nixos-configs/devices/cluster/modules/caddy.nix
matt1432 ee69aab869
All checks were successful
Discord / discord commits (push) Has been skipped
feat(cluster): add network share for files
2024-01-23 16:15:40 -05:00

163 lines
4.3 KiB
Nix

{
caddy-plugins,
pkgs,
config,
...
}: let
inherit (config.vars) mainUser;
inherit (config.sops) secrets;
caddy = caddy-plugins.packages.${pkgs.system}.default;
in {
imports = [caddy-plugins.nixosModules.default];
# User stuff
environment.systemPackages = [caddy];
users.users.${mainUser}.extraGroups = ["caddy"];
systemd.services.caddy.serviceConfig = {
EnvironmentFile = secrets.caddy-cloudflare.path;
# For some reason the service
# doesn't shutdown normally
KillSignal = "SIGKILL";
RestartKillSignal = "SIGKILL";
};
services.caddy = {
enable = true;
enableReload = false;
package = caddy;
virtualHosts = let
dockerIP = "10.0.0.122";
jellyIP = "10.0.0.123";
servivi = "10.0.0.249";
oksysIP = "10.0.0.213";
in {
"nelim.org" = {
serverAliases = ["*.nelim.org"];
extraConfig = ''
tls {
dns cloudflare {$CLOUDFLARE_API_TOKEN}
resolvers 1.0.0.1
}
'';
subDomains = {
# Misc one-liners
vault.reverseProxy = "${dockerIP}:8781";
hauk.reverseProxy = "${dockerIP}:3003";
headscale.reverseProxy = "${oksysIP}:8085";
jelly.reverseProxy = "${jellyIP}:80";
# Resume builder
resume.reverseProxy = "${dockerIP}:3060";
resauth.reverseProxy = "${dockerIP}:3100";
# Nextcloud & Co
office.reverseProxy = "http://${dockerIP}:8055";
nextcloud = {
subDomainName = "cloud";
extraConfig = ''
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
'';
reverseProxy = "${dockerIP}:8042";
};
forgejo = {
subDomainName = "git";
reverseProxy = "${servivi}:3000";
};
nix-binary-cache = {
subDomainName = "cache";
reverseProxy = "${servivi}:5000";
};
calibre = {
subDomainName = "books";
reverseProxy = "${dockerIP}:8083";
};
immich = {
subDomainName = "photos";
reverseProxy = "${dockerIP}:2283";
};
# FreshRSS & Co
drss.reverseProxy = "${dockerIP}:3007";
freshrss = {
subDomainName = "rss";
reverseProxy = "${dockerIP}:2800";
};
jellyseer = {
subDomainName = "seerr";
reverseProxy = "${dockerIP}:5055";
};
games.reverseProxy = "${dockerIP}:8074";
# FIXME: what's the IP?
#wgui.extraConfig = ''
# reverse_proxy ???:51821
#'';
lan = {
reverseProxy = "${dockerIP}:3020";
extraConfig = ''
redir /index.html /
'';
subDirectories = {
bazarr.reverseProxy = "${dockerIP}:6767";
bazarr-french = {
subDirName = "bafrr";
reverseProxy = "${dockerIP}:6766";
};
prowlarr.reverseProxy = "${dockerIP}:9696";
radarr.reverseProxy = "${dockerIP}:7878";
sabnzbd.reverseProxy = "${dockerIP}:8382";
sonarr.reverseProxy = "${dockerIP}:8989";
calibre = {
experimental = true;
reverseProxy = "${dockerIP}:8580";
};
qbittorent = {
subDirName = "qbt";
experimental = true;
reverseProxy = "10.0.0.128:8080";
};
vaultwarden = {
subDirName = "vault";
experimental = true;
reverseProxy = "${dockerIP}:8780";
};
};
};
# Top secret Business
joal.extraConfig = ''
route {
rewrite * /joal/ui{uri}
reverse_proxy * ${dockerIP}:5656
}
'';
joalws.extraConfig = ''
route {
reverse_proxy ${dockerIP}:5656
}
'';
};
};
};
};
}