib.mapAttrs' (name: cfg: {
name = if cfg.internal then "${name}.internal.${domain}" else "${name}.${domain}";
value = { ... }: {
imports = [
cfg.extras
{
forceSSL = true;
enableACME = !cfg.internal;
useACMEHost = lib.mkIf cfg.internal "internal.${domain}";
locations = lib.mkMerge [
{
"/".proxyPass = cfg.target;
"${cfg.healthCheckPath}".extraConfig = "access_log off;";
}
{
"/.well-known/ways/internal-health-check" = {
return = ''200 "INTERNAL_OK\n"'';
extraConfig = "access_log off;";
};
}
];
}
];
};
}) cluster.config.ways;
security.acme.certs = lib.mapAttrs' (name: cfg: {
name = "${name}.${domain}";
value = {
dnsProvider = "exec";
webroot = lib.mkForce null;
};
}) externalWays;
consul.services.ways-proxy = {
unit = "nginx";
mode = "external";
definition = {
name = "ways-proxy";
address = depot.reflection.interfaces.primary.addrPublic;
port = 443;
checks = lib.singleton {
interval = "60s";
tcp = "127.0.0.1:80";
};
tags = lib.attrNames externalWays;
};
};
}

View file

@ -0,0 +1,8 @@
{ lib, ... }:
{
options.ways = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ./way.nix);
default = {};
};
}

View file

@ -0,0 +1,34 @@
{ lib, name, ... }:
with lib;
{
options = {
internal = mkOption {
description = "Whether to only make this Way available internally. Will use the internal subdomain.";
type = types.bool;
default = false;
};
name = mkOption {
description = "Subdomain name to use.";
type = types.str;
default = name;
};
target = mkOption {
type = types.str;
};
healthCheckPath = mkOption {
type = types.path;
default = "/.well-known/ways/internal-health-check";
};
extras = mkOption {
description = "Extra configuration to pass to the nginx virtual host submodule.";
type = types.deferredModule;
default = {};
};
};
}