feat(nix): conditional adguard rewrite

sbulav · Nov 15, 2024 · a6ed3c9 · a6ed3c9
1 parent 2bb4808
commit a6ed3c9
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 29 deletions.
diff --git a/nix/modules/nixos/containers/adguard/default.nix b/nix/modules/nixos/containers/adguard/default.nix
@@ -22,6 +22,7 @@ in {
         app = "adguard";
         host = "${cfg.host}";
         url = "http://${cfg.localAddress}:3000";
+        route_enabled = cfg.enable;
       })
   ];
 

diff --git a/nix/modules/nixos/containers/authelia/default.nix b/nix/modules/nixos/containers/authelia/default.nix
@@ -25,9 +25,13 @@ in {
         host = "${cfg.host}";
         url = "http://${cfg.localAddress}:9091";
         middleware = "secure-headers";
+        route_enabled = cfg.enable;
       })
     (import ../shared/shared-adguard-dns-rewrite.nix
-      {host = "${cfg.host}";})
+      {
+        host = "${cfg.host}";
+        rewrite_enabled = cfg.enable;
+      })
   ];
 
   config = mkIf cfg.enable {
@@ -110,6 +114,9 @@ in {
                     domain = "${cfg.domain}";
                     authelia_url = "https://${cfg.host}";
                     default_redirection_url = "https://homepage.${cfg.domain}";
+                    expiration = "12h";
+                    inactivity = "4h";
+                    remember_me_duration = "1M";
                   }
                 ];
               };

diff --git a/nix/modules/nixos/containers/flood/default.nix b/nix/modules/nixos/containers/flood/default.nix
@@ -20,9 +20,13 @@ in {
         app = "flood";
         host = "${cfg.host}";
         url = "http://${cfg.localAddress}:3000";
+        route_enabled = cfg.enable;
       })
     (import ../shared/shared-adguard-dns-rewrite.nix
-      {host = "${cfg.host}";})
+      {
+        host = "${cfg.host}";
+        rewrite_enabled = cfg.enable;
+      })
   ];
 
   config = mkIf cfg.enable {

diff --git a/nix/modules/nixos/containers/homepage/default.nix b/nix/modules/nixos/containers/homepage/default.nix
@@ -21,9 +21,13 @@ in {
         app = "homepage";
         host = "${cfg.host}";
         url = "http://${cfg.localAddress}:8082";
+        route_enabled = cfg.enable;
       })
     (import ../shared/shared-adguard-dns-rewrite.nix
-      {host = "${cfg.host}";})
+      {
+        host = "${cfg.host}";
+        rewrite_enabled = cfg.enable;
+      })
   ];
   config = mkIf cfg.enable {
     containers.homepage = {

diff --git a/nix/modules/nixos/containers/nextcloud/default.nix b/nix/modules/nixos/containers/nextcloud/default.nix
@@ -24,9 +24,13 @@ in {
         app = "nextcloud";
         host = "${cfg.host}";
         url = "http://${cfg.localAddress}:80";
+        route_enabled = cfg.enable;
       })
     (import ../shared/shared-adguard-dns-rewrite.nix
-      {host = "${cfg.host}";})
+      {
+        host = "${cfg.host}";
+        rewrite_enabled = cfg.enable;
+      })
   ];
   config = mkIf cfg.enable {
     networking.nat = {

diff --git a/nix/modules/nixos/containers/shared/shared-adguard-dns-rewrite.nix b/nix/modules/nixos/containers/shared/shared-adguard-dns-rewrite.nix
@@ -2,12 +2,18 @@
 {
   host ? "test.sbulav.ru",
   url ? "adguard.sbulav.ru",
+  rewrite_enabled ? false,
   ...
 }: {
-  containers.adguard.config.services.adguardhome.settings.filtering.rewrites = [
-    {
-      domain = "${host}";
-      answer = "${url}";
+  containers.adguard.config.services.adguardhome.settings.filtering =
+    if rewrite_enabled
+    then {
+      rewrites = [
+        {
+          domain = "${host}";
+          answer = "${url}";
+        }
+      ];
     }
-  ];
+    else {};
 }
diff --git a/nix/modules/nixos/containers/shared/shared-traefik-route.nix b/nix/modules/nixos/containers/shared/shared-traefik-route.nix
@@ -4,27 +4,31 @@
   host ? "test.sbulav.ru",
   url ? "http://localhost:80",
   middleware ? "auth-chain",
+  route_enabled ? false,
   ...
 }: {
-  containers.traefik.config.services.traefik.dynamicConfigOptions.http = {
-    routers.${app} = {
-      entrypoints = ["websecure"];
-      rule = "Host(`${host}`)";
-      service = "${app}";
-      middlewares = ["${middleware}"];
-      tls = {
-        certResolver = "production";
+  containers.traefik.config.services.traefik.dynamicConfigOptions.http =
+    if route_enabled
+    then {
+      routers.${app} = {
+        entrypoints = ["websecure"];
+        rule = "Host(`${host}`)";
+        service = "${app}";
+        middlewares = ["${middleware}"];
+        tls = {
+          certResolver = "production";
+        };
       };
-    };
-    services.${app} = {
-      loadBalancer = {
-        passHostHeader = true;
-        servers = [
-          {
-            url = "${url}";
-          }
-        ];
+      services.${app} = {
+        loadBalancer = {
+          passHostHeader = true;
+          servers = [
+            {
+              url = "${url}";
+            }
+          ];
+        };
       };
-    };
-  };
+    }
+    else {};
 }
diff --git a/nix/modules/nixos/containers/traefik/default.nix b/nix/modules/nixos/containers/traefik/default.nix
@@ -21,7 +21,10 @@ in {
     ./middleware_allow-lan.nix
     ./middleware_secure-headers.nix
     (import ../shared/shared-adguard-dns-rewrite.nix
-      {host = "traefik.${cfg.domain}";})
+      {
+        host = "traefik.${cfg.domain}";
+        rewrite_enabled = cfg.enable;
+      })
   ];
 
   config = mkIf cfg.enable {