feat(servers): move caddy to cluster

2024-01-22 22:47:31 -05:00 · 2024-01-22 22:47:31 -05:00 · 295f8d2c67
commit 295f8d2c67
parent b484bd7556
5 changed files with 15 additions and 7 deletions
--- a/devices/cluster/default.nix
+++ b/devices/cluster/default.nix
@ -8,7 +8,6 @@ in {
    ../../modules/sshd.nix
    ../../modules/tailscale.nix

-    ./modules/corosync.nix
    ./modules/pacemaker
  ];

--- a/devices/cluster/modules/caddy.nix
+++ b/devices/cluster/modules/caddy.nix
@ -0,0 +1,161 @@
+{
+  caddy-plugins,
+  pkgs,
+  config,
+  ...
+}: let
+  inherit (config.vars) mainUser;
+  inherit (config.sops) secrets;
+
+  caddy = caddy-plugins.packages.${pkgs.system}.default;
+in {
+  imports = [caddy-plugins.nixosModules.default];
+  environment.systemPackages = [caddy];
+  users.users.${mainUser}.extraGroups = ["caddy"];
+
+  systemd.services.caddy.serviceConfig = {
+    EnvironmentFile = secrets.caddy-cloudflare.path;
+
+    # For some reason the service
+    # doesn't shutdown normally
+    KillSignal = "SIGKILL";
+    RestartKillSignal = "SIGKILL";
+  };
+
+  services.caddy = {
+    enable = true;
+    enableReload = false;
+    package = caddy;
+
+    virtualHosts = let
+      dockerIP = "10.0.0.122";
+      jellyIP = "10.0.0.123";
+      servivi = "10.0.0.249";
+      oksysIP = "10.0.0.213";
+    in {
+      "nelim.org" = {
+        serverAliases = ["*.nelim.org"];
+        extraConfig = ''
+           tls {
+             dns cloudflare {$CLOUDFLARE_API_TOKEN}
+             resolvers 1.0.0.1
+          }
+        '';
+
+        subDomains = {
+          # Misc one-liners
+          vault.reverseProxy = "${dockerIP}:8781";
+          hauk.reverseProxy = "${dockerIP}:3003";
+          headscale.reverseProxy = "${oksysIP}:8085";
+          jelly.reverseProxy = "${jellyIP}:80";
+
+          # Resume builder
+          resume.reverseProxy = "${dockerIP}:3060";
+          resauth.reverseProxy = "${dockerIP}:3100";
+
+          # Nextcloud & Co
+          office.reverseProxy = "http://${dockerIP}:8055";
+          nextcloud = {
+            subDomainName = "cloud";
+            extraConfig = ''
+              redir /.well-known/carddav /remote.php/dav 301
+              redir /.well-known/caldav /remote.php/dav 301
+              redir /.well-known/webfinger /index.php/.well-known/webfinger 301
+              redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
+            '';
+            reverseProxy = "${dockerIP}:8042";
+          };
+
+          forgejo = {
+            subDomainName = "git";
+            reverseProxy = "${servivi}:3000";
+          };
+
+          nix-binary-cache = {
+            subDomainName = "cache";
+            reverseProxy = "${servivi}:5000";
+          };
+
+          calibre = {
+            subDomainName = "books";
+            reverseProxy = "${dockerIP}:8083";
+          };
+
+          immich = {
+            subDomainName = "photos";
+            reverseProxy = "${dockerIP}:2283";
+          };
+
+          # FreshRSS & Co
+          drss.reverseProxy = "${dockerIP}:3007";
+          freshrss = {
+            subDomainName = "rss";
+            reverseProxy = "${dockerIP}:2800";
+          };
+
+          jellyseer = {
+            subDomainName = "seerr";
+            reverseProxy = "${dockerIP}:5055";
+          };
+
+          games.reverseProxy = "${dockerIP}:8074";
+
+          # FIXME: what's the IP?
+          #wgui.extraConfig = ''
+          #  reverse_proxy ???:51821
+          #'';
+
+          lan = {
+            reverseProxy = "${dockerIP}:3020";
+            extraConfig = ''
+              redir /index.html /
+            '';
+
+            subDirectories = {
+              bazarr.reverseProxy = "${dockerIP}:6767";
+              bazarr-french = {
+                subDirName = "bafrr";
+                reverseProxy = "${dockerIP}:6766";
+              };
+
+              prowlarr.reverseProxy = "${dockerIP}:9696";
+              radarr.reverseProxy = "${dockerIP}:7878";
+              sabnzbd.reverseProxy = "${dockerIP}:8382";
+              sonarr.reverseProxy = "${dockerIP}:8989";
+
+              calibre = {
+                experimental = true;
+                reverseProxy = "${dockerIP}:8580";
+              };
+
+              qbittorent = {
+                subDirName = "qbt";
+                experimental = true;
+                reverseProxy = "10.0.0.128:8080";
+              };
+
+              vaultwarden = {
+                subDirName = "vault";
+                experimental = true;
+                reverseProxy = "${dockerIP}:8780";
+              };
+            };
+          };
+
+          # Top secret Business
+          joal.extraConfig = ''
+            route {
+              rewrite * /joal/ui{uri}
+              reverse_proxy * ${dockerIP}:5656
+            }
+          '';
+          joalws.extraConfig = ''
+            route {
+              reverse_proxy ${dockerIP}:5656
+            }
+          '';
+        };
+      };
+    };
+  };
+}
--- a/devices/cluster/modules/pacemaker/default.nix
+++ b/devices/cluster/modules/pacemaker/default.nix
@ -1,10 +1,20 @@
 {...}: {
-  imports = [./options.nix];
+  imports = [
+    ./options.nix
+    ../corosync.nix
+
+    ../caddy.nix
+  ];

  # TODO: update script
  services.pacemaker = {
    enable = true;

-    resources = {};
+    resources = {
+      "caddy" = {
+        enable = true;
+        virtualIp = "10.0.0.130";
+      };
+    };
  };
 }