From 07ff4040175b5d677e8bf3fdc5bb1cb8c1daf20a Mon Sep 17 00:00:00 2001 From: matt1432 Date: Wed, 29 Nov 2023 22:15:31 -0500 Subject: [PATCH] feat(oksys): prepare caddy --- devices/oksys/modules/caddy.nix | 150 ++++++++++++++++++++++++++++++++ flake.lock | 21 +++++ flake.nix | 4 + 3 files changed, 175 insertions(+) create mode 100644 devices/oksys/modules/caddy.nix diff --git a/devices/oksys/modules/caddy.nix b/devices/oksys/modules/caddy.nix new file mode 100644 index 0000000..eb11ed8 --- /dev/null +++ b/devices/oksys/modules/caddy.nix @@ -0,0 +1,150 @@ +{ + caddy-plugins, + pkgs, + config, + ... +}: let + user = config.services.device-vars.username; + + caddy = caddy-plugins.packages.${pkgs.system}.default; + + # TODO: use agenix? + verySecretToken = "TODO"; +in { + imports = [caddy-plugins.nixosModules.default]; + environment.systemPackages = [caddy]; + users.users.${user}.extraGroups = ["caddy"]; + + services.caddy = { + enable = true; + enableReload = false; + package = caddy; + + virtualHosts = { + "http://pi.hole".reverseProxy = "localhost:8000"; + + "nelim.org" = let + mainIP = "10.0.0.122"; + jellyIP = "10.0.0.123"; + in { + serverAliases = ["*.nelim.org"]; + extraConfig = '' + tls { + dns cloudflare ${verySecretToken} + resolvers 1.0.0.1 + } + ''; + + subDomains = { + # Misc one-liners + vault.reverseProxy = "${mainIP}:8781"; + hauk.reverseProxy = "${mainIP}:3003"; + headscale.reverseProxy = "localhost:8085"; + jelly.reverseProxy = "${jellyIP}:80"; + + # Resume builder + resume.reverseProxy = "${mainIP}:3060"; + resauth.reverseProxy = "${mainIP}:3100"; + + # Nextcloud & Co + bakail.reverseProxy = "${mainIP}:8077"; + office.reverseProxy = "http://${mainIP}:8055"; + nextcloud = { + subDomainName = "cloud"; + extraConfig = '' + redir /.well-known/carddav /remote.php/dav 301 + redir /.well-known/caldav /remote.php/dav 301 + redir /.well-known/webfinger /index.php/.well-known/webfinger 301 + redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301 + ''; + reverseProxy = "${mainIP}:8042"; + }; + + forgejo = { + subDomainName = "git"; + reverseProxy = "${mainIP}:3000"; + }; + + calibre = { + subDomainName = "books"; + reverseProxy = "${mainIP}:8083"; + }; + + immich = { + subDomainName = "photos"; + reverseProxy = "${mainIP}:2283"; + }; + + # FreshRSS & Co + drss.reverseProxy = "${mainIP}:3007"; + freshrss = { + subDomainName = "rss"; + reverseProxy = "${mainIP}:2800"; + }; + + jellyseer = { + subDomainName = "seerr"; + reverseProxy = "${mainIP}:5055"; + }; + + games.reverseProxy = "${mainIP}:8074"; + + # FIXME: what's the IP? + #wgui.extraConfig = '' + # reverse_proxy ???:51821 + #''; + + lan = { + reverseProxy = "10.0.0.122:3020"; + extraConfig = '' + redir /index.html / + ''; + + subDirectories = { + bazarr.reverseProxy = "10.0.0.122:6767"; + bazarr-french = { + subDirName = "bafrr"; + reverseProxy = "10.0.0.122:6766"; + }; + + prowlarr.reverseProxy = "10.0.0.122:9696"; + radarr.reverseProxy = "10.0.0.122:7878"; + sabnzbd.reverseProxy = "10.0.0.122:8382"; + sonarr.reverseProxy = "10.0.0.122:8989"; + + calibre = { + experimental = true; + reverseProxy = "10.0.0.122:8580"; + }; + + qbittorent = { + subDirName = "qbt"; + experimental = true; + reverseProxy = "10.0.0.128:8080"; + }; + + vaultwarden = { + subDirName = "vault"; + experimental = true; + reverseProxy = "10.0.0.122:8780"; + }; + }; + }; + + # Top secret Business + joal.extraConfig = '' + route { + rewrite * /joal/ui{uri} + reverse_proxy * ${mainIP}:5656 + } + ''; + joalws.extraConfig = '' + route { + reverse_proxy ${mainIP}:5656 + } + ''; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 7feca98..70135d3 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,26 @@ "type": "github" } }, + "caddy-plugins": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701313498, + "narHash": "sha256-nENCM5LlV3a/1NN9O2kRoSqxzJKxew+CQB/eqtM6l6I=", + "owner": "matt1432", + "repo": "nixos-caddy-patched", + "rev": "024433df425afbb0cda263336cc159598775de3d", + "type": "github" + }, + "original": { + "owner": "matt1432", + "repo": "nixos-caddy-patched", + "type": "github" + } + }, "coc-stylelintplus-flake": { "inputs": { "flake-utils": "flake-utils", @@ -816,6 +836,7 @@ "root": { "inputs": { "ags": "ags", + "caddy-plugins": "caddy-plugins", "coc-stylelintplus-flake": "coc-stylelintplus-flake", "headscale": "headscale", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index d4c8544..c625b85 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ url = "github:juanfont/headscale"; inputs.nixpkgs.follows = "nixpkgs"; }; + caddy-plugins = { + url = "github:matt1432/nixos-caddy-patched"; + inputs.nixpkgs.follows = "nixpkgs"; + }; hyprland = { url = "github:hyprwm/Hyprland";