privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/ways: support wildcards

Browse source
This commit is contained in:
Max Headroom 2024-07-04 18:12:52 +02:00
parent a2cbfb9c25
commit ac047b189d
4 changed files with 61 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cluster/services/ways/default.nix
View file

@ -10,7 +10,7 @@
nixos.host = ./host.nix; nixos.host = ./host.nix;
}; };
dns.records = lib.mapAttrs (name: cfg: { dns.records = lib.mapAttrs'
consulService = "${name}.ways-proxy"; (_: cfg: lib.nameValuePair cfg.dnsRecord.name ({ ... }: { imports = [ cfg.dnsRecord.value ]; }))
}) (lib.filterAttrs (_: cfg: !cfg.internal) config.ways); config.ways;
} }

15
cluster/services/ways/host.nix
View file

@ -1,8 +1,6 @@
{ cluster, config, depot, lib, pkgs, ... }: { cluster, config, depot, lib, pkgs, ... }:
let let
inherit (depot.lib.meta) domain;
externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways; externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;
consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways; consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways;
@ -13,14 +11,17 @@ in
{ {
services.nginx = { services.nginx = {
virtualHosts = lib.mapAttrs' (name: cfg: { virtualHosts = lib.mapAttrs' (name: cfg: {
name = if cfg.internal then "${name}.internal.${domain}" else "${name}.${domain}"; name = cfg.name;
value = { ... }: { value = { ... }: {
imports = [ imports = [
cfg.extras cfg.extras
{ {
forceSSL = true; forceSSL = true;
enableACME = !cfg.internal; enableACME = !cfg.internal && !cfg.wildcard;
useACMEHost = lib.mkIf cfg.internal "internal.${domain}"; useACMEHost = lib.mkMerge [
(lib.mkIf cfg.internal cfg.domainSuffixInternal)
(lib.mkIf cfg.wildcard "${name}.${cfg.domainSuffix}")
];
locations = lib.mkMerge [ locations = lib.mkMerge [
{ {
"/".proxyPass = cfg.target; "/".proxyPass = cfg.target;
@ -44,10 +45,12 @@ in
}; };
security.acme.certs = lib.mapAttrs' (name: cfg: { security.acme.certs = lib.mapAttrs' (name: cfg: {
name = "${name}.${domain}"; name = "${name}.${cfg.domainSuffix}";
value = { value = {
domain = lib.mkIf cfg.wildcard "*.${name}.${cfg.domainSuffix}";
dnsProvider = "exec"; dnsProvider = "exec";
webroot = lib.mkForce null; webroot = lib.mkForce null;
group = "nginx";
}; };
}) externalWays; }) externalWays;

8
cluster/services/ways/options/default.nix
View file

@ -1,8 +1,12 @@
{ lib, ... }: { lib, depot, ... }:
{ {
options.ways = lib.mkOption { options.ways = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ./way.nix); type = lib.types.attrsOf (lib.types.submodule {
imports = [ ./way.nix ];
domainSuffixExternal = depot.lib.meta.domain;
domainSuffixInternal = "internal.${depot.lib.meta.domain}";
});
default = {}; default = {};
}; };
} }

46
cluster/services/ways/options/way.nix
View file

@ -1,4 +1,4 @@
{ lib, name, options, ... }: { config, lib, name, options, ... }:
with lib; with lib;
@ -11,15 +11,39 @@ with lib;
}; };
name = mkOption { name = mkOption {
description = "Subdomain name to use."; description = "Domain name to use.";
type = types.str; type = types.str;
default = name; default = let
basename = "${name}.${config.domainSuffix}";
in if config.wildcard then "~^(.+)\.${lib.escapeRegex basename}$" else basename;
};
dnsRecord = {
name = mkOption {
description = "DNS record name for this Way.";
type = types.str;
default = if config.wildcard then "^[^_].+\\.${lib.escapeRegex name}" else name;
};
value = mkOption {
description = "DNS record value for this Way.";
type = types.deferredModule;
default = {
consulService = "${name}.ways-proxy";
rewrite.type = lib.mkIf config.wildcard "regex";
};
};
}; };
target = mkOption { target = mkOption {
type = types.str; type = types.str;
}; };
wildcard = mkOption {
type = types.bool;
default = false;
};
consulService = mkOption { consulService = mkOption {
type = types.str; type = types.str;
}; };
@ -40,6 +64,22 @@ with lib;
internal = true; internal = true;
}; };
domainSuffixInternal = mkOption {
type = types.str;
internal = true;
};
domainSuffixExternal = mkOption {
type = types.str;
internal = true;
};
domainSuffix = mkOption {
type = types.str;
internal = true;
default = if config.internal then config.domainSuffixInternal else config.domainSuffixExternal;
};
extras = mkOption { extras = mkOption {
description = "Extra configuration to pass to the nginx virtual host submodule."; description = "Extra configuration to pass to the nginx virtual host submodule.";
type = types.deferredModule; type = types.deferredModule;