From 2bf3623eae12598c26b5be5e1b148b07d1a3aed5 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sat, 26 Dec 2020 01:24:40 +0100
Subject: [PATCH] Add nginx port forward module

---
 modules/default.nix                    |  1 +
 modules/nginx-port-forward/default.nix | 61 ++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 modules/nginx-port-forward/default.nix

diff --git a/modules/default.nix b/modules/default.nix
index c93700a..5841d4c 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -4,5 +4,6 @@
   imports = [
     ./policyrouting
     ./anycast_healthchecker
+    ./nginx-port-forward
   ];
 }
diff --git a/modules/nginx-port-forward/default.nix b/modules/nginx-port-forward/default.nix
new file mode 100644
index 0000000..e06e021
--- /dev/null
+++ b/modules/nginx-port-forward/default.nix
@@ -0,0 +1,61 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.clerie.nginx-port-forward;
+
+  portForwardConf = ''
+  stream {
+    ${ concatStringsSep "\n" ( mapAttrsToList ( port: forward: ''
+    server {
+      listen ${port};
+      listen [::]:${port};
+      proxy_pass ${forward.host}:${toString forward.port};
+    }
+    '' ) cfg.tcpPorts ) }
+    ${ concatStringsSep "\n" ( mapAttrsToList ( port: forward: ''
+    server {
+      listen ${port} udp;
+      listen [::]:${port} udp;
+      proxy_pass ${forward.host}:${toString forward.port};
+    }
+    '' ) cfg.udpPorts ) }
+  }
+  '';
+
+  portOpts = { config, ... }@moduleAttrs: {
+    options = {
+      host = mkOption {
+        type = types.str;
+      };
+      port = mkOption {
+        type = types.int;
+      };
+    };
+  };
+
+in
+
+{
+  options = {
+    clerie.nginx-port-forward = {
+      enable = mkEnableOption "Nginx Port Forward";
+      tcpPorts = mkOption {
+        type = with types; attrsOf (submodule portOpts);
+        default = {};
+      };
+      udpPorts = mkOption {
+        type = with types; attrsOf (submodule portOpts);
+        default = {};
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx.enable = true;
+    services.nginx.appendConfig = portForwardConf;
+    networking.firewall.allowedTCPPorts = mapAttrsToList ( port: dontcare: toInt port ) cfg.tcpPorts;
+    networking.firewall.allowedUDPPorts = mapAttrsToList ( port: dontcare: toInt port ) cfg.udpPorts;
+  };
+}