{tsuki/dosei}: set up wstunnel

2024-06-29 02:14:31 +02:00
parent 8946e517a9
commit 09d0bc29e0
8 changed files with 538 additions and 3 deletions
--- a/hosts/dosei/configuration.nix
+++ b/hosts/dosei/configuration.nix
@@ -6,6 +6,7 @@
    ./services/avahi.nix
    ./services/docker.nix
    ./services/jenkins.nix
+    ./services/wstunnel.nix
  ];

  boot.loader.systemd-boot.enable = true;
--- a/hosts/dosei/services/wstunnel.nix
+++ b/hosts/dosei/services/wstunnel.nix
@@ -0,0 +1,27 @@
+{ config, ... }:
+{
+  imports = [
+    ../../../modules/wstunnel.nix
+  ];
+  disabledModules = [
+    "services/networking/wstunnel.nix"
+  ];
+
+  # NOTE: Contains
+  # - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
+  # - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
+  sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
+    sopsFile = ../../../secrets/common.yaml;
+  };
+
+  services.wstunnel = {
+    enable = true;
+    clients."ws-tsuki" = {
+      connectTo = "wss://ws.nani.wtf";
+      localToRemote = [
+        "tcp://10022:localhost:22"
+      ];
+      environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
+    };
+  };
+}
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@@ -20,6 +20,7 @@
    ./services/taskserver.nix
    ./services/vaultwarden.nix
    ./services/vscode-server.nix
+    ./services/wstunnel.nix

    ./services/scrapers/nhk-easy-news/default.nix
  ];
--- a/hosts/tsuki/services/nginx/default.nix
+++ b/hosts/tsuki/services/nginx/default.nix
@@ -51,6 +51,11 @@
      "osuchan".servers."localhost:${s ports.osuchan}" = { };
      "plex".servers."localhost:${s ports.plex}" = { };
      "vaultwarden".servers."unix:${sa.vaultwarden.newSocketAddress}" = { };
+      "wstunnel".servers = let
+        inherit (config.services.wstunnel.servers."ws-tsuki".listen) host port;
+      in {
+        "${host}:${s port}" = { };
+      };
    };

    virtualHosts = let
@@ -189,6 +194,8 @@
      #   };
      # })

+      (proxy ["ws"] "http://wstunnel" enableWebsockets)
+
      (host ["h7x4-stickers"] {})
      (host ["pingu-stickers"] {})
    ]));
--- a/hosts/tsuki/services/wstunnel.nix
+++ b/hosts/tsuki/services/wstunnel.nix
@@ -0,0 +1,28 @@
+{ config, ... }:
+{
+  imports = [
+    ../../../modules/wstunnel.nix
+  ];
+  disabledModules = [
+    "services/networking/wstunnel.nix"
+  ];
+
+  # NOTE: Contains
+  # - WSTUNNEL_HTTP_UPGRADE_PATH_PREFIX
+  # - WSTUNNEL_RESTRICT_HTTP_UPGRADE_PATH_PREFIX
+  sops.secrets."wstunnel/http-upgrade-path-prefix-envvars" = {
+    sopsFile = ../../../secrets/common.yaml;
+  };
+
+  services.wstunnel = {
+    enable = true;
+    servers."ws-tsuki" = {
+      listen = {
+        host = "127.0.0.1";
+        port = 8789;
+      };
+      enableHTTPS = false;
+      environmentFile = config.sops.secrets."wstunnel/http-upgrade-path-prefix-envvars".path;
+    };
+  };
+}