clerie/nixfiles
1
0
Fork 0
Code Activity

hosts/porter: Resolve nginx proxy upstreams via unbound

Browse Source
This commit is contained in:
clerie
2025-06-24 16:42:03 +02:00
parent e24190ae08
commit 86bfe85982
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/gatekeeper/configuration.nix
View File

@@ -131,6 +131,7 @@
clerie.nginx-port-forward = { clerie.nginx-port-forward = {
enable = true; enable = true;
resolver = "127.0.0.53";
tcpPorts."443" = { tcpPorts."443" = {
host = "localhost"; host = "localhost";
port = 22; port = 22;

11
hosts/porter/configuration.nix
View File

@@ -28,8 +28,19 @@
profiles.clerie.common-webserver.httpDefaultVirtualHost = false; profiles.clerie.common-webserver.httpDefaultVirtualHost = false;
services.unbound = {
enable = true;
resolveLocalQueries = false;
settings = {
server = {
interface = [ "127.0.0.1" ];
};
};
};
clerie.nginx-port-forward = { clerie.nginx-port-forward = {
enable = true; enable = true;
resolver = "127.0.0.1";
tcpPorts."80" = { tcpPorts."80" = {
host = "baikonur.dyn.weimarnetz.de"; host = "baikonur.dyn.weimarnetz.de";
port = 80; port = 80;

6
modules/nginx-port-forward/default.nix
View File

@@ -9,7 +9,7 @@ let
mkServerBlock = isUDP: port: forward: '' mkServerBlock = isUDP: port: forward: ''
server { server {
resolver 127.0.0.53 ipv4=off valid=30s; resolver ${cfg.resolver} ipv4=off valid=30s;
listen ${port}${optionalString isUDP " udp"}${optionalString (forward.certName != null) " ssl"}; listen ${port}${optionalString isUDP " udp"}${optionalString (forward.certName != null) " ssl"};
listen [::]:${port}${optionalString isUDP " udp"}${optionalString (forward.certName != null) " ssl"}; listen [::]:${port}${optionalString isUDP " udp"}${optionalString (forward.certName != null) " ssl"};
@@ -54,6 +54,10 @@ in
options = { options = {
clerie.nginx-port-forward = { clerie.nginx-port-forward = {
enable = mkEnableOption "Nginx Port Forward"; enable = mkEnableOption "Nginx Port Forward";
resolver = mkOption {
type = types.str;
description = "IP address of the resolver to use for upstream hostnames";
};
tcpPorts = mkOption { tcpPorts = mkOption {
type = with types; attrsOf (submodule portOpts); type = with types; attrsOf (submodule portOpts);
default = {}; default = {};