simplified nginx config

2025-03-19 01:13:38 -05:00 · 2025-03-19 01:13:38 -05:00 · 2350eb43ec
commit 2350eb43ec
parent 4c430404b3
6 changed files with 71 additions and 72 deletions
--- a/modules/nixos-modules/server/reverse_proxy.nix
+++ b/modules/nixos-modules/server/reverse_proxy.nix
@ -24,13 +24,28 @@ in {
      default = true;
    };
    subdomains = lib.mkOption {
-      type = lib.types.attrsOf (lib.types.submodule ({...}: {
+      type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
        options = {
+          subdomain = lib.mkOption {
+            type = lib.types.str;
+            description = "what is the default subdomain to be used for this application to be used for";
+            default = name;
+          };
+          extraSubdomains = lib.mkOption {
+            type = lib.types.listOf lib.types.str;
+            description = "extra domains that should be configured for this domain";
+            default = [];
+          };
+
          target = lib.mkOption {
            type = lib.types.str;
-            description = "where should this host point to";
+            description = "what url will all traffic to this application be forwarded to";
          };
-          websockets = lib.mkEnableOption "should websockets be proxied";
+
+          websockets.enable = lib.mkEnableOption "should the default config proxy websockets";
+
+          forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers";
+
          extraConfig = lib.mkOption {
            type = lib.types.lines;
            default = "";
@ -40,7 +55,6 @@ in {
          };
        };
      }));
-      default = {};
    };
  };

@ -53,17 +67,36 @@ in {

      services.nginx = {
        enable = true;
-        virtualHosts = lib.attrsets.mapAttrs' (name: value:
-          lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" {
-            forceSSL = config.host.reverse_proxy.forceSSL;
-            enableACME = config.host.reverse_proxy.enableACME;
-            locations."/" = {
-              proxyPass = value.target;
-              proxyWebsockets = value.websockets;
-              extraConfig = value.extraConfig;
-            };
-          })
-        config.host.reverse_proxy.subdomains;
+        virtualHosts = lib.mkMerge (
+          lib.lists.flatten (
+            lib.attrsets.mapAttrsToList (
+              name: value: let
+                hostConfig = {
+                  forceSSL = config.host.reverse_proxy.forceSSL;
+                  enableACME = config.host.reverse_proxy.enableACME;
+                  locations = {
+                    "/" = {
+                      proxyPass = value.target;
+                      proxyWebsockets = value.websockets.enable;
+                      recommendedProxySettings = value.forwardHeaders.enable;
+                      extraConfig =
+                        value.extraConfig;
+                    };
+                  };
+                };
+              in (
+                [
+                  {
+                    ${"${value.subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;
+                  }
+                ]
+                ++ builtins.map (subdomain: {${"${subdomain}.${config.host.reverse_proxy.hostname}"} = hostConfig;})
+                value.extraSubdomains
+              )
+            )
+            config.host.reverse_proxy.subdomains
+          )
+        );
      };

      networking.firewall.allowedTCPPorts = [