diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 8fc94e5..3c5c55f 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./network_storage + ./reverse_proxy.nix ]; } diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix new file mode 100644 index 0000000..86db3a2 --- /dev/null +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.host.reverse_proxy = { + enable = lib.mkEnableOption "turn on the reverse proxy"; + hostname = lib.mkOption { + type = lib.type.string; + description = "what host name are we going to be proxying from"; + }; + forceSSL = lib.mkOption { + type = lib.type.boolean; + description = "force connections to use https"; + default = true; + }; + enableACME = lib.mkOption { + type = lib.type.boolean; + description = "auto renew certificates"; + default = true; + }; + subdomains = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({...}: { + options = { + target = lib.mkOption { + type = lib.types.string; + description = "where should this host point to"; + }; + websockets = lib.mkEnableOption "should websockets be proxied"; + }; + })); + }; + }; + + config = { + services.nginx = { + enable = config.host.reverse_proxy.enable; + virtualHosts = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" { + forceSSL = config.home.reverse_proxy.forceSSL; + enableACME = config.home.reverse_proxy.enableACME; + locations."/" = { + proxyPass = value.target; + proxyWebsockets = value.websockets; + }; + }) + config.host.reverse_proxy.subdomains; + }; + }; +}