nyanloutre
/
nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

ACL custom HAproxy

This commit is contained in:
nyanloutre 2018-06-21 10:15:39 +02:00
parent 71dfe32758
commit 4b9b6df84c
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
services/haproxy-acme.nix
View File

@ -27,6 +27,8 @@ in
port = mkOption { type = int; description = "Port number"; }; port = mkOption { type = int; description = "Port number"; };
socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; }; socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
auth = mkOption { type = bool; description = "Enable authentification"; default = false; }; auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
}; }); }; });
example = '' example = ''
haproxy_backends = { haproxy_backends = {
@ -102,8 +104,11 @@ in
'' ''
)} )}
${(if value.auth then ( ${(if value.auth then (
"\n acl AuthOK_LOUTRE http_auth(LOUTRE)\n" value.extraAcls
+ " http-request auth realm LOUTRE if !AuthOK_LOUTRE\n" + ''
acl AUTH_OK http_auth(LOUTRE)
http-request auth realm LOUTRE if ${value.aclBool}
''
) else "")} ) else "")}
'' ''
) cfg.services)} ) cfg.services)}

6
systems/LoutreOS/services.nix
View File

@ -30,9 +30,9 @@ in
services.haproxy-acme.services = { services.haproxy-acme.services = {
"grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = false; }; "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = false; };
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; }; "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = false; }; "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = false; }; "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"lidarr.${domaine}" = { ip = "127.0.0.1"; port = 8686; auth = false; }; "lidarr.${domaine}" = { ip = "127.0.0.1"; port = 8686; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; }; "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
"syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
"jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };