From 8fb1ec833004274a2537bc206ccc827b5f61243c Mon Sep 17 00:00:00 2001 From: Pedro Rey Anca Date: Wed, 8 Oct 2025 15:25:19 +0200 Subject: [PATCH] Refactor --- machines/aresix/modules/reverse-proxy.nix | 56 +++++++++++++++-------- machines/aresix/modules/wireguard.nix | 1 + 2 files changed, 37 insertions(+), 20 deletions(-) diff --git a/machines/aresix/modules/reverse-proxy.nix b/machines/aresix/modules/reverse-proxy.nix index 05458a6..3cd7334 100644 --- a/machines/aresix/modules/reverse-proxy.nix +++ b/machines/aresix/modules/reverse-proxy.nix @@ -1,4 +1,8 @@ -{...}: { +{ + lib, + config, + ... +}: { security.acme = { acceptTerms = true; defaults.email = "personal+letsencrypt@peprolinbot.com"; @@ -15,29 +19,41 @@ recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = { - "ha.campares.duckdns.org" = { + virtualHosts = let + base = locations: { + inherit locations; + forceSSL = true; enableACME = true; - extraConfig = '' - proxy_buffering off; - ''; - locations."/" = { - proxyPass = "http://[::1]:8123"; - proxyWebsockets = true; - }; }; - "wg.campares.duckdns.org" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - proxy_buffering off; - ''; - locations."/" = { - proxyPass = "http://[::1]:8000"; - proxyWebsockets = true; + + proxy = { + port, + websockets ? false, + }: + (base { + "/" = { + proxyPass = "http://[::1]:" + toString port + "/"; + proxyWebsockets = websockets; + }; + }) + // { + extraConfig = lib.mkIf websockets '' + proxy_buffering off; + ''; }; - }; + + proxySimple = port: proxy {inherit port;}; + + proxyWebsockets = port: + proxy { + inherit port; + websockets = true; + }; + in { + "ha.campares.duckdns.org" = proxyWebsockets config.services.home-assistant.config.http.server_port; + + "wg.campares.duckdns.org" = proxySimple config.services.wg-access-server.settings.port; }; }; } diff --git a/machines/aresix/modules/wireguard.nix b/machines/aresix/modules/wireguard.nix index 1c5b5ef..6aba4ad 100644 --- a/machines/aresix/modules/wireguard.nix +++ b/machines/aresix/modules/wireguard.nix @@ -25,6 +25,7 @@ settings = { httpHost = "::1"; + port = 8000; }; secretsFile = config.clan.core.vars.generators.wg-access-server.files.secrets-file.path;