haripm.com / seafoam
Nix config files for my laptop and servers
fork atom

Set up host: verdigris #2

closed
opened by haripm.com

verdigris will host services that I want available privately on my Tailnet. Currently, that includes:

  • ActualBudget
  • Linkding
  • Miniflux
  • Atuin
  • Forgejo

There's going to be a few differences from cerulean.

  1. I'll need Podman/Docker
  2. I can't use HTTP or TLS-ALPN challenges as these services won't be publicly reachable. I'll either have to trust Caddy's local root certificate or patch caddy from nixpkgs with the Cloudflare DNS plugin before deployment.
  3. Following on from 1., I need to find out if I can configure the containers and networks I want from within Nix.
haripm.com (author)

https://github.com/NixOS/nixpkgs/pull/358586 https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ca/caddy/plugins.nix

Caddy now has support for a withPlugins option!

haripm.com (author)

Progress! I've set up Caddy and Dnsmasq, and can now route to *.hari.pm domains internally. Couple of things that caught me out:

  1. Not reading the wiki, where it clearly states you need to statically configure IPv6 on Hetzner VMs.
  2. Learning how to use agenix to manage secrets (the Cloudflare API token for DNS challenges)

Setting up the containers should be the easy part now.

sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:bhwhisfx4yt46fp3qtwdaqed/sh.tangled.repo.issue/3marfa3vorg22