erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Migrate to caddy-nix

Browse source
This commit is contained in:
Erwin Boskma 2025-01-22 22:45:59 +01:00
parent 60ae315fa6
commit 575170595a
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
18 changed files with 46 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
flake.lock generated
View file

@ -37,32 +37,6 @@
"type": "github"
}
},
"caddy-with-plugins": {
"inputs": {
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": [
"treefmt-nix"
]
},
"locked": {
"lastModified": 1717860777,
"narHash": "sha256-j3hBTCwO0T+fkSLm2jN1MhXuOYLtsLK5nGMz+z44L+g=",
"owner": "eboskma",
"repo": "caddy-with-plugins",
"rev": "c6ff99288a79ed98482759e4feea0b90ade9219b",
"type": "github"
},
"original": {
"owner": "eboskma",
"repo": "caddy-with-plugins",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
@ -696,7 +670,6 @@
"inputs": {
"anyrun": "anyrun",
"caddy-nix": "caddy-nix",
"caddy-with-plugins": "caddy-with-plugins",
"colmena": "colmena",
"comin": "comin",
"disko": "disko",

9
flake.nix
View file

@ -107,15 +107,6 @@
inputs.nixpkgs-unstable.follows = "nixpkgs";
};
caddy-with-plugins = {
url = "github:eboskma/caddy-with-plugins";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
treefmt-nix.follows = "treefmt-nix";
};
};
ha-now-playing = {
url = "git+https://git.datarift.nl/erwin/ha-now-playing.git?ref=main";
inputs = {

2
machines/default.nix
View file

@ -14,7 +14,7 @@ inputs: {
# host = "10.0.0.82";
host = "factorio.barn-beaver.ts.net";
targetUser = "erwin";
tags = [ "container" ];
tags = [ ];
};
};
frigate = {

6
machines/frigate/configuration.nix
View file

@ -1,7 +1,6 @@
{
self,
nixos-hardware,
caddy-with-plugins,
...
}:
{ pkgs, modulesPath, ... }:
@ -30,7 +29,10 @@
tailscale.enable = true;
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "frigate.datarift.nl";

7
machines/gitea/caddy.nix
View file

@ -1,14 +1,15 @@
# { caddy-with-plugins, ... }:
{
pkgs,
config,
inputs,
...
}:
{
services.caddy = {
enable = true;
package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
email = "erwin@datarift.nl";

7
machines/gitea/configuration.nix
View file

@ -1,4 +1,4 @@
{ self, caddy-with-plugins, ... }:
{ self, ... }:
{ pkgs, modulesPath, ... }:
{
imports = [
@ -17,7 +17,10 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "git.datarift.nl";

2
machines/heimdall/configuration.nix
View file

@ -131,7 +131,7 @@
caddy = {
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g=";
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
virtualHosts = {

90
machines/meili/configuration.nix
View file

@ -1,90 +0,0 @@
{ self, caddy-with-plugins, ... }:
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
./geoserver
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
proxyHosts = [
{
externalHostname = "meili.datarift.nl";
proxyAddress = "localhost:8080";
}
];
};
tailscale.enable = true;
};
boot.isContainer = true;
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "meili";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = false;
firewall = {
trustedInterfaces = [ "tailscale0" ];
};
};
systemd.network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.214/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
caddy-env = { };
};
system.stateVersion = "24.11";
}

20
machines/meili/geoserver/default.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }:
let
geoserver-war = pkgs.fetchzip {
url = "https://downloads.sourceforge.net/sourceforge/geoserver/GeoServer/2.25.1/geoserver-2.25.1-war.zip";
hash = "sha256-O9XDjx3csW9HZzSYROPUCyl3sYlrKLMpHztUKYIEabs=";
stripRoot = false;
};
in
{
services.tomcat = {
enable = true;
virtualHosts = [
{
name = "meili.datarift.nl";
webapps = [ "${geoserver-war}/geoserver.war" ];
}
];
purifyOnStart = true;
};
}

