56 lines
1.6 KiB
Nix
56 lines
1.6 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
# Récupère la liste des services depuis la configuration
|
|
publicServices = config.services.reverse-proxy.publicServices or [];
|
|
in
|
|
{
|
|
# Options pour le module reverse-proxy
|
|
options.services.reverse-proxy = {
|
|
publicServices = lib.mkOption {
|
|
type = lib.types.listOf (lib.types.submodule {
|
|
options = {
|
|
host = lib.mkOption { type = lib.types.str; };
|
|
internalHost = lib.mkOption { type = lib.types.str; };
|
|
port = lib.mkOption { type = lib.types.int; default = 80; };
|
|
};
|
|
});
|
|
default = [];
|
|
description = "Liste des services à exposer via le reverse proxy";
|
|
};
|
|
};
|
|
|
|
# Configuration de Caddy
|
|
config = lib.mkIf (config.services.reverse-proxy.publicServices or []) != [] {
|
|
services.caddy = {
|
|
enable = true;
|
|
virtualHosts = map (service: {
|
|
host = "${service.host}.lagraula.fr";
|
|
reverseProxy = "http://${service.internalHost}.lagraula.fr:${toString service.port}";
|
|
tls = {
|
|
email = config.services.caddy.email or "xavier@lagraula.fr";
|
|
};
|
|
}) (config.services.reverse-proxy.publicServices or []);
|
|
|
|
# Configuration globale pour Caddy
|
|
extraConfig = ''
|
|
{
|
|
# Rate limiting global (optionnel)
|
|
rate_limit {
|
|
requests 100
|
|
burst 200
|
|
interval 1m
|
|
}
|
|
# Logging
|
|
log {
|
|
output file /var/log/caddy/access.log
|
|
}
|
|
}
|
|
'';
|
|
};
|
|
|
|
# Ouvrir les ports firewall pour HTTP/HTTPS
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
networking.firewall.allowedUDPPorts = [];
|
|
};
|
|
} |