nginx: add netns

- Adds nginx to netns-isolation.services
- Adds host option (defaults to localhost) as target of hidden service

modules/netns-isolation.nix

@@ -124,6 +124,10 @@ in {
           # communicates with clightning over lightning-rpc socket
           connections = [];
         };
+        nginx = {
+          id = 21;
+          connections = [];
+        };
       };
 
       systemd.services = {
@@ -286,6 +290,9 @@ in {
         host = netns.nanopos.address;
       };
 
+      # nginx: Custom netns configs
+      services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address;
+
     })
     # Custom netns config option values if netns-isolation not enabled
     (mkIf (!cfg.enable) {

modules/nix-bitcoin-webindex.nix

@@ -39,6 +39,11 @@ in {
         If enabled, the webindex service will be installed.
       '';
     };
+    host = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "HTTP server listen address.";
+    };
     enforceTor =  nix-bitcoin-services.enforceTor;
   };
 
@@ -61,9 +66,9 @@ in {
     };
     services.tor.hiddenServices.nginx = {
       map = [{
-        port = 80;
+        port = 80; toHost = cfg.host;
       } {
-        port = 443;
+        port = 443; toHost = cfg.host;
       }];
       version = 3;
     };