From 575170595af4583747b40b6c638605ada1dfd0b3 Mon Sep 17 00:00:00 2001 From: Erwin Boskma Date: Wed, 22 Jan 2025 22:45:59 +0100 Subject: [PATCH] Migrate to caddy-nix --- flake.lock | 27 --------- flake.nix | 9 --- machines/default.nix | 2 +- machines/frigate/configuration.nix | 6 +- machines/gitea/caddy.nix | 7 ++- machines/gitea/configuration.nix | 7 ++- machines/heimdall/configuration.nix | 2 +- machines/meili/configuration.nix | 90 ---------------------------- machines/meili/geoserver/default.nix | 20 ------- machines/meili/secrets.yaml | 39 ------------ machines/minio/configuration.nix | 7 ++- machines/nix-cache/configuration.nix | 6 +- machines/proxy/configuration.nix | 7 ++- machines/read/configuration.nix | 6 +- machines/saga/configuration.nix | 7 ++- machines/search/configuration.nix | 2 +- machines/valkyrie/blocky/default.nix | 4 +- machines/valkyrie/configuration.nix | 7 ++- 18 files changed, 46 insertions(+), 209 deletions(-) delete mode 100644 machines/meili/configuration.nix delete mode 100644 machines/meili/geoserver/default.nix delete mode 100644 machines/meili/secrets.yaml diff --git a/flake.lock b/flake.lock index ba3d567..4d7d047 100644 --- a/flake.lock +++ b/flake.lock @@ -37,32 +37,6 @@ "type": "github" } }, - "caddy-with-plugins": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": [ - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1717860777, - "narHash": "sha256-j3hBTCwO0T+fkSLm2jN1MhXuOYLtsLK5nGMz+z44L+g=", - "owner": "eboskma", - "repo": "caddy-with-plugins", - "rev": "c6ff99288a79ed98482759e4feea0b90ade9219b", - "type": "github" - }, - "original": { - "owner": "eboskma", - "repo": "caddy-with-plugins", - "type": "github" - } - }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -696,7 +670,6 @@ "inputs": { "anyrun": "anyrun", "caddy-nix": "caddy-nix", - "caddy-with-plugins": "caddy-with-plugins", "colmena": "colmena", "comin": "comin", "disko": "disko", diff --git a/flake.nix b/flake.nix index 2cf9d49..77fb568 100644 --- a/flake.nix +++ b/flake.nix @@ -107,15 +107,6 @@ inputs.nixpkgs-unstable.follows = "nixpkgs"; }; - caddy-with-plugins = { - url = "github:eboskma/caddy-with-plugins"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - treefmt-nix.follows = "treefmt-nix"; - }; - }; - ha-now-playing = { url = "git+https://git.datarift.nl/erwin/ha-now-playing.git?ref=main"; inputs = { diff --git a/machines/default.nix b/machines/default.nix index 538c860..917bd0b 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -14,7 +14,7 @@ inputs: { # host = "10.0.0.82"; host = "factorio.barn-beaver.ts.net"; targetUser = "erwin"; - tags = [ "container" ]; + tags = [ ]; }; }; frigate = { diff --git a/machines/frigate/configuration.nix b/machines/frigate/configuration.nix index d9ac358..82e97ed 100644 --- a/machines/frigate/configuration.nix +++ b/machines/frigate/configuration.nix @@ -1,7 +1,6 @@ { self, nixos-hardware, - caddy-with-plugins, ... }: { pkgs, modulesPath, ... }: @@ -30,7 +29,10 @@ tailscale.enable = true; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "frigate.datarift.nl"; diff --git a/machines/gitea/caddy.nix b/machines/gitea/caddy.nix index bc3f812..d02e6e1 100644 --- a/machines/gitea/caddy.nix +++ b/machines/gitea/caddy.nix @@ -1,14 +1,15 @@ -# { caddy-with-plugins, ... }: { pkgs, config, - inputs, ... }: { services.caddy = { enable = true; - package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; email = "erwin@datarift.nl"; diff --git a/machines/gitea/configuration.nix b/machines/gitea/configuration.nix index 63051c9..bb410f8 100644 --- a/machines/gitea/configuration.nix +++ b/machines/gitea/configuration.nix @@ -1,4 +1,4 @@ -{ self, caddy-with-plugins, ... }: +{ self, ... }: { pkgs, modulesPath, ... }: { imports = [ @@ -17,7 +17,10 @@ }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "git.datarift.nl"; diff --git a/machines/heimdall/configuration.nix b/machines/heimdall/configuration.nix index eb695ce..56b035d 100644 --- a/machines/heimdall/configuration.nix +++ b/machines/heimdall/configuration.nix @@ -131,7 +131,7 @@ caddy = { package = pkgs.caddy.withPlugins { plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g="; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; }; virtualHosts = { diff --git a/machines/meili/configuration.nix b/machines/meili/configuration.nix deleted file mode 100644 index 710152c..0000000 --- a/machines/meili/configuration.