feat: reverse proxy all services via caddy
parent
17ab5f7472
commit
f4029e6197
|
@ -1,3 +1,7 @@
|
||||||
{
|
{
|
||||||
age.secrets.samsehu_DUCK_DNS_TOKEN.file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
|
age.secrets.samsehu_DUCK_DNS_TOKEN = {
|
||||||
|
file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
|
||||||
|
owner = "dynamicdns";
|
||||||
|
group = "dynamicdns";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,14 +65,18 @@
|
||||||
services.cockpit = {
|
services.cockpit = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
WebService = {
|
||||||
|
Origins = "https://cockpit.samsehu.perli.casa wss://cockpit.samsehu.perli.casa";
|
||||||
|
ProtocolHeader = "X-Forwarded-Proto";
|
||||||
|
LoginTo = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udisks2.enable = true;
|
services.udisks2.enable = true;
|
||||||
|
|
||||||
services.jellyfin = {
|
services.jellyfin.enable = true;
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.blocky = {
|
services.blocky = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -114,6 +118,10 @@
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server.ROOT_URL = "https://git.samsehu.perli.casa/";
|
||||||
|
server.HTTP_ADDR = "127.0.0.1";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.lldap = {
|
services.lldap = {
|
||||||
|
@ -124,6 +132,7 @@
|
||||||
ldap_user_dn = "admin";
|
ldap_user_dn = "admin";
|
||||||
# Default administrator password
|
# Default administrator password
|
||||||
ldap_user_pass = "extending pulsate nastily";
|
ldap_user_pass = "extending pulsate nastily";
|
||||||
|
http_host = "127.0.0.1";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -137,7 +146,7 @@
|
||||||
systemd.services.dynamic-dns-updater = {
|
systemd.services.dynamic-dns-updater = {
|
||||||
serviceConfig.User = "dynamicdns";
|
serviceConfig.User = "dynamicdns";
|
||||||
path = [ pkgs.curl ];
|
path = [ pkgs.curl ];
|
||||||
script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
|
script = "curl --silent --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
|
||||||
startAt = "hourly";
|
startAt = "hourly";
|
||||||
};
|
};
|
||||||
systemd.timers.dynamic-dns-updater = {
|
systemd.timers.dynamic-dns-updater = {
|
||||||
|
@ -147,9 +156,41 @@
|
||||||
# Reverse proxy with Caddy
|
# Reverse proxy with Caddy
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."samsehu.perli.casa".extraConfig = ''
|
globalConfig = ''
|
||||||
respond "Hello, world!"
|
email "fresh.car0178@geemili.xyz"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
virtualHosts."lldap.samsehu.perli.casa".extraConfig = ''
|
||||||
|
reverse_proxy localhost:17170
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts."headscale.samsehu.perli.casa".extraConfig = ''
|
||||||
|
reverse_proxy localhost:64639
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts."cockpit.samsehu.perli.casa".extraConfig = ''
|
||||||
|
reverse_proxy localhost:9090
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts."git.samsehu.perli.casa".extraConfig = ''
|
||||||
|
reverse_proxy localhost:3000
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts."jellyfin.samsehu.perli.casa".extraConfig = ''
|
||||||
|
reverse_proxy localhost:8096
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Headscale for access to the network while away from home
|
||||||
|
services.headscale = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server_url = "https://headscale.samsehu.perli.casa";
|
||||||
|
listen_addr = "127.0.0.1:64639";
|
||||||
|
metrics_listen_addr = "127.0.0.1:64640";
|
||||||
|
tls_cert_path = null;
|
||||||
|
tls_key_path = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable automatic upgrades
|
# Enable automatic upgrades
|
||||||
|
@ -177,19 +218,13 @@
|
||||||
# Caddy HTTP and HTTPS
|
# Caddy HTTP and HTTPS
|
||||||
80
|
80
|
||||||
443
|
443
|
||||||
|
|
||||||
# Forgejo web interface
|
|
||||||
3000
|
|
||||||
|
|
||||||
# lldap LDAP
|
|
||||||
3890
|
|
||||||
|
|
||||||
# lldap HTTP; user login and administration
|
|
||||||
17170
|
|
||||||
];
|
];
|
||||||
networking.firewall.allowedUDPPorts = [
|
networking.firewall.allowedUDPPorts = [
|
||||||
# Blocky DNS
|
# Blocky DNS
|
||||||
53
|
53
|
||||||
|
|
||||||
|
# Headscale UDP port for STUN protocol
|
||||||
|
3478
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use systemd-resolved and set networkmanager to allow mdns
|
# Use systemd-resolved and set networkmanager to allow mdns
|
||||||
|
|
Loading…
Reference in New Issue