nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Add cert-resolver

Browse source
This commit is contained in:
Natsu Kagami 2021-11-01 15:50:30 -04:00
parent 0842bd53a2
commit 071889c976
Signed by: nki
GPG key ID: 7306B3D3C3AD6E51
7 changed files with 475 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

91
modules/cloud/traefik/config.nix
View file

@ -7,18 +7,20 @@ let
# Copied from traefik.nix
jsonValue = with types;
let
valueType = nullOr (oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
valueType = nullOr
(oneOf [
bool
int
float
str
(lazyAttrsOf valueType)
(listOf valueType)
]) // {
description = "JSON value";
emptyValue.value = { };
};
in valueType;
in
valueType;
hostType = with types; submodule {
options = {
@ -41,49 +43,76 @@ let
description = "The port that the service is listening on";
};
entrypoints = mkOption {
type = listOf (enum ["http" "https" "smtp-submission" "imap"]);
type = listOf (enum [ "http" "https" "smtp-submission" "smtp-submission-ssl" "imap" ]);
default = [ "https" ];
description = "The entrypoints that will serve the host";
};
middlewares = mkOption {
type = listOf jsonValue;
default = [];
default = [ ];
description = "The middlewares to be used with the host.";
};
protocol = mkOption {
type = enum [ "http" "tcp" ];
default = "http";
description = "The protocol of the router and service";
};
tlsPassthrough = mkOption {
type = types.bool;
default = true;
description = "Sets the TCP passthrough value. Defaults to `true` if the connection is tcp";
};
};
};
# Returns the filter given a host configuration
filterOfHost = host :
filterOfHost = host:
let
hostFilter = if host.protocol == "http" then "Host" else "HostSNI";
in
if host.filter != null then host.filter
else if host.path == null then "Host(`${host.host}`)"
else "Host(`${host.host}`) && Path(`${host.path}`)";
else if host.path == null then "${hostFilter}(`${host.host}`)"
else "${hostFilter}(`${host.host}`) && Path(`${host.path}`)";
# Turns a host configuration into dynamic traefik configuration
hostToConfig = name : host : {
http.routers."${name}-router" = {
rule = filterOfHost host;
entryPoints = host.entrypoints;
tls.certResolver = "le";
service = "${name}-service";
middlewares = lists.imap0 (id: m: "${name}-middleware-${toString id}") host.middlewares;
};
http.services."${name}-service".loadBalancer.servers = [
{ url = "http://localhost:${toString host.port}"; }
];
http.middlewares = builtins.listToAttrs (lists.imap0 (id: v: {
name = "${name}-middleware-${toString id}";
value = v;
}) host.middlewares);
hostToConfig = name: host: {
"${host.protocol}" = {
routers."${name}-router" = {
rule = filterOfHost host;
entryPoints = host.entrypoints;
tls = { certResolver = "le"; } // (if host.protocol == "tcp" then { passthrough = if (host ? tlsPassthrough) then host.tlsPassthrough else true; } else { });
service = "${name}-service";
} // (
if host.protocol == "http" then
{ middlewares = lists.imap0 (id: m: "${name}-middleware-${toString id}") host.middlewares; }
else if host.middlewares == [ ] then
{ }
else abort "Cannot have middlewares on tcp routers"
);
services."${name}-service".loadBalancer.servers = [
(if host.protocol == "http" then
{ url = "http://localhost:${toString host.port}"; }
else { address = "127.0.0.1:${toString host.port}"; }
)
];
} // (if (host.middlewares != [ ]) then {
middlewares = builtins.listToAttrs (lists.imap0
(id: v: {
name = "${name}-middleware-${toString id}";
value = v;
})
host.middlewares);
} else { });
};
in
{
options.cloud.traefik.hosts = mkOption {
type = types.attrsOf hostType;
default = {};
default = { };
description = "The HTTP hosts to run on the server";
};
config.cloud.traefik.config = builtins.foldl' attrsets.recursiveUpdate {} (attrsets.mapAttrsToList hostToConfig cfg.hosts);
config.cloud.traefik.config = builtins.foldl' attrsets.recursiveUpdate { } (attrsets.mapAttrsToList hostToConfig cfg.hosts);
}