options: added vhost attributes

2023-06-05 00:29:43 +02:00 · 2023-06-05 00:29:43 +02:00 · 78fc53024f
commit 78fc53024f
parent 3bc816b665
1 changed files with 69 additions and 0 deletions
--- a/hosts/architect/options.nix
+++ b/hosts/architect/options.nix
@ -2,6 +2,10 @@

 with lib;

+let
+  utilities = import ./utilities.nix { inherit lib config; };
+  inherit (utilities) architectInterfaceAddress;
+in
 {
  options.architect = {
    firewall = {
@ -58,5 +62,70 @@ with lib;
      default = { };
      description = "An attribute set of networks with their configurations.";
    };
+
+    vhost = mkOption {
+      type = types.attrsOf (types.submodule {
+        options = {
+          dnsInterfaces = mkOption {
+            type = types.listOf types.str;
+            default = [ ];
+            description = "List of interfaces to add extra DNS hosts for this vhost.";
+          };
+
+          locations = mkOption {
+            type = types.attrsOf (types.submodule {
+              options = {
+                port = mkOption {
+                  type = types.int;
+                  description = "The port number for the location.";
+                };
+
+                allow = mkOption {
+                  type = types.listOf types.str;
+                  default = [ ];
+                  description = "IP address or CIDR block to allow.";
+                };
+
+                deny = mkOption {
+                  type = types.listOf types.str;
+                  default = [ ];
+                  description = "IP address or CIDR block to deny.";
+                };
+              };
+            });
+            default = { };
+            description = "An attribute set of location configurations.";
+          };
+        };
+      });
+      default = { };
+      description = "An attribute set of domain configurations.";
+    };
+  };
+
+  config = {
+    services.nginx.virtualHosts = mapAttrs
+      (domain: conf: {
+        forceSSL = true;
+        enableACME = true;
+        locations = mapAttrs
+          (path: location: {
+            proxyPass = "http://127.0.0.1:${toString location.port}";
+            extraConfig = ''
+              ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
+              ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
+            '';
+          })
+          conf.locations;
+      })
+      config.architect.vhost;
+
+    networking.extraHosts = concatStringsSep "\n" (
+      mapAttrsToList
+        (domain: conf: concatMapStringsSep "\n"
+          (iface: "${architectInterfaceAddress iface} ${domain}")
+          conf.dnsInterfaces)
+        config.architect.vhost
+    );
  };
 }