commit 5ac8980be519a7ff9e2c29e933065538b6aa5454
parent a53ecfce6a4827950bfc71f597c39e2fa2271f20
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 10 Dec 2023 14:28:56 +0100
parent a53ecfce6a4827950bfc71f597c39e2fa2271f20
Author: Leah (ctucx) <git@ctu.cx>
Date: Sun, 10 Dec 2023 14:28:56 +0100
nginx proxyPass: read port/listenAddress from config, if possible
9 files changed, 16 insertions(+), 14 deletions(-)
diff --git a/configurations/linux/services/prometheus-exporters.nix b/configurations/linux/services/prometheus-exporters.nix @@ -5,12 +5,14 @@ services = { prometheus.exporters.node.enable = true; prometheus.exporters.node.listenAddress = "[::1]"; + prometheus.exporters.node.port = 9100; prometheus.exporters.node.enabledCollectors = [ "systemd" "processes" ]; prometheus.exporters.systemd.enable = true; prometheus.exporters.systemd.listenAddress = "[::1]"; + prometheus.exporters.systemd.port = 9558; nginx = { enable = true; @@ -18,8 +20,8 @@ enableACME = lib.mkDefault true; forceSSL = lib.mkDefault true; kTLS = lib.mkDefault true; - locations."/node-exporter".proxyPass = "http://[::1]:9100/metrics"; - locations."/systemd-exporter".proxyPass = "http://[::1]:9558/metrics"; + locations."/node-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}/metrics"; + locations."/systemd-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}/metrics"; }; }; };
diff --git a/configurations/linux/services/restic-server.nix b/configurations/linux/services/restic-server.nix @@ -27,7 +27,7 @@ forceSSL = lib.mkDefault true; kTLS = lib.mkDefault true; locations."/" = { - proxyPass = "http://[::1]:8000/"; + proxyPass = "http://${toString config.services.restic.server.listenAddress}/"; extraConfig = '' client_max_body_size 10G; auth_basic Auth;
diff --git a/configurations/linux/services/syncthing-nginx.nix b/configurations/linux/services/syncthing-nginx.nix @@ -22,7 +22,7 @@ enableACME = true; forceSSL = true; kTLS = true; - locations."/".proxyPass = "http://[::1]:8384/"; + locations."/".proxyPass = "http://${toString config.services.syncthing.guiAddress}"; }; }; };
diff --git a/machines/briefkasten/gotosocial.nix b/machines/briefkasten/gotosocial.nix @@ -78,12 +78,12 @@ in { "= /".return = "307 /@leah"; "/" = { - proxyPass = "http://[::1]:8085"; + proxyPass = "http://${toString config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port}"; proxyWebsockets = true; }; "~ /.well-known/(webfinger|host-meta)$" = { - proxyPass = "http://[::1]:8085"; + proxyPass = "http://${toString config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port}"; extraConfig = '' proxy_cache gotosocial_ap_public_responses; proxy_cache_background_update on; @@ -96,7 +96,7 @@ in { }; "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { - proxyPass = "http://[::1]:8085"; + proxyPass = "http://${toString config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port}"; extraConfig = '' proxy_cache gotosocial_ap_public_responses; proxy_cache_background_update on;
diff --git a/machines/briefkasten/smarthome/influxdb2.nix b/machines/briefkasten/smarthome/influxdb2.nix @@ -29,7 +29,7 @@ enableACME = lib.mkIf config.networking.usePBBUplink true; forceSSL = lib.mkIf config.networking.usePBBUplink true; kTLS = lib.mkIf config.networking.usePBBUplink true; - locations."/".proxyPass = "http://[::1]:8086/"; + locations."/".proxyPass = "http://${toString config.services.influxdb2.settings.http-bind-address}/"; }; };
diff --git a/machines/briefkasten/smarthome/zigbee2mqtt.nix b/machines/briefkasten/smarthome/zigbee2mqtt.nix @@ -35,7 +35,7 @@ forceSSL = lib.mkIf config.networking.usePBBUplink true; kTLS = lib.mkIf config.networking.usePBBUplink true; locations."/" = { - proxyPass = "http://[::1]:8422"; + proxyPass = "http://[::1]:${toString config.services.zigbee2mqtt.settings.frontend.port}"; proxyWebsockets = true; extraConfig = '' auth_basic Auth;
diff --git a/machines/trabbi/fedi/gotosocial.nix b/machines/trabbi/fedi/gotosocial.nix @@ -84,12 +84,12 @@ in { "= /".return = "307 /@leah"; "/" = { - proxyPass = "http://[::1]:8085"; + proxyPass = "http://${toString config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port}"; proxyWebsockets = true; }; "~ /.well-known/(webfinger|host-meta)$" = { - proxyPass = "http://[::1]:8085"; + proxyPass = "http://${toString config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port}"; extraConfig = '' proxy_cache gotosocial_ap_public_responses; proxy_cache_background_update on; @@ -102,7 +102,7 @@ in { }; "~ ^\/users\/(?:[a-z0-9_\.]+)\/main-key$" = { - proxyPass = "http://[::1]:8085"; + proxyPass = "http://${toString config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port}"; extraConfig = '' proxy_cache gotosocial_ap_public_responses; proxy_cache_background_update on;
diff --git a/machines/trabbi/grafana/default.nix b/machines/trabbi/grafana/default.nix @@ -83,7 +83,7 @@ enableACME = true; forceSSL = true; kTLS = true; - locations."/".proxyPass = "http://[::1]:3001/"; + locations."/".proxyPass = "http://[::1]:${toString config.services.grafana.settings.server.http_port}/"; }; }; };
diff --git a/machines/trabbi/prometheus.nix b/machines/trabbi/prometheus.nix @@ -54,7 +54,7 @@ enableACME = true; forceSSL = true; kTLS = true; - locations."/".proxyPass = "http://[::1]:9090/"; + locations."/".proxyPass = "http://[::1]:${toString config.services.prometheus.port}/"; }; };