nginx: add netns
- Adds nginx to netns-isolation.services - Adds host option (defaults to localhost) as target of hidden service
This commit is contained in:
parent
ef89607704
commit
c542b92e55
@ -124,6 +124,10 @@ in {
|
|||||||
# communicates with clightning over lightning-rpc socket
|
# communicates with clightning over lightning-rpc socket
|
||||||
connections = [];
|
connections = [];
|
||||||
};
|
};
|
||||||
|
nginx = {
|
||||||
|
id = 21;
|
||||||
|
connections = [];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
@ -286,6 +290,9 @@ in {
|
|||||||
host = netns.nanopos.address;
|
host = netns.nanopos.address;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# nginx: Custom netns configs
|
||||||
|
services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address;
|
||||||
|
|
||||||
})
|
})
|
||||||
# Custom netns config option values if netns-isolation not enabled
|
# Custom netns config option values if netns-isolation not enabled
|
||||||
(mkIf (!cfg.enable) {
|
(mkIf (!cfg.enable) {
|
||||||
|
@ -39,6 +39,11 @@ in {
|
|||||||
If enabled, the webindex service will be installed.
|
If enabled, the webindex service will be installed.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
host = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = "HTTP server listen address.";
|
||||||
|
};
|
||||||
enforceTor = nix-bitcoin-services.enforceTor;
|
enforceTor = nix-bitcoin-services.enforceTor;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -61,9 +66,9 @@ in {
|
|||||||
};
|
};
|
||||||
services.tor.hiddenServices.nginx = {
|
services.tor.hiddenServices.nginx = {
|
||||||
map = [{
|
map = [{
|
||||||
port = 80;
|
port = 80; toHost = cfg.host;
|
||||||
} {
|
} {
|
||||||
port = 443;
|
port = 443; toHost = cfg.host;
|
||||||
}];
|
}];
|
||||||
version = 3;
|
version = 3;
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user