erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

valkyrie: Add caddy as proxy for blocky API to enable HTTPS

Browse source
This commit is contained in:
Erwin Boskma 2024-06-17 11:16:45 +02:00
parent 1c4b501c33
commit 118683b9ca
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
2 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
machines/valkyrie/configuration.nix
View file

@ -1,5 +1,5 @@
{ self, ... }: { self, caddy-with-plugins, ... }:
{ modulesPath, ... }: { pkgs, modulesPath, ... }:
{ {
imports = [ imports = [
(modulesPath + "/virtualisation/lxc-container.nix") (modulesPath + "/virtualisation/lxc-container.nix")
@ -22,6 +22,16 @@
# adguard = { # adguard = {
# upstreams = [ "127.0.0.1:5335" ]; # upstreams = [ "127.0.0.1:5335" ];
# }; # };
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
proxyHosts = [
{
externalHostname = "blocky.datarift.nl";
proxyAddress = "127.0.0.1:4000";
}
];
};
nix-common = { nix-common = {
enable = true; enable = true;
remote-builders = true; remote-builders = true;
@ -88,6 +98,7 @@
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets = { secrets = {
coredns-env = { }; coredns-env = { };
caddy-env = { };
}; };
}; };

5
machines/valkyrie/secrets.yaml
View file

@ -1,4 +1,5 @@
coredns-env: ENC[AES256_GCM,data:vsLJBvRJZPgvlny9IQb0WJai/D+JHFk5plz2L1y1Q6VDJQpSuFB1hene2JHXBGniij3ytUDVWOIeXjYxb0fyVDb0q7t9EDA5u1M=,iv:/HISs3OOAv996rFxsADdW74DiOogozRvD+l6+sFqbL0=,tag:ndIHOdTKPutyd+LqKMoVyA==,type:str] coredns-env: ENC[AES256_GCM,data:vsLJBvRJZPgvlny9IQb0WJai/D+JHFk5plz2L1y1Q6VDJQpSuFB1hene2JHXBGniij3ytUDVWOIeXjYxb0fyVDb0q7t9EDA5u1M=,iv:/HISs3OOAv996rFxsADdW74DiOogozRvD+l6+sFqbL0=,tag:ndIHOdTKPutyd+LqKMoVyA==,type:str]
caddy-env: ENC[AES256_GCM,data:BSzzxyVp676Ua3P4YpGageosFp6XbF8eWMjajh2MoyRnmmZNJ+ZOphoZiVd0SNjQypYRuIl3,iv:uB0MekCnnMl8YQHH3k3j8DPlUVyRbnfrM13gq0FxdrY=,tag:Je1e4mWVBQAREsE7WScrYw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -32,8 +33,8 @@ sops:
MmRsQU43UDUyQ2ZVbWxvRWdBajYwWlEKDNaV/6gjIszP31b8kT+JZxiTWILqbQdR MmRsQU43UDUyQ2ZVbWxvRWdBajYwWlEKDNaV/6gjIszP31b8kT+JZxiTWILqbQdR
OKdTbC3XIiFBGpslr5QKJzj26dKsgYvmzEHuHgglZdvuX5EDmzTf5w== OKdTbC3XIiFBGpslr5QKJzj26dKsgYvmzEHuHgglZdvuX5EDmzTf5w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-03T09:07:22Z" lastmodified: "2024-06-17T10:07:05Z"
mac: ENC[AES256_GCM,data:AoDPnZopNrWnA6KZQ07We+Znl3yF7DRr2gF6HSL1M1Tnlqy1h8++/M3DNCOZgfZ6Dxluedy3JAuRyznJkbHgrB3qBUn8S3bf+M4UlXCR7ovXIqaQkfwRiCz4/RwOk0KYNO0YbYhdI9wFNVwqji40RfDLK8YY2SqOXC7yIzIB4p8=,iv:qmygqqj/iiDVJHrZB4ZlCYG5IkZsvC0Ixl937jLDeqY=,tag:3skyAFGytXJYRxlK3ukdvA==,type:str] mac: ENC[AES256_GCM,data:RkR1dslLRyyt2+bYmWrcypCCHhqCZ5ToG/Jx594jtPpx6vJl+9cZKDp3tDAbVsMqtoDTKXugRRxOd0Z26/cwYJcrysYNoo3NlwlnYea972vbVUFfoRA+gWnqof5cIE7zD6WzC3BNa5vK6yMXrO1UCnxrMcahWPZld3HXg3pafL0=,iv:Nvf3AGmbMMWzkIhmpxv4ghCMQGDOvWy4WaG5ojWV90g=,tag:iNhyI8dMdK8QFMyel72M5Q==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1