storage-ng/public-address-proxy: fixed errors

hosts/storage-ng/public-access-proxy/configuration.nix

@@ -28,15 +28,15 @@
 
   services.openssh = {
     enable = true;
-    permitRootLogin = "prohibit-password";
+    permitRootLogin = "yes";
     ports = [ 1122 ];
   };
 
-  services.my.proxy = {
+  my.services.proxy = {
     enable = true;
     proxyHosts = [
       {
-        hostNames = [ "mdm.arkom.men" ];
+        hostNames = [ "c3d2.arkom.men" "test.arkom.men" ];
         proxyTo = { host = "cloud.bombenverleih.de"; httpPort = 80; httpsPort = 443; };
       }
     ];
@@ -47,12 +47,6 @@
     443
    ];
 
-  users.extraUsers.k-ot = {
-    inNormalUser = true;
-    uid = 1000;
-    extraGroups = [ "wheel" ];
-  };
-
   system.stateVersion = "18.09"; # Did you read the comment?
 
 }

hosts/storage-ng/public-access-proxy/proxy.nix

@@ -6,7 +6,7 @@ let
 
 in {
 
-  options.my.serices.proxy = {
+  options.my.services.proxy = {
 
     enable = mkOption {
       default = false;
@@ -22,7 +22,7 @@ in {
               type = types.listOf types.str;
               default = [];
               description = ''
-                Proxy these hostnames.
+                Proxy these hostNames.
               '';
             };
             proxyTo = mkOption {
@@ -58,6 +58,7 @@ in {
               '';
               default = {};
             };
+          };
 
         }));
       default = [];
@@ -75,20 +76,28 @@ in {
     services.haproxy = {
       enable = true;
       config = ''
+        resolvers dns
+          nameservers quad9 9.9.9.9:53
+          hold valid 1s
+
         frontend http-in
           bind *:80
           default_backend proxy-backend-http
   
         backend proxy-backend-http
-          ${concatMapStringSep "\n" (proxyHost:
+          timeout connect 5000
+          timeout check 5000
+          timeout client 30000
+          timeout server 30000
+          ${concatMapStringsSep "\n" (proxyHost:
             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
-              concatMapStringSep "\n" (hostname: ''
+              concatMapStringsSep "\n" (hostname: ''
                 use-server ${hostname}-http if { req.hdr(host) -i ${hostname} }
-                server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0
+                server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000
               ''
-              ) (attrValues proxyHost.hostnames)
+              ) (proxyHost.hostNames)
             )
-          ) (attrValues cfg.proxyHosts)
+          ) (cfg.proxyHosts)
           }
 
         frontend https-in
@@ -96,17 +105,21 @@ in {
           default_backend proxy-backend-https
 
         backend proxy-backend-https
-          ${concatMapStringSep "\n" (proxyHost:
+          timeout connect 5000
+          timeout check 5000
+          timeout client 30000
+          timeout server 30000
+          ${concatMapStringsSep "\n" (proxyHost:
             optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) (
-              concatMapStringSep "\n" (hostname: ''
+              concatMapStringsSep "\n" (hostname: ''
                 use-server ${hostname}-https if { req.ssl_sni -i ${hostname} }
-                server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0
+                server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000
               ''
-              ) (attrValues proxyHost.hostnames)
+              ) (proxyHost.hostNames)
             )
-          ) (attrValues cfg.proxyHosts)
+          ) (cfg.proxyHosts)
           }
       '';
     };
-
+  };
 }