From cad577b1931eabc568f7eef6659e5405f20a1eec Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 27 Jan 2025 05:49:00 -0500 Subject: [PATCH] migrate chunk to caddy module Signed-off-by: cy --- hosts/chunk/Caddyfile | 89 ------------------------------------- hosts/chunk/adguard.nix | 5 +++ hosts/chunk/attic.nix | 5 +++ hosts/chunk/conduwuit.nix | 5 +++ hosts/chunk/default.nix | 12 ++--- hosts/chunk/deluge.nix | 5 +++ hosts/chunk/element.nix | 5 +++ hosts/chunk/forgejo.nix | 16 +++++++ hosts/chunk/garage.nix | 5 +++ hosts/chunk/grafana.nix | 5 +++ hosts/chunk/hedgedoc.nix | 5 +++ hosts/chunk/immich.nix | 5 +++ hosts/chunk/miniflux.nix | 5 +++ hosts/chunk/redlib.nix | 5 +++ hosts/chunk/vaultwarden.nix | 5 +++ modules/caddy.nix | 16 +++---- modules/default.nix | 1 + 17 files changed, 91 insertions(+), 103 deletions(-) delete mode 100644 hosts/chunk/Caddyfile diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile deleted file mode 100644 index 5e56278..0000000 --- a/hosts/chunk/Caddyfile +++ /dev/null @@ -1,89 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -git.cything.io { - import common - - # wrap in route so things are evaluated in the order written - route { - # rewrite gitlab URIs to make it work with forgejo - uri path_regexp /-/ / - uri replace /blob/ /src/ - redir https://git.cy7.sh{uri} permanent - } -} - -git.cy7.sh { - import common - reverse_proxy localhost:3000 -} - -rss.cy7.sh { - import common - reverse_proxy localhost:8080 -} - -photos.cy7.sh { - import common - reverse_proxy localhost:2283 -} - -chat.cything.io { - import common - reverse_proxy localhost:8448 -} - -pass.cy7.sh { - import common - reverse_proxy localhost:8081 -} - -dns.cything.io { - import common - reverse_proxy localhost:8082 -} - -pad.cything.io { - import common - reverse_proxy localhost:8085 -} - -red.cything.io { - import common - reverse_proxy localhost:8087 -} - -grafana.cything.io { - import common - reverse_proxy localhost:8088 -} - -element.cything.io { - import common - reverse_proxy localhost:8089 -} - -cache.cything.io { - import common - reverse_proxy localhost:8090 -} - -s3.cy7.sh { - import common - reverse_proxy localhost:3900 -} - -admin.s3.cy7.sh { - import common - reverse_proxy localhost:3903 -} diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix index fe4b9bb..74207fc 100644 --- a/hosts/chunk/adguard.nix +++ b/hosts/chunk/adguard.nix @@ -21,4 +21,9 @@ ]; }; }; + + services.caddy.virtualHosts."dns.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8082 + ''; } diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix index 2f84394..c41e985 100644 --- a/hosts/chunk/attic.nix +++ b/hosts/chunk/attic.nix @@ -31,4 +31,9 @@ }; }; }; + + services.caddy.virtualHosts."cache.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8090 + ''; } diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 25c85ab..8aa8998 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -10,4 +10,9 @@ allow_check_for_updates = true; }; }; + + services.caddy.virtualHosts."chat.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8448 + ''; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 6021b41..577e9b5 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -183,11 +183,13 @@ programs.gnupg.agent.enable = true; programs.git.enable = true; - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; + my.caddy.enable = true; + services.caddy.virtualHosts."cy7.sh" = { + serverAliases = [ "www.cy7.sh" ]; + extraConfig = '' + import common + redir https://cything.io temporary + ''; }; # container stuff diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix index 638c728..5dd3fd4 100644 --- a/hosts/chunk/deluge.nix +++ b/hosts/chunk/deluge.nix @@ -7,4 +7,9 @@ port = 8112; }; }; + + services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8112 + ''; } diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix index 81ab246..5a12e1e 100644 --- a/hosts/chunk/element.nix +++ b/hosts/chunk/element.nix @@ -25,4 +25,9 @@ ${pkgs.podman}/bin/podman network create element-net ''; }; + + services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8089 + ''; } diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index fd842ce..26fb541 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -30,4 +30,20 @@ name = "git"; }; }; + + services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3000 + ''; + services.caddy.virtualHosts."git.cything.io".extraConfig = '' + import common + + # wrap in route so things are evaluated in the order written + route { + # rewrite gitlab URIs to make it work with forgejo + uri path_regexp /-/ / + uri replace /blob/ /src/ + redir https://git.cy7.sh{uri} permanent + } + ''; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index fe3ef46..75730a1 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -16,4 +16,9 @@ }; environmentFile = config.sops.secrets."garage/env".path; }; + + services.caddy.virtualHosts."s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3900 + ''; } diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 0575f51..007bcf1 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -31,4 +31,9 @@ } ]; }; + + services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8088 + ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1988520..62505f9 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -16,4 +16,9 @@ protocolUseSSL = true; }; }; + + services.caddy.virtualHosts."pad.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8085 + ''; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 2062330..9661e8c 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -95,4 +95,9 @@ in ${pkgs.podman}/bin/podman network create immich-net ''; }; + + services.caddy.virtualHosts."photos.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:2283 + ''; } diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index f40b2b6..84783f6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -9,4 +9,9 @@ FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; + + services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8080 + ''; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index 39585f1..d095da5 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -10,4 +10,9 @@ REDLIB_ROBOTS_DISABLE_INDEXING = "on"; }; }; + + services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8087 + ''; } diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index b97835e..7529610 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -10,4 +10,9 @@ DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; }; }; + + services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8081 + ''; } diff --git a/modules/caddy.nix b/modules/caddy.nix index 9ee9913..6d38b01 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -1,29 +1,27 @@ { config, lib, - pkgs, ... }: let cfg = config.my.caddy; - commonExtraConfig = '' - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" - ''; in { options.my.caddy = { enable = lib.mkEnableOption "caddy reverse proxy"; - acmeCa = lib.mkOption { - type = lib.types.str; - }; }; config = lib.mkIf cfg.enable { services.caddy = { enable = true; logFormat = lib.mkForce "level INFO"; - acmeCa = "https://acme-v02.api.letsencrypt.org/directory"; + acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + extraConfig = '' + (common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + } + ''; }; }; } diff --git a/modules/default.nix b/modules/default.nix index 2155137..070a96e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,5 +2,6 @@ { imports = [ ./backup.nix + ./caddy.nix ]; }