Proxy all buckets that have website = true

This commit is contained in:
Nicolas Jeannerod 2024-10-01 18:18:47 +02:00
parent 247a4258b2
commit 4c8d380e9e
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8

View file

@ -14,6 +14,7 @@ let
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep; inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep;
inherit (lib.strings) escapeShellArg; inherit (lib.strings) escapeShellArg;
inherit (lib.attrsets) filterAttrs mapAttrs';
cfg = config.services.garage; cfg = config.services.garage;
fedicfg = config.fediversity.internal.garage; fedicfg = config.fediversity.internal.garage;
concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset); concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset);
@ -159,16 +160,23 @@ in
}; };
}; };
services.nginx.virtualHosts.${fedicfg.web.domainForBucket "pixelfed"} = { ## Create a proxy from <bucket>.web.garage.<domain> to localhost:3902 for
forceSSL = true; ## each bucket that has `website = true`.
enableACME = true; services.nginx.virtualHosts =
locations."/" = { let
proxyPass = "http://localhost:3902"; value = {
extraConfig = '' forceSSL = true;
proxy_set_header Host $host; enableACME = true;
''; locations."/" = {
}; proxyPass = "http://localhost:3902";
}; extraConfig = ''
proxy_set_header Host $host;
'';
};
};
in mapAttrs'
(bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;})
(filterAttrs (_: {website, ...}: website) cfg.ensureBuckets);
systemd.services.ensure-garage = { systemd.services.ensure-garage = {
after = [ "garage.service" ]; after = [ "garage.service" ];