diff options
author | sefidel <contact@sefidel.net> | 2024-08-29 12:44:46 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2024-08-31 01:05:23 +0900 |
commit | 5a2557915b1aac117aa419019e9e4cd934eaa825 (patch) | |
tree | 5ff2051cc570d958e28b8b6413dc430814a59152 /modules/services/soju | |
parent | c9342fc119d11790ac1b9f4e4139b81cf663cd06 (diff) | |
download | infra-5a2557915b1aac117aa419019e9e4cd934eaa825.tar.gz infra-5a2557915b1aac117aa419019e9e4cd934eaa825.zip |
feat(modules/soju): add option to enable websocket
Diffstat (limited to 'modules/services/soju')
-rw-r--r-- | modules/services/soju/default.nix | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/modules/services/soju/default.nix b/modules/services/soju/default.nix index 557222e..a13c0a3 100644 --- a/modules/services/soju/default.nix +++ b/modules/services/soju/default.nix @@ -18,6 +18,10 @@ in hostName = mkOption { type = types.str; default = config.networking.hostName; }; port = mkOption { type = types.port; default = 6697; }; + websocket = { + enable = mkEnableOption "listen for websocket connection on port 443"; + allowedOrigins = mkOption { type = types.listOf types.str; default = [ ]; }; + }; tls = { enable = mkEnableOption "enable TLS encryption"; acmeHost = mkOption { type = types.str; }; @@ -29,12 +33,27 @@ in enable = true; extraGroups = [ "acme" ]; hostName = cfg.hostName; - listen = [ ":${toString cfg.port}" ]; + listen = [ "ircs://${cfg.hostName}:${toString cfg.port}" ] + ++ optionals (cfg.websocket.enable) [ "ws+insecure://localhost:3030" ]; + httpOrigins = cfg.websocket.allowedOrigins; } // optionalAttrs cfg.tls.enable { tlsCertificate = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/cert.pem"; tlsCertificateKey = "${config.security.acme.certs.${cfg.tls.acmeHost}.directory}/key.pem"; }; + services.nginx.virtualHosts.${cfg.hostName} = mkIf cfg.websocket.enable { + forceSSL = true; + useACMEHost = cfg.tls.acmeHost; + locations."/" = { + proxyPass = "http://localhost:3030"; + proxyWebsockets = true; + + extraConfig = '' + proxy_read_timeout 600s; + ''; + }; + }; + systemd.services.soju = { after = [ "acme-finished-${cfg.tls.acmeHost}.target" ]; }; |