From c542b92e55d06a169e018d70565cfcf0e1b5d9a4 Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Wed, 10 Jun 2020 14:48:20 +0000
Subject: [PATCH] nginx: add netns

- Adds nginx to netns-isolation.services
- Adds host option (defaults to localhost) as target of hidden service
---
 modules/netns-isolation.nix      | 7 +++++++
 modules/nix-bitcoin-webindex.nix | 9 +++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 6371a6c..22eaf12 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -124,6 +124,10 @@ in {
           # communicates with clightning over lightning-rpc socket
           connections = [];
         };
+        nginx = {
+          id = 21;
+          connections = [];
+        };
       };
 
       systemd.services = {
@@ -286,6 +290,9 @@ in {
         host = netns.nanopos.address;
       };
 
+      # nginx: Custom netns configs
+      services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address;
+
     })
     # Custom netns config option values if netns-isolation not enabled
     (mkIf (!cfg.enable) {
diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix
index a259ca1..b75ab2e 100644
--- a/modules/nix-bitcoin-webindex.nix
+++ b/modules/nix-bitcoin-webindex.nix
@@ -39,6 +39,11 @@ in {
         If enabled, the webindex service will be installed.
       '';
     };
+    host = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "HTTP server listen address.";
+    };
     enforceTor =  nix-bitcoin-services.enforceTor;
   };
 
@@ -61,9 +66,9 @@ in {
     };
     services.tor.hiddenServices.nginx = {
       map = [{
-        port = 80;
+        port = 80; toHost = cfg.host;
       } {
-        port = 443;
+        port = 443; toHost = cfg.host;
       }];
       version = 3;
     };