public-access-proxy: revert to static vhost list

pulling in other systems during evaluation causes very high memory usage
2022-05-31 19:15:00 +02:00 · 2022-05-31 19:15:00 +02:00 · 310d1da9d1
commit 310d1da9d1
parent 32a44bfb36
2 changed files with 94 additions and 63 deletions
--- a/flake.nix
+++ b/flake.nix
@ -477,9 +477,6 @@
            ./config/lxc-container.nix
            ./hosts/containers/public-access-proxy
          ];
          extraArgs = {
            inherit (self) nixosConfigurations;
          };
        };
        ticker = nixosSystem' {
--- a/hosts/containers/public-access-proxy/default.nix
+++ b/hosts/containers/public-access-proxy/default.nix
@ -1,4 +1,4 @@
-{ zentralwerk, nixosConfigurations, config, pkgs, lib, ... }:
+{ zentralwerk, config, pkgs, lib, ... }:
 {
  imports = [
@ -18,65 +18,99 @@
  my.services.proxy = {
    enable = true;
-    proxyHosts = [
+    proxyHosts = [ {
-      # Manual forwarding configurations
+      hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
-      {
+      proxyTo.host = "172.20.73.51";
-        hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ];
+      matchArg = "-m end";
-        proxyTo.host = "172.20.73.51";
+    } {
-        matchArg = "-m end";
+      hostNames = [ "jabber.c3d2.de" ];
-      }
+      proxyTo = {
-      {
+        host = config.c3d2.hosts.jabber.ip4;
-        hostNames = [ "jabber.c3d2.de" ];
+      };
-        proxyTo = {
+      matchArg = "-m end";
-          host = config.c3d2.hosts.jabber.ip4;
+    } {
-        };
+      hostNames = [ "zw.poelzi.org" ];
-        matchArg = "-m end";
+      proxyTo.host = "172.20.73.162";
-      }
+      matchArg = "-m end";
-      {
+    } {
-        hostNames = [ "zw.poelzi.org" ];
+      hostNames = [ "direkthilfe.c3d2.de" ];
-        proxyTo.host = "172.20.73.162";
+      proxyTo = {
-        matchArg = "-m end";
+        host = config.c3d2.hosts.direkthilfe.ip4;
-      }
+      };
-      {
+      matchArg = "-m end";
-        hostNames = [ "direkthilfe.c3d2.de" ];
+    } {
-        proxyTo = {
+      hostNames = [ "staging.dvb.solutions" ];
-          host = config.c3d2.hosts.direkthilfe.ip4;
+      proxyTo = {
-        };
+        host = config.c3d2.hosts.staging-data-hoarder.ip4;
-        matchArg = "-m end";
+      };
-      }
+      matchArg = "-m end";
-      {
+    } {
-        hostNames = [ "staging.dvb.solutions" ];
+      hostNames = [ "bind.serv.zentralwerk.org" ];
-        proxyTo = {
+      proxyTo.host = config.c3d2.hosts.bind.ip4;
-          host = config.c3d2.hosts.staging-data-hoarder.ip4;
+    } {
-        };
+      hostNames = [ "blogs.c3d2.de" ];
-        matchArg = "-m end";
+      proxyTo.host = config.c3d2.hosts.blogs.ip4;
-      }
+    } {
-    ] ++
+      hostNames = [
-    # Generated forwarding configurations from other nixosConfigurations
+        "datenspuren.de" "www.datenspuren.de" "ds.c3d2.de" "datenspuren.c3d2.de"
-    map (host:
+        "c3d2.de" "www.c3d2.de" "c3dd.de" "www.c3dd.de" "cccdd.de" "www.cccdd.de" "dresden.ccc.de" "www.dresden.ccc.de"
-      let
+        "openpgpkey.c3d2.de"
-        nixosConfig = nixosConfigurations."${host}".config;
+        "netzbiotop.org" "www.netzbiotop.org"
-      in {
+        "autotopia.c3d2.de"
-        hostNames =
+        "c3d2-web.serv.zentralwerk.org"
-          builtins.filter (vhost: vhost != "localhost") (
+      ];
-            builtins.concatMap (vhost:
+      proxyTo.host = config.c3d2.hosts.c3d2-web.ip4;
-              let
+    } {
-                vhostConfig = nixosConfig.services.nginx.virtualHosts."${vhost}";
+      hostNames = [ "gitea.c3d2.de" ];
-              in [ vhost ] ++ vhostConfig.serverAliases
+      proxyTo.host = config.c3d2.hosts.gitea.ip4;
-            ) (builtins.attrNames nixosConfig.services.nginx.virtualHosts)
+    } {
-          );
+      hostNames = [ "grafana.hq.c3d2.de" ];
-        proxyTo.host =
+      proxyTo.host = config.c3d2.hosts.grafana.ip4;
-          if config.c3d2.hosts.${host} ? ip4 && config.c3d2.hosts.${host}.ip4 != null
+    } {
-          then config.c3d2.hosts.${host}.ip4
+      hostNames = [
-          else if config.c3d2.hosts.${host} ? ip6 && config.c3d2.hosts.${host}.ip6 != null
+        "hydra.hq.c3d2.de"
-          then "[${config.c3d2.hosts.${host}.ip6}]"
+        "nix-serve.hq.c3d2.de"
-          else throw "No known addresses for ${host}";
+      ];
-      }
+      proxyTo.host = config.c3d2.hosts.hydra.ip4;
-    ) (builtins.attrNames (
+    } {
-      lib.filterAttrs (_: nixos:
+      hostNames = [ "keycloak.c3d2.de" ];
-        nixos.config.services.nginx.enable
+      proxyTo.host = config.c3d2.hosts.keycloak.ip4;
-      ) nixosConfigurations
+    } {
-    ));
+      hostNames = [
        "kibana.hq.c3d2.de"
        "kibana-es.hq.c3d2.de"
      ];
      proxyTo.host = config.c3d2.hosts.kibana.ip4;
    } {
      hostNames = [ "logging.serv.zentralwerk.org" ];
      proxyTo.host = config.c3d2.hosts.logging.ip4;
    } {
      hostNames = [ "matemat.hq.c3d2.de" ];
      proxyTo.host = config.c3d2.hosts.matemat.ip4;
    } {
      hostNames = [ "mobilizon.c3d2.de" ];
      proxyTo.host = config.c3d2.hosts.mobilizon.ip4;
    } {
      hostNames = [ "drkkr.hq.c3d2.de" ];
      proxyTo.host = config.c3d2.hosts.pulsebert.ip4;
    } {
      hostNames = [ "scrape.hq.c3d2.de" ];
      proxyTo.host = config.c3d2.hosts.scrape.ip4;
    } {
      hostNames = [
        "adsb.hq.c3d2.de"
        "sdr.hq.c3d2.de"
      ];
      proxyTo.host = config.c3d2.hosts.sdrweb.ip4;
    } {
      hostNames = [
        "stream.hq.c3d2.de" "torrents.hq.c3d2.de"
      ];
      proxyTo.host = config.c3d2.hosts.stream.ip4;
    } {
      hostNames = [ "ticker.c3d2.de" ];
      proxyTo.host = config.c3d2.hosts.ticker.ip4;
    } ];
  };
  networking.firewall.allowedTCPPorts = [