Mapping wizardry

2018-04-10 20:28:22 +02:00 · 2018-04-10 20:28:22 +02:00 · bb0029ae1d
commit bb0029ae1d
parent aaf8d12628
1 changed files with 47 additions and 40 deletions
--- a/services.nix
+++ b/services.nix
@ -1,7 +1,24 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 with lib;
 let
  haproxy_backends = {
    grafana = { ip = "127.0.0.1"; port = 3000; auth = false; };
    emby = { ip = "127.0.0.1"; port = 8096; auth = false; };
    radarr = { ip = "127.0.0.1"; port = 7878; auth = false; };
    transmission = { ip = "127.0.0.1"; port = 9091; auth = true; };
    syncthing = { ip = "127.0.0.1"; port = 8384; auth = true; };
  };
  domaine = "tars.nyanlout.re";
 in
 {
  services.haproxy.enable = true;
  services.haproxy.config = ''
    global
      log /dev/log local0
@ -22,44 +39,38 @@
      user paul password $6$6rDdCtzSVsAwB6KP$V8bR7KP7FSL2BSEh6n3op6iYhAnsVSPI2Ar3H6MwKrJ/lZRzUI8a0TwVBD2JPnAntUhLpmRudrvdq2Ls2odAy.
    frontend public
      bind :::80 v4v6
-      bind :::443 v4v6 ssl crt /var/lib/acme/tars.nyanlout.re/full.pem
+      bind :::443 v4v6 ssl crt /var/lib/acme/${domaine}/full.pem
      mode http
      acl letsencrypt-acl path_beg /.well-known/acme-challenge/
      redirect scheme https code 301 if !{ ssl_fc } !letsencrypt-acl
      use_backend letsencrypt-backend if letsencrypt-acl
-      acl grafana-acl hdr(host) -i grafana.tars.nyanlout.re
+
-      acl emby-acl hdr(host) -i emby.tars.nyanlout.re
+    ${concatStrings (
-      acl radarr-acl hdr(host) -i radarr.tars.nyanlout.re
+      mapAttrsToList (name: value:
-      acl transmission-acl hdr(host) -i transmission.tars.nyanlout.re
+        "
-      acl syncthing-acl hdr(host) -i syncthing.tars.nyanlout.re
+  acl ${name}-acl hdr(host) -i ${name}.${domaine}
-      use_backend grafana-backend if grafana-acl
+  use_backend ${name}-backend if ${name}-acl
-      use_backend emby-backend if emby-acl
+        ") haproxy_backends)}
-      use_backend radarr-backend if radarr-acl
+
      use_backend transmission-backend if transmission-acl
      use_backend syncthing-backend if syncthing-acl
    backend letsencrypt-backend
      mode http
      server letsencrypt 127.0.0.1:54321
-    backend grafana-backend
+
-      mode http
+    ${concatStrings (
-      server grafana 127.0.0.1:3000 check
+      mapAttrsToList (name: value:
-    backend emby-backend
+        ''
-      mode http
+
-      server emby 127.0.0.1:8096 check
+backend ${name}-backend
-    backend radarr-backend
+  mode http
-      mode http
+  server ${name} ${value.ip}:${toString value.port}
-      server radarr 127.0.0.1:7878 check
+  ${(if value.auth then (
-    backend transmission-backend
+    "
-      mode http
+  acl AuthOK_LOUTRE http_auth(LOUTRE)
-      acl AuthOK_LOUTRE http_auth(LOUTRE)
+  http-request auth realm LOUTRE if !AuthOK_LOUTRE
-      http-request auth realm LOUTRE if !AuthOK_LOUTRE
+    ") else "")}
-      server transmission 127.0.0.1:9091 check
+        ''
-    backend syncthing-backend
+        ) haproxy_backends)}
-      mode http
+    '';
      acl AuthOK_LOUTRE http_auth(LOUTRE)
      http-request auth realm LOUTRE if !AuthOK_LOUTRE
      server syncthing 127.0.0.1:8384 check
  '';
  services.nginx.enable = true;
  services.nginx.virtualHosts = {
@ -70,14 +81,10 @@
  };
  security.acme.certs = {
-    "tars.nyanlout.re" = {
+    ${domaine} = {
-      extraDomains = {
+      extraDomains = mapAttrs' (name: value:
-        "grafana.tars.nyanlout.re" = null;
+        nameValuePair ("${name}.${domaine}") (null)
-        "emby.tars.nyanlout.re" = null;
+      ) haproxy_backends;
        "radarr.tars.nyanlout.re" = null;
        "transmission.tars.nyanlout.re" = null;
        "syncthing.tars.nyanlout.re" = null;
      };
      webroot = "/var/www/challenges/";
      email = "paul@nyanlout.re";
      user = "haproxy";