From a6ed3c9842c2c727c8de713bd25b44940ecc9521 Mon Sep 17 00:00:00 2001 From: Sergei Bulavintsev Date: Fri, 15 Nov 2024 18:08:20 +0300 Subject: [PATCH] feat(nix): conditional adguard rewrite --- .../nixos/containers/adguard/default.nix | 1 + .../nixos/containers/authelia/default.nix | 9 +++- .../nixos/containers/flood/default.nix | 6 ++- .../nixos/containers/homepage/default.nix | 6 ++- .../nixos/containers/nextcloud/default.nix | 6 ++- .../shared/shared-adguard-dns-rewrite.nix | 16 ++++--- .../shared/shared-traefik-route.nix | 42 ++++++++++--------- .../nixos/containers/traefik/default.nix | 5 ++- 8 files changed, 62 insertions(+), 29 deletions(-) diff --git a/nix/modules/nixos/containers/adguard/default.nix b/nix/modules/nixos/containers/adguard/default.nix index 3c5395d..448cf4b 100644 --- a/nix/modules/nixos/containers/adguard/default.nix +++ b/nix/modules/nixos/containers/adguard/default.nix @@ -22,6 +22,7 @@ in { app = "adguard"; host = "${cfg.host}"; url = "http://${cfg.localAddress}:3000"; + route_enabled = cfg.enable; }) ]; diff --git a/nix/modules/nixos/containers/authelia/default.nix b/nix/modules/nixos/containers/authelia/default.nix index 5a7900b..91228dd 100644 --- a/nix/modules/nixos/containers/authelia/default.nix +++ b/nix/modules/nixos/containers/authelia/default.nix @@ -25,9 +25,13 @@ in { host = "${cfg.host}"; url = "http://${cfg.localAddress}:9091"; middleware = "secure-headers"; + route_enabled = cfg.enable; }) (import ../shared/shared-adguard-dns-rewrite.nix - {host = "${cfg.host}";}) + { + host = "${cfg.host}"; + rewrite_enabled = cfg.enable; + }) ]; config = mkIf cfg.enable { @@ -110,6 +114,9 @@ in { domain = "${cfg.domain}"; authelia_url = "https://${cfg.host}"; default_redirection_url = "https://homepage.${cfg.domain}"; + expiration = "12h"; + inactivity = "4h"; + remember_me_duration = "1M"; } ]; }; diff --git a/nix/modules/nixos/containers/flood/default.nix b/nix/modules/nixos/containers/flood/default.nix index 74ac4db..b1e9ec0 100644 --- a/nix/modules/nixos/containers/flood/default.nix +++ b/nix/modules/nixos/containers/flood/default.nix @@ -20,9 +20,13 @@ in { app = "flood"; host = "${cfg.host}"; url = "http://${cfg.localAddress}:3000"; + route_enabled = cfg.enable; }) (import ../shared/shared-adguard-dns-rewrite.nix - {host = "${cfg.host}";}) + { + host = "${cfg.host}"; + rewrite_enabled = cfg.enable; + }) ]; config = mkIf cfg.enable { diff --git a/nix/modules/nixos/containers/homepage/default.nix b/nix/modules/nixos/containers/homepage/default.nix index 3536840..8f2e71c 100644 --- a/nix/modules/nixos/containers/homepage/default.nix +++ b/nix/modules/nixos/containers/homepage/default.nix @@ -21,9 +21,13 @@ in { app = "homepage"; host = "${cfg.host}"; url = "http://${cfg.localAddress}:8082"; + route_enabled = cfg.enable; }) (import ../shared/shared-adguard-dns-rewrite.nix - {host = "${cfg.host}";}) + { + host = "${cfg.host}"; + rewrite_enabled = cfg.enable; + }) ]; config = mkIf cfg.enable { containers.homepage = { diff --git a/nix/modules/nixos/containers/nextcloud/default.nix b/nix/modules/nixos/containers/nextcloud/default.nix index 0a35601..e85f923 100644 --- a/nix/modules/nixos/containers/nextcloud/default.nix +++ b/nix/modules/nixos/containers/nextcloud/default.nix @@ -24,9 +24,13 @@ in { app = "nextcloud"; host = "${cfg.host}"; url = "http://${cfg.localAddress}:80"; + route_enabled = cfg.enable; }) (import ../shared/shared-adguard-dns-rewrite.nix - {host = "${cfg.host}";}) + { + host = "${cfg.host}"; + rewrite_enabled = cfg.enable; + }) ]; config = mkIf cfg.enable { networking.nat = { diff --git a/nix/modules/nixos/containers/shared/shared-adguard-dns-rewrite.nix b/nix/modules/nixos/containers/shared/shared-adguard-dns-rewrite.nix index 5216f83..e0f1ffd 100644 --- a/nix/modules/nixos/containers/shared/shared-adguard-dns-rewrite.nix +++ b/nix/modules/nixos/containers/shared/shared-adguard-dns-rewrite.nix @@ -2,12 +2,18 @@ { host ? "test.sbulav.ru", url ? "adguard.sbulav.ru", + rewrite_enabled ? false, ... }: { - containers.adguard.config.services.adguardhome.settings.filtering.rewrites = [ - { - domain = "${host}"; - answer = "${url}"; + containers.adguard.config.services.adguardhome.settings.filtering = + if rewrite_enabled + then { + rewrites = [ + { + domain = "${host}"; + answer = "${url}"; + } + ]; } - ]; + else {}; } diff --git a/nix/modules/nixos/containers/shared/shared-traefik-route.nix b/nix/modules/nixos/containers/shared/shared-traefik-route.nix index e065e39..87cda6c 100644 --- a/nix/modules/nixos/containers/shared/shared-traefik-route.nix +++ b/nix/modules/nixos/containers/shared/shared-traefik-route.nix @@ -4,27 +4,31 @@ host ? "test.sbulav.ru", url ? "http://localhost:80", middleware ? "auth-chain", + route_enabled ? false, ... }: { - containers.traefik.config.services.traefik.dynamicConfigOptions.http = { - routers.${app} = { - entrypoints = ["websecure"]; - rule = "Host(`${host}`)"; - service = "${app}"; - middlewares = ["${middleware}"]; - tls = { - certResolver = "production"; + containers.traefik.config.services.traefik.dynamicConfigOptions.http = + if route_enabled + then { + routers.${app} = { + entrypoints = ["websecure"]; + rule = "Host(`${host}`)"; + service = "${app}"; + middlewares = ["${middleware}"]; + tls = { + certResolver = "production"; + }; }; - }; - services.${app} = { - loadBalancer = { - passHostHeader = true; - servers = [ - { - url = "${url}"; - } - ]; + services.${app} = { + loadBalancer = { + passHostHeader = true; + servers = [ + { + url = "${url}"; + } + ]; + }; }; - }; - }; + } + else {}; } diff --git a/nix/modules/nixos/containers/traefik/default.nix b/nix/modules/nixos/containers/traefik/default.nix index 8901f5a..971462c 100644 --- a/nix/modules/nixos/containers/traefik/default.nix +++ b/nix/modules/nixos/containers/traefik/default.nix @@ -21,7 +21,10 @@ in { ./middleware_allow-lan.nix ./middleware_secure-headers.nix (import ../shared/shared-adguard-dns-rewrite.nix - {host = "traefik.${cfg.domain}";}) + { + host = "traefik.${cfg.domain}"; + rewrite_enabled = cfg.enable; + }) ]; config = mkIf cfg.enable {