cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

migrate chunk to caddy module

Browse source 
Signed-off-by: cy <cy@cy7.sh>
This commit is contained in:
cy 2025-01-27 05:49:00 -05:00
parent a9a3ee8413
commit cad577b193
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
17 changed files with 91 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

89
hosts/chunk/Caddyfile
View file

@ -1,89 +0,0 @@
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
git.cything.io {
import common
# wrap in route so things are evaluated in the order written
route {
# rewrite gitlab URIs to make it work with forgejo
uri path_regexp /-/ /
uri replace /blob/ /src/
redir https://git.cy7.sh{uri} permanent
}
}
git.cy7.sh {
import common
reverse_proxy localhost:3000
}
rss.cy7.sh {
import common
reverse_proxy localhost:8080
}
photos.cy7.sh {
import common
reverse_proxy localhost:2283
}
chat.cything.io {
import common
reverse_proxy localhost:8448
}
pass.cy7.sh {
import common
reverse_proxy localhost:8081
}
dns.cything.io {
import common
reverse_proxy localhost:8082
}
pad.cything.io {
import common
reverse_proxy localhost:8085
}
red.cything.io {
import common
reverse_proxy localhost:8087
}
grafana.cything.io {
import common
reverse_proxy localhost:8088
}
element.cything.io {
import common
reverse_proxy localhost:8089
}
cache.cything.io {
import common
reverse_proxy localhost:8090
}
s3.cy7.sh {
import common
reverse_proxy localhost:3900
}
admin.s3.cy7.sh {
import common
reverse_proxy localhost:3903
}

5
hosts/chunk/adguard.nix
View file

@ -21,4 +21,9 @@
]; ];
}; };
}; };
services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8082
'';
} }

5
hosts/chunk/attic.nix
View file

@ -31,4 +31,9 @@
}; };
}; };
}; };
services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8090
'';
} }

5
hosts/chunk/conduwuit.nix
View file

@ -10,4 +10,9 @@
allow_check_for_updates = true; allow_check_for_updates = true;
}; };
}; };
services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8448
'';
} }

12
hosts/chunk/default.nix
View file

@ -183,11 +183,13 @@
programs.gnupg.agent.enable = true; programs.gnupg.agent.enable = true;
programs.git.enable = true; programs.git.enable = true;
services.caddy = { my.caddy.enable = true;
enable = true; services.caddy.virtualHosts."cy7.sh" = {
configFile = ./Caddyfile; serverAliases = [ "www.cy7.sh" ];
environmentFile = config.sops.secrets."caddy/env".path; extraConfig = ''
logFormat = lib.mkForce "level INFO"; import common
redir https://cything.io temporary
'';
}; };
# container stuff # container stuff

5
hosts/chunk/deluge.nix
View file

@ -7,4 +7,9 @@
port = 8112; port = 8112;
}; };
}; };
services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8112
'';
} }

5
hosts/chunk/element.nix
View file

@ -25,4 +25,9 @@
${pkgs.podman}/bin/podman network create element-net ${pkgs.podman}/bin/podman network create element-net
''; '';
}; };
services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8089
'';
} }

16
hosts/chunk/forgejo.nix
View file

@ -30,4 +30,20 @@
name = "git"; name = "git";
}; };
}; };
services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3000
'';
services.caddy.virtualHosts."git.cything.io".extraConfig = ''
import common
# wrap in route so things are evaluated in the order written
route {
# rewrite gitlab URIs to make it work with forgejo
uri path_regexp /-/ /
uri replace /blob/ /src/
redir https://git.cy7.sh{uri} permanent
}
'';
} }

5
hosts/chunk/garage.nix
View file

@ -16,4 +16,9 @@
}; };
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
}; };
services.caddy.virtualHosts."s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3900
'';
} }

5
hosts/chunk/grafana.nix
View file

@ -31,4 +31,9 @@
} }
]; ];
}; };
services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8088
'';
} }

5
hosts/chunk/hedgedoc.nix
View file

@ -16,4 +16,9 @@
protocolUseSSL = true; protocolUseSSL = true;
}; };
}; };
services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8085
'';
} }

5
hosts/chunk/immich.nix
View file

@ -95,4 +95,9 @@ in
${pkgs.podman}/bin/podman network create immich-net ${pkgs.podman}/bin/podman network create immich-net
''; '';
}; };
services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:2283
'';
} }

5
hosts/chunk/miniflux.nix
View file

@ -9,4 +9,9 @@
FORCE_REFRESH_INTERVAL = 0; # don't rate limit me FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
}; };
}; };
services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8080
'';
} }

5
hosts/chunk/redlib.nix
View file

@ -10,4 +10,9 @@
REDLIB_ROBOTS_DISABLE_INDEXING = "on"; REDLIB_ROBOTS_DISABLE_INDEXING = "on";
}; };
}; };
services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8087
'';
} }

5
hosts/chunk/vaultwarden.nix
View file

@ -10,4 +10,9 @@
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
}; };
}; };
services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8081
'';
} }

16
modules/caddy.nix
View file

@ -1,29 +1,27 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
let let
cfg = config.my.caddy; cfg = config.my.caddy;
commonExtraConfig = ''
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
'';
in in
{ {
options.my.caddy = { options.my.caddy = {
enable = lib.mkEnableOption "caddy reverse proxy"; enable = lib.mkEnableOption "caddy reverse proxy";
acmeCa = lib.mkOption {
type = lib.types.str;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.caddy = { services.caddy = {
enable = true; enable = true;
logFormat = lib.mkForce "level INFO"; logFormat = lib.mkForce "level INFO";
acmeCa = "https://acme-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
extraConfig = ''
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
'';
}; };
}; };
} }

1
modules/default.nix
View file

@ -2,5 +2,6 @@
{ {
imports = [ imports = [
./backup.nix ./backup.nix
./caddy.nix
]; ];
} }