VEGAS/cdn-shield: init

2021-10-16 15:07:53 +02:00 · 2021-10-16 15:07:53 +02:00 · b8442d4763
commit b8442d4763
parent 95d88f9a15
4 changed files with 29 additions and 0 deletions
--- a/hosts/VEGAS/services/cdn-shield/default.nix
+++ b/hosts/VEGAS/services/cdn-shield/default.nix
@ -0,0 +1,11 @@
+{ config, lib, toolsets, ... }:
+
+let
+  tools = toolsets.nginx {
+    inherit lib config;
+    domain = "cdn-shield.${toolsets.meta.domain}";
+  };
+in
+{
+  services.nginx.virtualHosts = tools.mappers.mapSubdomains (import ./shields.nix { inherit tools; });
+}
--- a/hosts/VEGAS/services/cdn-shield/shields.nix
+++ b/hosts/VEGAS/services/cdn-shield/shields.nix
@ -0,0 +1,7 @@
+{ tools }:
+with tools.vhosts;
+{
+  "fonts-googleapis-com" = proxyGhost "https" "fonts.googleapis.com";
+  "fonts-gstatic-com" = proxyGhost "https" "fonts.gstatic.com";
+  "cdnjs-cloudflare-com" = proxyGhost "https" "cdnjs.cloudflare.com";
+}
--- a/hosts/VEGAS/system.nix
+++ b/hosts/VEGAS/system.nix
@ -17,6 +17,7 @@
      # Services
      ./services/backbone-routing
      ./services/bitwarden
+      ./services/cdn-shield
      ./services/dns
      ./services/fbi
      ./services/bitwarden
--- a/tools/nginx.nix
+++ b/tools/nginx.nix
@ -43,6 +43,16 @@ let
        '';
      };

+      proxyGhost = scheme: target: basic // {
+        locations."/".extraConfig = ''
+          proxy_pass ${scheme}://${target};
+          proxy_set_header Host ${target};
+          proxy_set_header Referer ${scheme}://${target};
+          proxy_cookie_domain ${target} domain.invalid;
+          proxy_set_header Cookie "";
+        '';
+      };
+
    };
  }) tools;
 in tools