reverse-proxy: Init new module to simplify nginx reverse proxies

2025-09-16 19:01:56 +01:00 · 2025-09-16 19:01:56 +01:00 · 12cfceb2f9
commit 12cfceb2f9
parent 5967974d15
9 changed files with 67 additions and 113 deletions
--- a/services/reverse-proxy.nix
+++ b/services/reverse-proxy.nix
@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkOption mkEnableOption types;
+  cfg = config.fountain.services.reverse-proxy;
+in
+{
+  options.fountain.services.reverse-proxy = {
+    enable = mkEnableOption "Module to use nginx as a reverse proxy";
+    domains = mkOption {
+      type = types.attrsOf types.str;
+      description = "Mapping from external domain to internal address";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts = builtins.mapAttrs
+        (name: value: {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = value;
+            proxyWebsockets = true;
+          };
+        })
+        cfg.domains;
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}