cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

migrate chunk to caddy module

Browse source 
Signed-off-by: cy <cy@cy7.sh>
This commit is contained in:
cy 2025-01-27 05:49:00 -05:00
parent a9a3ee8413
commit 39111afeae
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
16 changed files with 91 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hosts/chunk/adguard.nix
View file

@ -21,4 +21,9 @@
];
};
};
services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8082
'';
}

5
hosts/chunk/attic.nix
View file

@ -31,4 +31,9 @@
};
};
};
services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8090
'';
}

5
hosts/chunk/conduwuit.nix
View file

@ -10,4 +10,9 @@
allow_check_for_updates = true;
};
};
services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8448
'';
}

12
hosts/chunk/default.nix
View file

@ -183,11 +183,13 @@
programs.gnupg.agent.enable = true;
programs.git.enable = true;
services.caddy = {
enable = true;
configFile = ./Caddyfile;
environmentFile = config.sops.secrets."caddy/env".path;
logFormat = lib.mkForce "level INFO";
my.caddy.enable = true;
services.caddy.virtualHosts."cy7.sh" = {
serverAliases = [ "www.cy7.sh" ];
extraConfig = ''
import common
redir https://cything.io temporary
'';
};
# container stuff

5
hosts/chunk/deluge.nix
View file

@ -7,4 +7,9 @@
port = 8112;
};
};
services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8112
'';
}

5
hosts/chunk/element.nix
View file

@ -25,4 +25,9 @@
${pkgs.podman}/bin/podman network create element-net
'';
};
services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8089
'';
}

16
hosts/chunk/forgejo.nix
View file

@ -30,4 +30,20 @@
name = "git";
};
};
services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3000
'';
services.caddy.virtualHosts."git.cything.io".extraConfig = ''
import common
# wrap in route so things are evaluated in the order written
route {
# rewrite gitlab URIs to make it work with forgejo
uri path_regexp /-/ /
uri replace /blob/ /src/
redir https://git.cy7.sh{uri} permanent
}
'';
}

5
hosts/chunk/garage.nix
View file

@ -16,4 +16,9 @@
};
environmentFile = config.sops.secrets."garage/env".path;
};
services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3900
'';
}

5
hosts/chunk/grafana.nix
View file

@ -31,4 +31,9 @@
}
];
};
services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8088
'';
}

5
hosts/chunk/hedgedoc.nix
View file

@ -16,4 +16,9 @@
protocolUseSSL = true;
};
};
services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8085
'';
}

5
hosts/chunk/immich.nix
View file

@ -95,4 +95,9 @@ in
${pkgs.podman}/bin/podman network create immich-net
'';
};
services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:2283
'';
}

5
hosts/chunk/miniflux.nix
View file

@ -9,4 +9,9 @@
FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
};
};
services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8080
'';
}

5
hosts/chunk/redlib.nix
View file

@ -10,4 +10,9 @@
REDLIB_ROBOTS_DISABLE_INDEXING = "on";
};
};
services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8087
'';
}

5
hosts/chunk/vaultwarden.nix
View file

@ -10,4 +10,9 @@
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
};
};
services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8081
'';
}

16
modules/caddy.nix
View file

@ -1,29 +1,27 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.caddy;
commonExtraConfig = ''
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
'';
in
{
options.my.caddy = {
enable = lib.mkEnableOption "caddy reverse proxy";
acmeCa = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services.caddy = {
enable = true;
logFormat = lib.mkForce "level INFO";
acmeCa = "https://acme-v02.api.letsencrypt.org/directory";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
extraConfig = ''
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
'';
};
};
}

1
modules/default.nix
View file

@ -2,5 +2,6 @@
{
imports = [
./backup.nix
./caddy.nix
];
}