nginx: simplify nix functions

2020-04-08 13:03:01 +02:00 · 2020-04-08 13:03:01 +02:00 · 3c6677354a
commit 3c6677354a
parent ec1f659ce4
1 changed files with 37 additions and 39 deletions
--- a/systems/LoutreOS/web.nix
+++ b/systems/LoutreOS/web.nix
@ -41,32 +41,6 @@ let
        return 302 https://login.nyanlout.re/login?go=$scheme://$http_host$request_uri;
    }
  '';
-
-  nginxSimpleReverse = rport: {
-    enableACME = true;
-    forceSSL = true;
-
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString(rport)}/";
-    };
-  };
-
-  nginxAuthReverse = rport: {
-    enableACME = true;
-    forceSSL = true;
-
-    extraConfig = ''
-      include ${nginxSsoAuth};
-    '';
-
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString(rport)}/";
-      extraConfig = ''
-        auth_request_set $cookie $upstream_http_set_cookie;
-        add_header Set-Cookie $cookie;
-      '';
-    };
-  };
 in
 {
  security.acme = {
@ -134,7 +108,31 @@ in
          };
        };
      };
-      virtualHosts = {
+      virtualHosts = let
+        base = locations: {
+          inherit locations;
+          forceSSL = true;
+          enableACME = true;
+        };
+        simpleReverse = rport: base {
+          "/" = {
+            proxyPass = "http://127.0.0.1:${toString(rport)}/";
+          };
+        };
+        authReverse = rport: base {
+          "/" = {
+            proxyPass = "http://127.0.0.1:${toString(rport)}/";
+            extraConfig = ''
+              auth_request_set $cookie $upstream_http_set_cookie;
+              add_header Set-Cookie $cookie;
+            '';
+          };
+        } // {
+          extraConfig = ''
+            include ${nginxSsoAuth};
+          '';
+        };
+      in {
        "nyanlout.re" = {
          default = true;
          enableACME = true;
@ -239,18 +237,18 @@ in
            proxyPass = "http://127.0.0.1:${toString(config.services.nginx.sso.configuration.listen.port)}/";
          };
        };
-        "grafana.nyanlout.re" = nginxAuthReverse config.services.grafana.port;
-        "transmission.nyanlout.re" = nginxAuthReverse config.services.transmission.port;
-        "radarr.nyanlout.re" = nginxAuthReverse 7878;
-        "sonarr.nyanlout.re" = nginxAuthReverse 8989;
-        "syncthing.nyanlout.re" = nginxAuthReverse 8384;
-        "jackett.nyanlout.re" = nginxAuthReverse 9117;
-        "pgmanage.nyanlout.re" = nginxAuthReverse config.services.pgmanage.port;
-        "matrix.nyanlout.re" = nginxSimpleReverse 8008;
-        "airsonic.nyanlout.re" = nginxSimpleReverse 4040;
-        "emby.nyanlout.re" = nginxSimpleReverse 8096;
-        "ci.nyanlout.re" = nginxSimpleReverse 52350;
-        "gitea.nyanlout.re" = nginxSimpleReverse config.services.gitea.httpPort;
+        "grafana.nyanlout.re" = authReverse config.services.grafana.port;
+        "transmission.nyanlout.re" = authReverse config.services.transmission.port;
+        "radarr.nyanlout.re" = authReverse 7878;
+        "sonarr.nyanlout.re" = authReverse 8989;
+        "syncthing.nyanlout.re" = authReverse 8384;
+        "jackett.nyanlout.re" = authReverse 9117;
+        "pgmanage.nyanlout.re" = authReverse config.services.pgmanage.port;
+        "matrix.nyanlout.re" = simpleReverse 8008;
+        "airsonic.nyanlout.re" = simpleReverse 4040;
+        "emby.nyanlout.re" = simpleReverse 8096;
+        "ci.nyanlout.re" = simpleReverse 52350;
+        "gitea.nyanlout.re" = simpleReverse config.services.gitea.httpPort;
      };
      appendConfig = ''
        rtmp {