From c6ada17a450e16b5b1b8d5c39cd3c080bea608dd Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@private.storage>
Date: Tue, 10 Aug 2021 13:39:47 +0000
Subject: [PATCH] Pull internal payment server port number 1061 out into a
 variable

... so it can be used in the nginx config instead of duplicating the number
---
 nixos/modules/issuer.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 676b60bc..382b2ee6 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -119,6 +119,8 @@ in {
       # list.
       domain = builtins.head cfg.domains;
       certServiceName = "acme-${domain}";
+      # Payment server internal http port (arbitrary, non-priviledged):
+      internalHttpPort = "1061";
 
     in lib.mkIf cfg.enable {
     # Add a systemd service to run PaymentServer.
@@ -165,8 +167,7 @@ in {
             if cfg.database == "Memory"
               then "--database Memory"
               else "--database SQLite3 --database-path ${cfg.databasePath}";
-          # Arbitrary non-priviledged port:
-          httpArgs = "--http-port 1061";
+          httpArgs = "--http-port ${internalHttpPort}";
 
           prefixOption = s: "--cors-origin=" + s;
           originStrings = map prefixOption cfg.allowedChargeOrigins;
@@ -206,7 +207,7 @@ in {
         enableACME = cfg.tls;
         forceSSL = cfg.tls;
         locations."/" = {
-          proxyPass = "http://127.0.0.1:1061";
+          proxyPass = "http://127.0.0.1:${internalHttpPort}";
         };
         locations."/metrics" = {
           # Only allow our monitoringvpn subnet
@@ -214,7 +215,7 @@ in {
             allow 172.23.23.0/24;
             deny all;
           '';
-          proxyPass = "http://127.0.0.1:1061";
+          proxyPass = "http://127.0.0.1:${internalHttpPort}";
         };
       };
     };
-- 
GitLab