public-access-proxy: revert to static vhost list

pulling in other systems during evaluation causes very high memory usage
2022-05-31 19:15:00 +02:00 · 2022-05-31 19:15:00 +02:00 · 310d1da9d1
parent 32a44bfb36
commit 310d1da9d1
2 changed files with 94 additions and 63 deletions
--- a/flake.nix
+++ b/flake.nix
@ -477,9 +477,6 @@
            ./config/lxc-container.nix
            ./hosts/containers/public-access-proxy
          ];
-          extraArgs = {
-            inherit (self) nixosConfigurations;
-          };
        };

        ticker = nixosSystem' {
--- a/hosts/containers/public-access-proxy/default.nix
+++ b/hosts/containers/public-access-proxy/default.nix
@ -1,4 +1,4 @@
-{ zentralwerk, nixosConfigurations, config, pkgs, lib, ... }:
+{ zentralwerk, config, pkgs, lib, ... }:

 {
  imports = [
@ -18,65 +18,99 @@

  my.services.proxy = {
    enable = true;
-    proxyHosts = [
-      # Manual forwarding configurations
-      {
-        hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
-        proxyTo.host = "172.20.73.51";
-        matchArg = "-m end";
-      }
-      {
-        hostNames = [ "jabber.c3d2.de" ];
-        proxyTo = {
-          host = config.c3d2.hosts.jabber.ip4;
-        };
-        matchArg = "-m end";
-      }
-      {
-        hostNames = [ "zw.poelzi.org" ];
-        proxyTo.host = "172.20.73.162";
-        matchArg = "-m end";
-      }
-      {
-        hostNames = [ "direkthilfe.c3d2.de" ];
-        proxyTo = {
-          host = config.c3d2.hosts.direkthilfe.ip4;
-        };
-        matchArg = "-m end";
-      }
-      {
-        hostNames = [ "staging.dvb.solutions" ];
-        proxyTo = {
-          host = config.c3d2.hosts.staging-data-hoarder.ip4;
-        };
-        matchArg = "-m end";
-      }
-    ] ++
-    # Generated forwarding configurations from other nixosConfigurations
-    map (host:
-      let
-        nixosConfig = nixosConfigurations."${host}".config;
-      in {
-        hostNames =
-          builtins.filter (vhost: vhost != "localhost") (
-            builtins.concatMap (vhost:
-              let
-                vhostConfig = nixosConfig.services.nginx.virtualHosts."${vhost}";
-              in [ vhost ] ++ vhostConfig.serverAliases
-            ) (builtins.attrNames nixosConfig.services.nginx.virtualHosts)
-          );
-        proxyTo.host =
-          if config.c3d2.hosts.${host} ? ip4 && config.c3d2.hosts.${host}.ip4 != null
-          then config.c3d2.hosts.${host}.ip4
-          else if config.c3d2.hosts.${host} ? ip6 && config.c3d2.hosts.${host}.ip6 != null
-          then "[${config.c3d2.hosts.${host}.ip6}]"
-          else throw "No known addresses for ${host}";
-      }
-    ) (builtins.attrNames (
-      lib.filterAttrs (_: nixos:
-        nixos.config.services.nginx.enable
-      ) nixosConfigurations
-    ));
+    proxyHosts = [ {
+      hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
+      proxyTo.host = "172.20.73.51";
+      matchArg = "-m end";
+    } {
+      hostNames = [ "jabber.c3d2.de" ];
+      proxyTo = {
+        host = config.c3d2.hosts.jabber.ip4;
+      };
+      matchArg = "-m end";
+    } {
+      hostNames = [ "zw.poelzi.org" ];
+      proxyTo.host = "172.20.73.162";
+      matchArg = "-m end";
+    } {
+      hostNames = [ "direkthilfe.c3d2.de" ];
+      proxyTo = {
+        host = config.c3d2.hosts.direkthilfe.ip4;
+      };
+      matchArg = "-m end";
+    } {
+      hostNames = [ "staging.dvb.solutions" ];
+      proxyTo = {
+        host = config.c3d2.hosts.staging-data-hoarder.ip4;
+      };
+      matchArg = "-m end";
+    } {
+      hostNames = [ "bind.serv.zentralwerk.org" ];
+      proxyTo.host = config.c3d2.hosts.bind.ip4;
+    } {
+      hostNames = [ "blogs.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.blogs.ip4;
+    } {
+      hostNames = [
+        "datenspuren.de" "www.datenspuren.de" "ds.c3d2.de" "datenspuren.c3d2.de"
+        "c3d2.de" "www.c3d2.de" "c3dd.de" "www.c3dd.de" "cccdd.de" "www.cccdd.de" "dresden.ccc.de" "www.dresden.ccc.de"
+        "openpgpkey.c3d2.de"
+        "netzbiotop.org" "www.netzbiotop.org"
+        "autotopia.c3d2.de"
+        "c3d2-web.serv.zentralwerk.org"
+      ];
+      proxyTo.host = config.c3d2.hosts.c3d2-web.ip4;
+    } {
+      hostNames = [ "gitea.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.gitea.ip4;
+    } {
+      hostNames = [ "grafana.hq.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.grafana.ip4;
+    } {
+      hostNames = [
+        "hydra.hq.c3d2.de"
+        "nix-serve.hq.c3d2.de"
+      ];
+      proxyTo.host = config.c3d2.hosts.hydra.ip4;
+    } {
+      hostNames = [ "keycloak.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.keycloak.ip4;
+    } {
+      hostNames = [
+        "kibana.hq.c3d2.de"
+        "kibana-es.hq.c3d2.de"
+      ];
+      proxyTo.host = config.c3d2.hosts.kibana.ip4;
+    } {
+      hostNames = [ "logging.serv.zentralwerk.org" ];
+      proxyTo.host = config.c3d2.hosts.logging.ip4;
+    } {
+      hostNames = [ "matemat.hq.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.matemat.ip4;
+    } {
+      hostNames = [ "mobilizon.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.mobilizon.ip4;
+    } {
+      hostNames = [ "drkkr.hq.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.pulsebert.ip4;
+    } {
+      hostNames = [ "scrape.hq.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.scrape.ip4;
+    } {
+      hostNames = [
+        "adsb.hq.c3d2.de"
+        "sdr.hq.c3d2.de"
+      ];
+      proxyTo.host = config.c3d2.hosts.sdrweb.ip4;
+    } {
+      hostNames = [
+        "stream.hq.c3d2.de" "torrents.hq.c3d2.de"
+      ];
+      proxyTo.host = config.c3d2.hosts.stream.ip4;
+    } {
+      hostNames = [ "ticker.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.ticker.ip4;
+    } ];
  };

  networking.firewall.allowedTCPPorts = [