Twins
/
server-configuration
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: reverse proxy all services via caddy

main
LeRoyce Pearson 2023-12-30 19:14:02 -07:00
parent 17ab5f7472
commit f4029e6197
2 changed files with 56 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
agenix-config-module.nix
View File

@ -1,3 +1,7 @@
{ {
age.secrets.samsehu_DUCK_DNS_TOKEN.file = ./secrets/samsehu_DUCK_DNS_TOKEN.age; age.secrets.samsehu_DUCK_DNS_TOKEN = {
file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
owner = "dynamicdns";
group = "dynamicdns";
};
} }

67
configuration.nix
View File

@ -65,14 +65,18 @@
services.cockpit = { services.cockpit = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = {
WebService = {
Origins = "https://cockpit.samsehu.perli.casa wss://cockpit.samsehu.perli.casa";
ProtocolHeader = "X-Forwarded-Proto";
LoginTo = false;
};
};
}; };
services.udisks2.enable = true; services.udisks2.enable = true;
services.jellyfin = { services.jellyfin.enable = true;
enable = true;
openFirewall = true;
};
services.blocky = { services.blocky = {
enable = true; enable = true;
@ -114,6 +118,10 @@
services.forgejo = { services.forgejo = {
enable = true; enable = true;
settings = {
server.ROOT_URL = "https://git.samsehu.perli.casa/";
server.HTTP_ADDR = "127.0.0.1";
};
}; };
services.lldap = { services.lldap = {
@ -124,6 +132,7 @@
ldap_user_dn = "admin"; ldap_user_dn = "admin";
# Default administrator password # Default administrator password
ldap_user_pass = "extending pulsate nastily"; ldap_user_pass = "extending pulsate nastily";
http_host = "127.0.0.1";
}; };
}; };
@ -137,7 +146,7 @@
systemd.services.dynamic-dns-updater = { systemd.services.dynamic-dns-updater = {
serviceConfig.User = "dynamicdns"; serviceConfig.User = "dynamicdns";
path = [ pkgs.curl ]; path = [ pkgs.curl ];
script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update"; script = "curl --silent --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
startAt = "hourly"; startAt = "hourly";
}; };
systemd.timers.dynamic-dns-updater = { systemd.timers.dynamic-dns-updater = {
@ -147,9 +156,41 @@
# Reverse proxy with Caddy # Reverse proxy with Caddy
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts."samsehu.perli.casa".extraConfig = '' globalConfig = ''
respond "Hello, world!" email "fresh.car0178@geemili.xyz"
''; '';
virtualHosts."lldap.samsehu.perli.casa".extraConfig = ''
reverse_proxy localhost:17170
'';
virtualHosts."headscale.samsehu.perli.casa".extraConfig = ''
reverse_proxy localhost:64639
'';
virtualHosts."cockpit.samsehu.perli.casa".extraConfig = ''
reverse_proxy localhost:9090
'';
virtualHosts."git.samsehu.perli.casa".extraConfig = ''
reverse_proxy localhost:3000
'';
virtualHosts."jellyfin.samsehu.perli.casa".extraConfig = ''
reverse_proxy localhost:8096
'';
};
# Headscale for access to the network while away from home
services.headscale = {
enable = true;
settings = {
server_url = "https://headscale.samsehu.perli.casa";
listen_addr = "127.0.0.1:64639";
metrics_listen_addr = "127.0.0.1:64640";
tls_cert_path = null;
tls_key_path = null;
};
}; };
# Enable automatic upgrades # Enable automatic upgrades
@ -177,19 +218,13 @@
# Caddy HTTP and HTTPS # Caddy HTTP and HTTPS
80 80
443 443
# Forgejo web interface
3000
# lldap LDAP
3890
# lldap HTTP; user login and administration
17170
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
# Blocky DNS # Blocky DNS
53 53
# Headscale UDP port for STUN protocol
3478
]; ];
# Use systemd-resolved and set networkmanager to allow mdns # Use systemd-resolved and set networkmanager to allow mdns