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ self, caddy-with-plugins, ... }: -{ pkgs, modulesPath, ... }: -{ - imports = [ - (modulesPath + "/virtualisation/lxc-container.nix") - - ../../users/root - ../../users/erwin - - ./geoserver - ]; - - eboskma = { - users.erwin = { - enable = true; - server = true; - }; - nix-common = { - enable = true; - remote-builders = true; - }; - caddy-proxy = { - enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; - proxyHosts = [ - { - externalHostname = "meili.datarift.nl"; - proxyAddress = "localhost:8080"; - } - ]; - }; - tailscale.enable = true; - }; - - boot.isContainer = true; - - time.timeZone = "Europe/Amsterdam"; - - system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev; - - networking = { - hostName = "meili"; - useDHCP = false; - useHostResolvConf = false; - networkmanager.enable = false; - useNetworkd = true; - nftables.enable = false; - - firewall = { - trustedInterfaces = [ "tailscale0" ]; - }; - }; - - systemd.network = { - enable = true; - - wait-online.anyInterface = true; - - networks = { - "40-eth0" = { - matchConfig = { - Name = "eth0"; - }; - - networkConfig = { - Address = "10.0.0.214/24"; - Gateway = "10.0.0.1"; - DNS = "10.0.0.206"; - DHCP = "no"; - }; - }; - }; - }; - - security = { - sudo-rs = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - }; - sudo.enable = false; - }; - - sops.defaultSopsFile = ./secrets.yaml; - sops.secrets = { - caddy-env = { }; - }; - - system.stateVersion = "24.11"; -} diff --git a/machines/meili/geoserver/default.nix b/machines/meili/geoserver/default.nix deleted file mode 100644 index 51cf6b6..0000000 --- a/machines/meili/geoserver/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -let - geoserver-war = pkgs.fetchzip { - url = "https://downloads.sourceforge.net/sourceforge/geoserver/GeoServer/2.25.1/geoserver-2.25.1-war.zip"; - hash = "sha256-O9XDjx3csW9HZzSYROPUCyl3sYlrKLMpHztUKYIEabs="; - stripRoot = false; - }; -in -{ - services.tomcat = { - enable = true; - virtualHosts = [ - { - name = "meili.datarift.nl"; - webapps = [ "${geoserver-war}/geoserver.war" ]; - } - ]; - purifyOnStart = true; - }; -} diff --git a/machines/meili/secrets.yaml b/machines/meili/secrets.yaml deleted file mode 100644 index 3938e13..0000000 --- a/machines/meili/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -caddy-env: ENC[AES256_GCM,data:KFoPLa9L43IbhXTft5VNB/4MetDxJsFX7phSsx1bDbr5e3wJynI2mLbTNkQexb+MUtWqK5JB,iv:vAoBGavDDlYT5UlVFgd/FYmU0w00mla8/fVatGEIjPg=,tag:L1YTfvWTkdhBLVBL4YL0iw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQ0dvR2x3R0VQc3NBY2pk - TExQOXlOU1FDNzFrVWJHcnlmZ2EvS1NpOVFNClBhVzhsOEdhc2FDZnRPN2RkcUZO - QU1sQ09scVdlY2NDcGg1SGJ1aG1rTmsKLS0tIGYvNW9EMEpKajE1Q2ZoYXd1QlAy - SGZGOXcvZUZhMkRjVDVtaG1aVjlvdTQKUJEntauITelHgLUIUXC7+LI6fias7GRM - avdmHwn7X/ReE/DivsLDNxvakSO3QJAQtrV2O0RPO+FPj6JFOu8CUQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMWJMMU9qK2tNN1p2cnJw - OVBRVDY1TWdyMkE0KzhIRGkwa2pyQU9wWFVvClp2M0NPRjBQS3pab1FSekpYYUpa - SU9NejRFeG9sV2YrUXhJRGhWenUrZHMKLS0tIFMwTUNzYSt2SDc2N2F1SXhkdnBR - c2Zjb1NlQ1dOV1NWVEpBaWJkcVZnWk0KfvUBb7bpml7jBw15gA+TK/9dok8KFvt0 - ouiiTExF41nYCKjfeBf99bKpUCykZxPSz8sReapyO6tZ8dDycXb2UA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1thyemgvua2at9mha5hxuqezxcrxvljh9tpwwmdylu0mrspppvamsunpeh2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdkh5a281aFBnWWhpUVNS - bElPZXBuOWV1YWZFMVZzdmRkMWtsNFUrM1F3ClI1SEpsMWRnRFlXVEhnRjQ0T3VJ - WjIyMzVFbXlaeHNLbkVOZGlGbVk4dmsKLS0tIFIxOWY2clVjZ3BJb3dqQThTSExI - TW1rUEFLNVFYUFo2VFEwd3JxSXFsYzQKbxzHXaU2KVBVWbU4kgpjaETw2wm/6cx+ - LL+d17IAkAv85Qh9ZoWwXluufrwwN1+12xsqQMSpwpWMyQgbNPCwRQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-04T07:47:43Z" - mac: ENC[AES256_GCM,data:tkvtSOGCMsAV48p/PGp/R+M7rME21TbEdIVTzTp7hv2bdHxgq0T8tdYAsdqdzkPvqjqvf61w7AzV8JsD8+T41lb2Wt16SHAsJVHGo+cePFztC1d2xf0EmimO41Py4m/ZxWnpPFnDyTXMw2mAspZeLBAjgB7+tjX4IFjCOk3HmkU=,iv:QnqXcAooViz7QH/6sM+IkyOASxMpe9yQ+WvGUB1lxdo=,tag:Ulph5M86R+N4hXxjm4c0BQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/machines/minio/configuration.nix b/machines/minio/configuration.nix index a88828c..9275a79 100644 --- a/machines/minio/configuration.nix +++ b/machines/minio/configuration.nix @@ -1,4 +1,4 @@ -{ self, caddy-with-plugins, ... }: +{ self, ... }: { pkgs, modulesPath, ... }: { imports = [ @@ -16,7 +16,10 @@ }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "minio.datarift.nl"; diff --git a/machines/nix-cache/configuration.nix b/machines/nix-cache/configuration.nix index f98ac8f..073051c 100644 --- a/machines/nix-cache/configuration.nix +++ b/machines/nix-cache/configuration.nix @@ -1,6 +1,5 @@ { self, - caddy-with-plugins, ... }: { @@ -24,7 +23,10 @@ }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "nix-cache.datarift.nl"; diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix index 87950f0..1b50b36 100644 --- a/machines/proxy/configuration.nix +++ b/machines/proxy/configuration.nix @@ -1,4 +1,4 @@ -{ self, caddy-with-plugins, ... }: +{ self, ... }: { modulesPath, pkgs, ... }: { imports = [ @@ -18,7 +18,10 @@ }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "home.datarift.nl"; diff --git a/machines/read/configuration.nix b/machines/read/configuration.nix index 9d3ae3f..60ae2f7 100644 --- a/machines/read/configuration.nix +++ b/machines/read/configuration.nix @@ -1,6 +1,5 @@ { self, - caddy-with-plugins, ... }: { @@ -31,7 +30,10 @@ }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "read.datarift.nl"; diff --git a/machines/saga/configuration.nix b/machines/saga/configuration.nix index 28083a0..e6c4f62 100644 --- a/machines/saga/configuration.nix +++ b/machines/saga/configuration.nix @@ -1,4 +1,4 @@ -{ self, caddy-with-plugins, ... }: +{ self, ... }: { pkgs, modulesPath, @@ -25,7 +25,10 @@ }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "saga.datarift.nl"; diff --git a/machines/search/configuration.nix b/machines/search/configuration.nix index ffb8a64..2053622 100644 --- a/machines/search/configuration.nix +++ b/machines/search/configuration.nix @@ -79,7 +79,7 @@ enable = true; package = pkgs.caddy.withPlugins { plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; - hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g="; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; }; virtualHosts = { diff --git a/machines/valkyrie/blocky/default.nix b/machines/valkyrie/blocky/default.nix index 72c4b27..a8b3519 100644 --- a/machines/valkyrie/blocky/default.nix +++ b/machines/valkyrie/blocky/default.nix @@ -39,8 +39,8 @@ customDNS = { mapping = { # Horus - "vaultserver.horus.nu" = "192.168.4.32"; - "downloads.horus.nu" = "192.168.4.129"; + # "vaultserver.horus.nu" = "192.168.4.32"; + # "downloads.horus.nu" = "192.168.4.129"; }; }; diff --git a/machines/valkyrie/configuration.nix b/machines/valkyrie/configuration.nix index f0d61f8..a523ea4 100644 --- a/machines/valkyrie/configuration.nix +++ b/machines/valkyrie/configuration.nix @@ -1,4 +1,4 @@ -{ self, caddy-with-plugins, ... }: +{ self, ... }: { pkgs, modulesPath, ... }: { imports = [ @@ -23,7 +23,10 @@ # }; caddy-proxy = { enable = true; - package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ]; + hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8="; + }; proxyHosts = [ { externalHostname = "blocky.datarift.nl";