feat: several updates
This commit is contained in:
Xavier Morel
@@ -24,6 +24,9 @@ in
|
||||
#
|
||||
# '';
|
||||
# }).out;
|
||||
environment.systemPackages = with pkgs; [
|
||||
openssl
|
||||
];
|
||||
|
||||
services = {
|
||||
traefik = {
|
||||
@@ -92,10 +95,12 @@ in
|
||||
addServicesLabels = true;
|
||||
};
|
||||
};
|
||||
experimental.plugins = {
|
||||
staticResponse = {
|
||||
moduleName = "github.com/jdel/staticresponse";
|
||||
version = "v0.0.1";
|
||||
experimental = {
|
||||
plugins = {
|
||||
staticResponse = {
|
||||
moduleName = "github.com/jdel/staticresponse";
|
||||
version = "v0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -162,17 +167,23 @@ in
|
||||
"X-authentik-meta-provider"
|
||||
"X-authentik-meta-app"
|
||||
"X-authentik-meta-version"
|
||||
"X-Forwarded-Host"
|
||||
"X-Forwarded-Proto"
|
||||
"Remote-User"
|
||||
"Remote-Group"
|
||||
"Remote-Email"
|
||||
"Remote-Name"
|
||||
];
|
||||
};
|
||||
matrix-wellknown.plugin.staticResponse = {
|
||||
statusCode = 200;
|
||||
body = ''{"m.server": "${tools.build_hostname "matrix"}:443"}'';
|
||||
headers = {
|
||||
"Content-Type" = "application/json";
|
||||
matrix-wellknown-mw = {
|
||||
plugin = {
|
||||
staticResponse = {
|
||||
statusCode = 200;
|
||||
body = ''{"m.server": "${tools.build_hostname "matrix"}:443"}'';
|
||||
headers = {
|
||||
"Content-Type" = "application/json";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -211,15 +222,22 @@ in
|
||||
]
|
||||
) config.my-lxc)
|
||||
++ [
|
||||
(map (h: {
|
||||
${h.hostname} = {
|
||||
rule = "Host(`${h.hostname}${dmn}`) " + (if (h.private == true) then internal else "");
|
||||
service = "${h.hostname}-service";
|
||||
entryPoints = [ "websecure" ];
|
||||
middlewares = if (h.auth) then [ "authentik" ] else [ ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
}) config.globals.other_hosts)
|
||||
(lib.mapAttrsToList
|
||||
# mapAttrs?
|
||||
(
|
||||
hostname: h:
|
||||
lib.optionalAttrs (h.port != null) {
|
||||
${hostname} = {
|
||||
rule = "Host(`${hostname}${dmn}`) " + (if (h.private == true) then internal else "");
|
||||
service = "${hostname}-service";
|
||||
entryPoints = [ "websecure" ];
|
||||
middlewares = if (h.auth) then [ "authentik" ] else [ ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
}
|
||||
)
|
||||
config.globals.other_hosts
|
||||
)
|
||||
]
|
||||
)
|
||||
)
|
||||
@@ -228,7 +246,7 @@ in
|
||||
rule = "Path(`/\.well-known/matrix/server`)";
|
||||
entryPoints = [ "websecure" ];
|
||||
service = "noop";
|
||||
middlewares = [ "matrix-wellknown" ];
|
||||
middlewares = [ "matrix-wellknown-mw" ];
|
||||
tls.certResolver = "letsencrypt";
|
||||
};
|
||||
}
|
||||
@@ -257,16 +275,19 @@ in
|
||||
]
|
||||
) config.my-lxc)
|
||||
++ [
|
||||
(map (h: {
|
||||
"${h.hostname}-service" = {
|
||||
loadBalancer = {
|
||||
servers = [ { url = h.addr; } ];
|
||||
}
|
||||
// (lib.optionalAttrs (h.useCustomCA) {
|
||||
serversTransport = "${h.hostname}-transport";
|
||||
});
|
||||
};
|
||||
}) config.globals.other_hosts)
|
||||
(lib.mapAttrsToList (
|
||||
hostname: h:
|
||||
lib.optionalAttrs (h.port != null) {
|
||||
"${hostname}-service" = {
|
||||
loadBalancer = {
|
||||
servers = [ { url = "${h.protocol}://${ip h.ip}:${toString h.port}"; } ];
|
||||
}
|
||||
// (lib.optionalAttrs (h.useCustomCA) {
|
||||
serversTransport = "${hostname}-transport";
|
||||
});
|
||||
};
|
||||
}
|
||||
) config.globals.other_hosts)
|
||||
]
|
||||
)
|
||||
)
|
||||
@@ -274,10 +295,10 @@ in
|
||||
noop.loadBalancer.servers = [ ];
|
||||
};
|
||||
serversTransports = mergeConf (
|
||||
(map (
|
||||
h:
|
||||
(lib.mapAttrsToList (
|
||||
hostname: h:
|
||||
lib.optionalAttrs (h.useCustomCA) {
|
||||
"${h.hostname}-transport" = {
|
||||
"${hostname}-transport" = {
|
||||
rootCAs = customCAs;
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user