From bc1118fccf26d1bede28bd4d0a9d11b79004edad Mon Sep 17 00:00:00 2001 From: Markus Schmidl Date: Mon, 1 Apr 2019 03:15:39 +0200 Subject: [PATCH] storage-ng/public-address-proxy: fixed errors --- .../public-access-proxy/configuration.nix | 12 ++---- .../storage-ng/public-access-proxy/proxy.nix | 39 ++++++++++++------- 2 files changed, 29 insertions(+), 22 deletions(-) diff --git a/hosts/storage-ng/public-access-proxy/configuration.nix b/hosts/storage-ng/public-access-proxy/configuration.nix index 06ddd17d..d92d4640 100644 --- a/hosts/storage-ng/public-access-proxy/configuration.nix +++ b/hosts/storage-ng/public-access-proxy/configuration.nix @@ -28,15 +28,15 @@ services.openssh = { enable = true; - permitRootLogin = "prohibit-password"; + permitRootLogin = "yes"; ports = [ 1122 ]; }; - services.my.proxy = { + my.services.proxy = { enable = true; proxyHosts = [ { - hostNames = [ "mdm.arkom.men" ]; + hostNames = [ "c3d2.arkom.men" "test.arkom.men" ]; proxyTo = { host = "cloud.bombenverleih.de"; httpPort = 80; httpsPort = 443; }; } ]; @@ -47,12 +47,6 @@ 443 ]; - users.extraUsers.k-ot = { - inNormalUser = true; - uid = 1000; - extraGroups = [ "wheel" ]; - }; - system.stateVersion = "18.09"; # Did you read the comment? } diff --git a/hosts/storage-ng/public-access-proxy/proxy.nix b/hosts/storage-ng/public-access-proxy/proxy.nix index d7d59360..1fe18879 100644 --- a/hosts/storage-ng/public-access-proxy/proxy.nix +++ b/hosts/storage-ng/public-access-proxy/proxy.nix @@ -6,7 +6,7 @@ let in { - options.my.serices.proxy = { + options.my.services.proxy = { enable = mkOption { default = false; @@ -22,7 +22,7 @@ in { type = types.listOf types.str; default = []; description = '' - Proxy these hostnames. + Proxy these hostNames. ''; }; proxyTo = mkOption { @@ -58,6 +58,7 @@ in { ''; default = {}; }; + }; })); default = []; @@ -75,20 +76,28 @@ in { services.haproxy = { enable = true; config = '' + resolvers dns + nameservers quad9 9.9.9.9:53 + hold valid 1s + frontend http-in bind *:80 default_backend proxy-backend-http backend proxy-backend-http - ${concatMapStringSep "\n" (proxyHost: + timeout connect 5000 + timeout check 5000 + timeout client 30000 + timeout server 30000 + ${concatMapStringsSep "\n" (proxyHost: optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) ( - concatMapStringSep "\n" (hostname: '' + concatMapStringsSep "\n" (hostname: '' use-server ${hostname}-http if { req.hdr(host) -i ${hostname} } - server ${hostname}-http ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpPort} weight 0 + server ${hostname}-http ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpPort} resolvers dns check inter 1000 '' - ) (attrValues proxyHost.hostnames) + ) (proxyHost.hostNames) ) - ) (attrValues cfg.proxyHosts) + ) (cfg.proxyHosts) } frontend https-in @@ -96,17 +105,21 @@ in { default_backend proxy-backend-https backend proxy-backend-https - ${concatMapStringSep "\n" (proxyHost: + timeout connect 5000 + timeout check 5000 + timeout client 30000 + timeout server 30000 + ${concatMapStringsSep "\n" (proxyHost: optionalString (proxyHost.hostNames != [] && proxyHost.proxyTo.host != null) ( - concatMapStringSep "\n" (hostname: '' + concatMapStringsSep "\n" (hostname: '' use-server ${hostname}-https if { req.ssl_sni -i ${hostname} } - server ${hostname}-https ${proxyHost.proxyTo.host}:${proxyHost.proxyTo.httpsPort} weight 0 + server ${hostname}-https ${proxyHost.proxyTo.host}:${toString proxyHost.proxyTo.httpsPort} resolvers dns check inter 1000 '' - ) (attrValues proxyHost.hostnames) + ) (proxyHost.hostNames) ) - ) (attrValues cfg.proxyHosts) + ) (cfg.proxyHosts) } ''; }; - + }; }