nixos-configs/devices/cluster/modules/caddy.nix

169 lines
4.4 KiB
Nix
Raw Normal View History

2023-11-29 22:15:31 -05:00
{
caddy-plugins,
pkgs,
config,
...
}: let
inherit (config.vars) mainUser;
inherit (config.sops) secrets;
2023-11-29 22:15:31 -05:00
caddy = caddy-plugins.packages.${pkgs.system}.default;
in {
imports = [caddy-plugins.nixosModules.default];
# User stuff
2023-11-29 22:15:31 -05:00
environment.systemPackages = [caddy];
users.users.${mainUser}.extraGroups = ["caddy"];
2023-11-29 22:15:31 -05:00
systemd.services.caddy.serviceConfig = {
EnvironmentFile = secrets.caddy-cloudflare.path;
# For some reason the service
# doesn't shutdown normally
KillSignal = "SIGKILL";
RestartKillSignal = "SIGKILL";
};
2023-11-29 22:15:31 -05:00
services.caddy = {
enable = true;
enableReload = false;
package = caddy;
virtualHosts = let
2024-03-02 02:59:40 -05:00
clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
nosIP = "10.0.0.121";
serviviIP = "10.0.0.249";
in {
"nelim.org" = {
2023-11-29 22:15:31 -05:00
serverAliases = ["*.nelim.org"];
extraConfig = ''
2024-03-10 20:04:04 -04:00
tls {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
resolvers 1.0.0.1
2023-11-29 22:15:31 -05:00
}
'';
subDomains = {
# Misc one-liners
2024-03-02 02:59:40 -05:00
vault.reverseProxy = "${nosIP}:8781";
hauk.reverseProxy = "${nosIP}:3003";
headscale.reverseProxy = "${clusterIP}:8085";
2024-03-02 02:59:40 -05:00
jelly.reverseProxy = "${nosIP}:8097";
2023-11-29 22:15:31 -05:00
2024-03-10 20:04:04 -04:00
pcsd = {
extraConfig = ''
reverse_proxy https://${clusterIP}:2224 {
transport http {
tls_insecure_skip_verify
}
}
'';
};
2023-11-29 22:15:31 -05:00
# Resume builder
2024-03-02 02:59:40 -05:00
resume.reverseProxy = "${nosIP}:3060";
resauth.reverseProxy = "${nosIP}:3100";
2023-11-29 22:15:31 -05:00
# Nextcloud & Co
2024-03-02 02:59:40 -05:00
office.reverseProxy = "http://${nosIP}:8055";
2023-11-29 22:15:31 -05:00
nextcloud = {
subDomainName = "cloud";
extraConfig = ''
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
'';
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:8042";
2023-11-29 22:15:31 -05:00
};
forgejo = {
subDomainName = "git";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:3000";
2023-11-29 22:15:31 -05:00
};
nix-binary-cache = {
subDomainName = "cache";
reverseProxy = "${serviviIP}:5000";
};
2023-11-29 22:15:31 -05:00
calibre = {
subDomainName = "books";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:8083";
2023-11-29 22:15:31 -05:00
};
immich = {
subDomainName = "photos";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:2283";
2023-11-29 22:15:31 -05:00
};
# FreshRSS & Co
2024-03-02 02:59:40 -05:00
drss.reverseProxy = "${nosIP}:3007";
2023-11-29 22:15:31 -05:00
freshrss = {
subDomainName = "rss";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:2800";
2023-11-29 22:15:31 -05:00
};
jellyseer = {
subDomainName = "seerr";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:5055";
2023-11-29 22:15:31 -05:00
};
2024-02-28 16:59:34 -05:00
gameyfin = {
subDomainName = "games";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:8074";
2024-02-28 16:59:34 -05:00
};
2023-11-29 22:15:31 -05:00
2024-03-02 02:59:40 -05:00
wgui.reverseProxy = "${nosIP}:51821";
2023-11-29 22:15:31 -05:00
lan = {
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:3020";
2023-11-29 22:15:31 -05:00
extraConfig = ''
redir /index.html /
'';
subDirectories = {
2024-03-02 02:59:40 -05:00
bazarr.reverseProxy = "${nosIP}:6767";
2023-11-29 22:15:31 -05:00
bazarr-french = {
subDirName = "bafrr";
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:6766";
2023-11-29 22:15:31 -05:00
};
2024-03-02 02:59:40 -05:00
prowlarr.reverseProxy = "${nosIP}:9696";
radarr.reverseProxy = "${nosIP}:7878";
sabnzbd.reverseProxy = "${nosIP}:8382";
sonarr.reverseProxy = "${nosIP}:8989";
calibre.reverseProxy = "${nosIP}:8580";
2023-11-29 22:15:31 -05:00
qbittorent = {
subDirName = "qbt";
experimental = true;
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:8080";
2023-11-29 22:15:31 -05:00
};
vaultwarden = {
subDirName = "vault";
experimental = true;
2024-03-02 02:59:40 -05:00
reverseProxy = "${nosIP}:8780";
2023-11-29 22:15:31 -05:00
};
};
};
# Top secret Business
joal.extraConfig = ''
route {
rewrite * /joal/ui{uri}
2024-03-02 02:59:40 -05:00
reverse_proxy * ${nosIP}:5656
2023-11-29 22:15:31 -05:00
}
'';
joalws.extraConfig = ''
route {
2024-03-02 02:59:40 -05:00
reverse_proxy ${nosIP}:5656
2023-11-29 22:15:31 -05:00
}
'';
};
};
};
};
}