Enalbe attic and storage through frp

albinvass · Jun 8, 2024 · de866ee · de866ee
1 parent a5be4b2
commit de866ee
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 25 deletions.
diff --git a/nixos/hosts/nixpi/attic.nix b/nixos/hosts/nixpi/attic.nix
@@ -8,16 +8,6 @@
     };
   };
 
-  services.cloudflared = {
-    tunnels = {
-      nixpi = {
-        ingress = {
-          "attic.albinvass.se" = "http://localhost:8080";
-        };
-      };
-    };
-  };
-
   services.atticd = {
     enable = true;
     credentialsFile = config.sops.secrets."attic/credentialsFile".path;

diff --git a/nixos/hosts/nixpi/frp.nix b/nixos/hosts/nixpi/frp.nix
@@ -29,12 +29,19 @@
       };
       proxies = [
         {
-          name = "http";
+          name = "attic.albinvass.se";
           type = "tcp";
           remotePort = 8082;
           localIP = "127.0.0.1";
           localPort = 8080;
         }
+        {
+          name = "storage.albinvass.se";
+          type = "tcp";
+          remotePort = 8083;
+          localIP = "storage.";
+          localPort = 8080;
+        }
       ];
     };
   };

diff --git a/nixos/hosts/reverse-proxy/frp.nix b/nixos/hosts/reverse-proxy/frp.nix
@@ -23,7 +23,7 @@ in
     settings = {
       bindPort = frpPort;
       proxyBindAddr = "127.0.0.1";
-      transport = {
+     transport = {
         tls = {
           force = true;
           certFile = "{{ .Envs.CREDENTIALS_DIRECTORY }}/certFile";

diff --git a/nixos/hosts/reverse-proxy/nginx.nix b/nixos/hosts/reverse-proxy/nginx.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ nodes, lib, ... }:
 {
   networking.firewall.allowedTCPPorts = [
     443
@@ -11,20 +11,23 @@
   };
   services.nginx = {
     enable = true;
-    virtualHosts = {
-      "test.albinvass.se" = {
-        forceSSL = true;
-        enableACME = true;
-        locations = {
-          "/" = {
-            proxyPass = "http://127.0.0.1:8082";
-          };
-        };
-      };
-      "storage.albinvass.se" = {
+    virtualHosts = let
+      hostDefaults = {
         forceSSL = true;
         enableACME = true;
       };
-    };
+      frpProxies = lib.attrsets.mergeAttrsList (map (node: with nodes.${node}.config.services.frp;
+        if builtins.hasAttr "proxies" settings
+        then builtins.listToAttrs(map (proxy: { name = "${proxy.name}"; value = hostDefaults // {
+          locations = {
+            "/" = {
+              proxyPass = "http://127.0.0.1:${builtins.toString proxy.remotePort}";
+            };
+          };
+        };}) settings.proxies)
+        else {}
+      ) (builtins.attrNames nodes));
+
+    in frpProxies;
   };
 }