created reverse_proxy.nix

2024-12-12 20:00:42 -06:00 · 2024-12-12 20:00:42 -06:00 · 86a690a321
parent 12658718a7
commit 86a690a321
2 changed files with 51 additions and 0 deletions
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@ -1,5 +1,6 @@
 {...}: {
  imports = [
    ./network_storage
+    ./reverse_proxy.nix
  ];
 }
--- a/modules/nixos-modules/server/reverse_proxy.nix
+++ b/modules/nixos-modules/server/reverse_proxy.nix
@ -0,0 +1,50 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  options.host.reverse_proxy = {
+    enable = lib.mkEnableOption "turn on the reverse proxy";
+    hostname = lib.mkOption {
+      type = lib.type.string;
+      description = "what host name are we going to be proxying from";
+    };
+    forceSSL = lib.mkOption {
+      type = lib.type.boolean;
+      description = "force connections to use https";
+      default = true;
+    };
+    enableACME = lib.mkOption {
+      type = lib.type.boolean;
+      description = "auto renew certificates";
+      default = true;
+    };
+    subdomains = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule ({...}: {
+        options = {
+          target = lib.mkOption {
+            type = lib.types.string;
+            description = "where should this host point to";
+          };
+          websockets = lib.mkEnableOption "should websockets be proxied";
+        };
+      }));
+    };
+  };
+
+  config = {
+    services.nginx = {
+      enable = config.host.reverse_proxy.enable;
+      virtualHosts = lib.attrsets.mapAttrs' (name: value:
+        lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" {
+          forceSSL = config.home.reverse_proxy.forceSSL;
+          enableACME = config.home.reverse_proxy.enableACME;
+          locations."/" = {
+            proxyPass = value.target;
+            proxyWebsockets = value.websockets;
+          };
+        })
+      config.host.reverse_proxy.subdomains;
+    };
+  };
+}