{ zentralwerk, hostRegistry, nixosConfigurations, config, pkgs, lib, ... }: { imports = [ ./proxy.nix ./stats.nix ]; networking.hostName = "public-access-proxy"; networking.useNetworkd = true; networking.interfaces.eth0 = { ipv4.addresses = [{ address = "172.20.73.45"; prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len; }]; }; networking.defaultGateway = "172.20.73.1"; my.services.proxy = { enable = true; proxyHosts = [ # Manual forwarding configurations { hostNames = [ "vps1.nixvita.de" "vps1.codetu.be" "nixvita.de" ]; proxyTo.host = "172.20.73.51"; matchArg = "-m end"; } { hostNames = [ "jabber.c3d2.de" ]; proxyTo = { host = hostRegistry.hosts.jabber.ip4; httpPort = 5820; httpsPort = 5821; }; matchArg = "-m end"; } { hostNames = [ "zw.poelzi.org" ]; proxyTo.host = "172.20.73.162"; matchArg = "-m end"; } ] ++ # Generated forwarding configurations from other nixosConfigurations map (host: let nixosConfig = nixosConfigurations."${host}".config; in { hostNames = builtins.filter (vhost: vhost != "localhost") ( builtins.concatMap (vhost: let vhostConfig = nixosConfig.services.nginx.virtualHosts."${vhost}"; in [ vhost ] ++ vhostConfig.serverAliases ) (builtins.attrNames nixosConfig.services.nginx.virtualHosts) ); proxyTo.host = if hostRegistry.hosts."${host}" ? ip4 then hostRegistry.hosts."${host}".ip4 else if hostRegistry.hosts."${host}" ? ip6 then "[${hostRegistry.hosts."${host}".ip6}]" else throw "No known addresses for ${host}"; } ) (builtins.attrNames ( lib.filterAttrs (_: nixos: nixos.config.services.nginx.enable ) nixosConfigurations )); }; networking.firewall.allowedTCPPorts = [ 80 443 ]; system.stateVersion = "18.09"; }