archtechx/nix
1
0
Fork 0
mirror of https://github.com/archtechx/nix.git synced 2025-12-12 03:24:02 +00:00
Code Activity
nix/realip.nix
Samuel Štancl ecf65b125d Add realip.nix
2025-08-28 17:58:26 +02:00

20 lines
714 B
Nix
Raw Blame History

{ pkgs, lib, ... }: {
services.nginx.commonHttpConfig =
let
realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from ${x};");
fileToList = x: lib.strings.splitString "\n" (builtins.readFile x);
cfipv4 = fileToList (pkgs.fetchurl {
url = "https://www.cloudflare.com/ips-v4";
sha256 = "0ywy9sg7spafi3gm9q5wb59lbiq0swvf0q3iazl0maq1pj1nsb7h";
});
cfipv6 = fileToList (pkgs.fetchurl {
url = "https://www.cloudflare.com/ips-v6";
sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy";
});
in
''
${realIpsFromList cfipv4}
${realIpsFromList cfipv6}
real_ip_header CF-Connecting-IP;
'';
}
View git blame Copy permalink