Refactor

machines/aresix/modules/reverse-proxy.nix

@@ -1,4 +1,8 @@
-{...}: {
+{
+  lib,
+  config,
+  ...
+}: {
   security.acme = {
     acceptTerms = true;
     defaults.email = "personal+letsencrypt@peprolinbot.com";
@@ -15,29 +19,41 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
-    virtualHosts = {
+    virtualHosts = let
-      "ha.campares.duckdns.org" = {
+      base = locations: {
+        inherit locations;
+
         forceSSL = true;
         enableACME = true;
-        extraConfig = ''
-          proxy_buffering off;
-        '';
-        locations."/" = {
-          proxyPass = "http://[::1]:8123";
-          proxyWebsockets = true;
-        };
       };
-      "wg.campares.duckdns.org" = {
+
-        forceSSL = true;
+      proxy = {
-        enableACME = true;
+        port,
-        extraConfig = ''
+        websockets ? false,
-          proxy_buffering off;
+      }:
-        '';
+        (base {
-        locations."/" = {
+          "/" = {
-          proxyPass = "http://[::1]:8000";
+            proxyPass = "http://[::1]:" + toString port + "/";
-          proxyWebsockets = true;
+            proxyWebsockets = websockets;
+          };
+        })
+        // {
+          extraConfig = lib.mkIf websockets ''
+            proxy_buffering off;
+          '';
         };
-      };
+
+      proxySimple = port: proxy {inherit port;};
+
+      proxyWebsockets = port:
+        proxy {
+          inherit port;
+          websockets = true;
+        };
+    in {
+      "ha.campares.duckdns.org" = proxyWebsockets config.services.home-assistant.config.http.server_port;
+
+      "wg.campares.duckdns.org" = proxySimple config.services.wg-access-server.settings.port;
     };
   };
 }

machines/aresix/modules/wireguard.nix

@@ -25,6 +25,7 @@
 
     settings = {
       httpHost = "::1";
+      port = 8000;
     };
 
     secretsFile = config.clan.core.vars.generators.wg-access-server.files.secrets-file.path;