From c542b92e55d06a169e018d70565cfcf0e1b5d9a4 Mon Sep 17 00:00:00 2001 From: nixbitcoin Date: Wed, 10 Jun 2020 14:48:20 +0000 Subject: [PATCH] nginx: add netns - Adds nginx to netns-isolation.services - Adds host option (defaults to localhost) as target of hidden service --- modules/netns-isolation.nix | 7 +++++++ modules/nix-bitcoin-webindex.nix | 9 +++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix index 6371a6c..22eaf12 100644 --- a/modules/netns-isolation.nix +++ b/modules/netns-isolation.nix @@ -124,6 +124,10 @@ in { # communicates with clightning over lightning-rpc socket connections = []; }; + nginx = { + id = 21; + connections = []; + }; }; systemd.services = { @@ -286,6 +290,9 @@ in { host = netns.nanopos.address; }; + # nginx: Custom netns configs + services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address; + }) # Custom netns config option values if netns-isolation not enabled (mkIf (!cfg.enable) { diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix index a259ca1..b75ab2e 100644 --- a/modules/nix-bitcoin-webindex.nix +++ b/modules/nix-bitcoin-webindex.nix @@ -39,6 +39,11 @@ in { If enabled, the webindex service will be installed. ''; }; + host = mkOption { + type = types.str; + default = "localhost"; + description = "HTTP server listen address."; + }; enforceTor = nix-bitcoin-services.enforceTor; }; @@ -61,9 +66,9 @@ in { }; services.tor.hiddenServices.nginx = { map = [{ - port = 80; + port = 80; toHost = cfg.host; } { - port = 443; + port = 443; toHost = cfg.host; }]; version = 3; };