commit f93cec13dd6bb3341da1a4963b74623d43e24665 · pvsr.dev/nixfiles

+2 -2

hosts/crossbell/default.nix

··· 9 9 { config, lib, ... }: 10 10 { 11 11 imports = [ 12 - inputs.self.modules.nixos.server 12 + inputs.srvos.nixosModules.server 13 13 inputs.srvos.nixosModules.hardware-vultr-vm 14 14 ]; 15 15 ··· 28 28 enable = false; 29 29 }; 30 30 31 - local.caddy-gateway = { 31 + local.caddy = { 32 32 virtualHosts = { 33 33 "www.peterrice.xyz".extraConfig = "redir https://pvsr.dev"; 34 34 "www.pvsr.dev".extraConfig = "redir https://pvsr.dev";

-1

hosts/ruan/default.nix

··· 18 18 { 19 19 imports = [ 20 20 inputs.self.modules.nixos.desktop 21 - inputs.self.modules.nixos.gateway 22 21 inputs.weather.nixosModules.default 23 22 inputs.podcasts.nixosModules.default 24 23 ];

+1 -1

hosts/ruan/forgejo.nix

··· 20 20 hostPath = "/run/forgejo"; 21 21 isReadOnly = false; 22 22 }; 23 - local.caddy-gateway.internalProxies."code.pvsr.dev" = "unix//run/forgejo/forgejo.sock"; 23 + local.caddy.internalProxies."code.pvsr.dev" = "unix//run/forgejo/forgejo.sock"; 24 24 25 25 networking.firewall.allowedTCPPorts = [ 32230 ]; 26 26

+54

modules/caddy.nix

··· 1 + { lib, ... }: 2 + { 3 + flake.modules.nixos.core = 4 + { config, pkgs, ... }: 5 + let 6 + cfg = config.local.caddy; 7 + enable = cfg.virtualHosts != { } || cfg.reverseProxies != { } || cfg.internalProxies != { }; 8 + in 9 + { 10 + options.local.caddy = { 11 + virtualHosts = lib.mkOption { default = { }; }; 12 + reverseProxies = lib.mkOption { default = { }; }; 13 + internalProxies = lib.mkOption { default = { }; }; 14 + }; 15 + 16 + config = lib.mkIf enable { 17 + services.caddy = { 18 + enable = true; 19 + package = pkgs.caddy.withPlugins { 20 + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; 21 + # TODO sucks 22 + hash = "sha256-Dvifm7rRwFfgXfcYvXcPDNlMaoxKd5h4mHEK6kJ+T4A="; 23 + }; 24 + enableReload = true; 25 + globalConfig = '' 26 + admin :40013 27 + metrics { 28 + per_host 29 + } 30 + ''; 31 + virtualHosts = 32 + cfg.virtualHosts 33 + // builtins.mapAttrs (_: dest: { extraConfig = "reverse_proxy ${dest}"; }) cfg.reverseProxies 34 + // builtins.mapAttrs (_: dest: { 35 + extraConfig = '' 36 + reverse_proxy ${dest} 37 + tls { 38 + dns cloudflare {env.DNS_API_TOKEN} 39 + resolvers 185.71.138.138 40 + } 41 + ''; 42 + }) cfg.internalProxies; 43 + }; 44 + 45 + environment.persistence.nixos.directories = [ "/var/lib/caddy" ]; 46 + 47 + networking.firewall.allowedTCPPorts = [ 48 + 80 49 + 443 50 + ]; 51 + networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 40013 ]; 52 + }; 53 + }; 54 + }

-52

modules/gateway.nix

··· 1 - { lib, ... }: 2 - { 3 - flake.modules.nixos.gateway = 4 - { config, pkgs, ... }: 5 - let 6 - cfg = config.local.caddy-gateway; 7 - in 8 - { 9 - options.local.caddy-gateway = { 10 - virtualHosts = lib.mkOption { default = { }; }; 11 - reverseProxies = lib.mkOption { default = { }; }; 12 - internalProxies = lib.mkOption { default = { }; }; 13 - }; 14 - 15 - config.environment.persistence.nixos.directories = [ "/var/lib/caddy" ]; 16 - 17 - config.services.caddy = { 18 - enable = true; 19 - package = pkgs.caddy.withPlugins { 20 - plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; 21 - # TODO sucks 22 - hash = "sha256-Dvifm7rRwFfgXfcYvXcPDNlMaoxKd5h4mHEK6kJ+T4A="; 23 - }; 24 - enableReload = true; 25 - globalConfig = '' 26 - admin :40013 27 - metrics { 28 - per_host 29 - } 30 - ''; 31 - virtualHosts = 32 - cfg.virtualHosts 33 - // builtins.mapAttrs (_: dest: { extraConfig = "reverse_proxy ${dest}"; }) cfg.reverseProxies 34 - // builtins.mapAttrs (_: dest: { 35 - extraConfig = '' 36 - reverse_proxy ${dest} 37 - tls { 38 - dns cloudflare {env.DNS_API_TOKEN} 39 - resolvers 185.71.138.138 40 - } 41 - ''; 42 - }) cfg.internalProxies; 43 - }; 44 - 45 - config.networking.firewall.allowedTCPPorts = [ 46 - 80 47 - 443 48 - ]; 49 - 50 - config.networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 40013 ]; 51 - }; 52 - }

+2 -2

modules/guest.nix

··· 16 16 in 17 17 { 18 18 flake.modules.nixos.crossbell = { 19 - local.caddy-gateway.reverseProxies."griffin.pvsr.dev" = "ruan.ts.peterrice.xyz:12548"; 19 + local.caddy.reverseProxies."griffin.pvsr.dev" = "ruan.ts.peterrice.xyz:12548"; 20 20 networking.nftables.tables.griffin = { 21 21 family = "ip"; 22 22 content = forward12262 hosts.ruan.config.local.tailscale.ip 12262; ··· 25 25 }; 26 26 27 27 flake.modules.nixos.ruan = { 28 - local.caddy-gateway.reverseProxies.":12548" = guest; 28 + local.caddy.reverseProxies.":12548" = guest; 29 29 networking.nftables.tables.griffin = { 30 30 family = "ip"; 31 31 content = forward12262 guest 22;

+2 -2

modules/metrics.nix

··· 29 29 ); 30 30 in 31 31 { 32 - local.caddy-gateway.internalProxies."grafana.peterrice.xyz" = "localhost:10508"; 32 + local.caddy.internalProxies."grafana.peterrice.xyz" = "localhost:10508"; 33 33 environment.persistence.nixos.directories = [ 34 34 "/var/lib/grafana" 35 35 "/var/lib/private/victoriametrics" ··· 42 42 { 43 43 job_name = "caddy"; 44 44 static_configs = [ 45 - { targets = mkTargets (host: host.config.local ? caddy-gateway) "40013"; } 45 + { targets = mkTargets (host: host.config.local ? caddy) "40013"; } 46 46 ]; 47 47 } 48 48 {

-7

modules/server.nix

··· 1 - { inputs, ... }: 2 - { 3 - flake.modules.nixos.server.imports = [ 4 - inputs.srvos.nixosModules.server 5 - inputs.self.modules.nixos.gateway 6 - ]; 7 - }