nginx: add netns

- Adds nginx to netns-isolation.services
- Adds host option (defaults to localhost) as target of hidden service
This commit is contained in:
nixbitcoin 2020-06-10 14:48:20 +00:00
parent ef89607704
commit c542b92e55
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
2 changed files with 14 additions and 2 deletions

View File

@ -124,6 +124,10 @@ in {
# communicates with clightning over lightning-rpc socket # communicates with clightning over lightning-rpc socket
connections = []; connections = [];
}; };
nginx = {
id = 21;
connections = [];
};
}; };
systemd.services = { systemd.services = {
@ -286,6 +290,9 @@ in {
host = netns.nanopos.address; host = netns.nanopos.address;
}; };
# nginx: Custom netns configs
services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address;
}) })
# Custom netns config option values if netns-isolation not enabled # Custom netns config option values if netns-isolation not enabled
(mkIf (!cfg.enable) { (mkIf (!cfg.enable) {

View File

@ -39,6 +39,11 @@ in {
If enabled, the webindex service will be installed. If enabled, the webindex service will be installed.
''; '';
}; };
host = mkOption {
type = types.str;
default = "localhost";
description = "HTTP server listen address.";
};
enforceTor = nix-bitcoin-services.enforceTor; enforceTor = nix-bitcoin-services.enforceTor;
}; };
@ -61,9 +66,9 @@ in {
}; };
services.tor.hiddenServices.nginx = { services.tor.hiddenServices.nginx = {
map = [{ map = [{
port = 80; port = 80; toHost = cfg.host;
} { } {
port = 443; port = 443; toHost = cfg.host;
}]; }];
version = 3; version = 3;
}; };