nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom

blep

nekomimi.pet 30fc5a37 1023e50f

options
unified split
Changed files
+30 -13
hosts
morax
default.nix
hardware.nix
modules
caddy
default.nix
+11
hosts/morax/default.nix
··· 11 11 ../../host-secrets.nix 12 12 ]; 13 13 14 + # Enable modules 15 + modules.caddy.enable = true; 16 + modules.garage.enable = true; 17 + 18 + modules.caddy = { 19 + email = "ana@nekomimi.pet"; 20 + reverseProxies = { 21 + "s3.nkp.pet" = ["valefar:3900" "morax:3900"]; 22 + }; 23 + }; 24 + 14 25 system.stateVersion = "25.05"; 15 26 16 27 nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+5
hosts/morax/hardware.nix
··· 18 18 fsType = "ext4"; 19 19 }; 20 20 21 + fileSystems."/garage" = { 22 + device = "/dev/sda1"; 23 + fsType = "ext4"; 24 + }; 25 + 21 26 swapDevices = [ ]; 22 27 23 28 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+14 -13
modules/caddy/default.nix
··· 12 12 # Generate Caddyfile content from the proxy configuration 13 13 generateCaddyfile = proxies: 14 14 let 15 - proxyEntries = mapAttrsToList (domain: upstream: '' 15 + proxyEntries = mapAttrsToList (domain: upstreams: 16 + let 17 + upstreamList = if isList upstreams then upstreams else [upstreams]; 18 + upstreamStr = concatStringsSep " " upstreamList; 19 + in '' 16 20 ${domain} { 17 - reverse_proxy ${upstream} 21 + reverse_proxy ${upstreamStr} 18 22 19 23 # Optional: Add some common headers for better proxying 20 24 header_up Host {upstream_hostport} ··· 33 37 caddy = { 34 38 enable = mkEnableOption "Deploy Caddy"; 35 39 36 - # New option for reverse proxy configuration 37 40 reverseProxies = mkOption { 38 - type = types.attrsOf types.str; 41 + type = types.attrsOf (types.either types.str (types.listOf types.str)); 39 42 default = {}; 40 - description = "Attribute set of domain to upstream mappings for reverse proxying"; 43 + description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing."; 41 44 example = { 42 45 "notes.nekomimi.pet" = "valefar:3009"; 43 - "git.nekomimi.pet" = "morax:3000"; 46 + "git.nekomimi.pet" = ["morax:3000" "valefar:3000"]; # Load balance between multiple upstreams 47 + "api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"]; 44 48 }; 45 49 }; 46 50 47 - # Optional: Allow custom Caddyfile content to be appended 48 51 extraConfig = mkOption { 49 52 type = types.lines; 50 53 default = ""; 51 54 description = "Extra Caddyfile configuration to append"; 52 55 }; 53 56 54 - # Optional: Email for ACME/Let's Encrypt 55 57 email = mkOption { 56 58 type = types.nullOr types.str; 57 59 default = null; ··· 64 66 config = mkIf cfg.enable { 65 67 # Allow network access when building 66 68 # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy 67 - nix.settings.sandbox = false; 69 + #nix.settings.sandbox = false; 68 70 69 71 networking.firewall.allowedTCPPorts = [ 70 72 80 ··· 74 76 75 77 services.caddy = { 76 78 enable = true; 77 - package = pkgs.caddy.withPlugins { 78 - plugins = [ "github.com/caddy-dns/cloudflare"]; 79 + /*package = pkgs.caddy.withPlugins { 80 + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"]; 79 81 hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii"; 80 - }; 82 + };*/ 81 83 82 - # Generate the Caddyfile from our configuration 83 84 extraConfig = '' 84 85 ${optionalString (cfg.email != null) '' 85 86 {