privatevoid.net/depot
1
1
Fork 0
Code Issues 18 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/ways: support internal services properly

Browse source
This commit is contained in:
Max Headroom 2024-08-02 23:26:46 +02:00
parent 5d26d45916
commit e81aad5619
3 changed files with 35 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
cluster/services/ways/default.nix
View file

@ -11,6 +11,9 @@
};
dns.records = lib.mapAttrs'
(_: cfg: lib.nameValuePair cfg.dnsRecord.name ({ ... }: { imports = [ cfg.dnsRecord.value ]; }))
(_: cfg: lib.nameValuePair cfg.dnsRecord.name ({ ... }: {
imports = [ cfg.dnsRecord.value ];
root = cfg.domainSuffix;
}))
config.ways;
}

41
cluster/services/ways/host.nix
View file

@ -3,6 +3,8 @@
let
externalWays = lib.filterAttrs (_: cfg: !cfg.internal) cluster.config.ways;
internalWays = lib.filterAttrs (_: cfg: cfg.internal) cluster.config.ways;
consulServiceWays = lib.filterAttrs (_: cfg: cfg.useConsul) cluster.config.ways;
in
@ -14,6 +16,7 @@ in
imports = [
cfg.extras
{
listenAddresses = lib.mkIf cfg.internal [ config.reflection.interfaces.vstub.addr ];
forceSSL = true;
enableACME = !cfg.internal && !cfg.wildcard;
useACMEHost = lib.mkMerge [
@ -84,18 +87,34 @@ in
};
};
consul.services.ways-proxy = {
unit = "nginx";
mode = "external";
definition = {
name = "ways-proxy";
address = config.reflection.interfaces.primary.addrPublic;
port = 443;
checks = lib.singleton {
interval = "60s";
tcp = "127.0.0.1:80";
consul.services = {
ways-proxy = {
unit = "nginx";
mode = "external";
definition = {
name = "ways-proxy";
address = config.reflection.interfaces.primary.addrPublic;
port = 443;
checks = lib.singleton {
interval = "60s";
tcp = "127.0.0.1:80";
};
tags = lib.attrNames externalWays;
};
};
ways-proxy-internal = {
unit = "nginx";
mode = "external";
definition = {
name = "ways-proxy-internal";
address = config.reflection.interfaces.vstub.addr;
port = 443;
checks = lib.singleton {
interval = "60s";
tcp = "127.0.0.1:80";
};
tags = lib.attrNames internalWays;
};
tags = lib.attrNames externalWays;
};
};
}

2
cluster/services/ways/options/way.nix
View file

@ -29,7 +29,7 @@ with lib;
description = "DNS record value for this Way.";
type = types.deferredModule;
default = {
consulService = "${name}.ways-proxy";
consulService = "${name}.${if config.internal then "ways-proxy-internal" else "ways-proxy"}";
rewrite.type = lib.mkIf config.wildcard "regex";
};
};