39
machines/meili/secrets.yaml
View file

@ -1,39 +0,0 @@
caddy-env: ENC[AES256_GCM,data:KFoPLa9L43IbhXTft5VNB/4MetDxJsFX7phSsx1bDbr5e3wJynI2mLbTNkQexb+MUtWqK5JB,iv:vAoBGavDDlYT5UlVFgd/FYmU0w00mla8/fVatGEIjPg=,tag:L1YTfvWTkdhBLVBL4YL0iw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQ0dvR2x3R0VQc3NBY2pk
TExQOXlOU1FDNzFrVWJHcnlmZ2EvS1NpOVFNClBhVzhsOEdhc2FDZnRPN2RkcUZO
QU1sQ09scVdlY2NDcGg1SGJ1aG1rTmsKLS0tIGYvNW9EMEpKajE1Q2ZoYXd1QlAy
SGZGOXcvZUZhMkRjVDVtaG1aVjlvdTQKUJEntauITelHgLUIUXC7+LI6fias7GRM
avdmHwn7X/ReE/DivsLDNxvakSO3QJAQtrV2O0RPO+FPj6JFOu8CUQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMWJMMU9qK2tNN1p2cnJw
OVBRVDY1TWdyMkE0KzhIRGkwa2pyQU9wWFVvClp2M0NPRjBQS3pab1FSekpYYUpa
SU9NejRFeG9sV2YrUXhJRGhWenUrZHMKLS0tIFMwTUNzYSt2SDc2N2F1SXhkdnBR
c2Zjb1NlQ1dOV1NWVEpBaWJkcVZnWk0KfvUBb7bpml7jBw15gA+TK/9dok8KFvt0
ouiiTExF41nYCKjfeBf99bKpUCykZxPSz8sReapyO6tZ8dDycXb2UA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1thyemgvua2at9mha5hxuqezxcrxvljh9tpwwmdylu0mrspppvamsunpeh2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdkh5a281aFBnWWhpUVNS
bElPZXBuOWV1YWZFMVZzdmRkMWtsNFUrM1F3ClI1SEpsMWRnRFlXVEhnRjQ0T3VJ
WjIyMzVFbXlaeHNLbkVOZGlGbVk4dmsKLS0tIFIxOWY2clVjZ3BJb3dqQThTSExI
TW1rUEFLNVFYUFo2VFEwd3JxSXFsYzQKbxzHXaU2KVBVWbU4kgpjaETw2wm/6cx+
LL+d17IAkAv85Qh9ZoWwXluufrwwN1+12xsqQMSpwpWMyQgbNPCwRQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-04T07:47:43Z"
mac: ENC[AES256_GCM,data:tkvtSOGCMsAV48p/PGp/R+M7rME21TbEdIVTzTp7hv2bdHxgq0T8tdYAsdqdzkPvqjqvf61w7AzV8JsD8+T41lb2Wt16SHAsJVHGo+cePFztC1d2xf0EmimO41Py4m/ZxWnpPFnDyTXMw2mAspZeLBAjgB7+tjX4IFjCOk3HmkU=,iv:QnqXcAooViz7QH/6sM+IkyOASxMpe9yQ+WvGUB1lxdo=,tag:Ulph5M86R+N4hXxjm4c0BQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

7
machines/minio/configuration.nix
View file

@ -1,4 +1,4 @@
{ self, caddy-with-plugins, ... }:
{ self, ... }:
{ pkgs, modulesPath, ... }:
{
imports = [
@ -16,7 +16,10 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "minio.datarift.nl";

6
machines/nix-cache/configuration.nix
View file

@ -1,6 +1,5 @@
{
self,
caddy-with-plugins,
...
}:
{
@ -24,7 +23,10 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "nix-cache.datarift.nl";

7
machines/proxy/configuration.nix
View file

@ -1,4 +1,4 @@
{ self, caddy-with-plugins, ... }:
{ self, ... }:
{ modulesPath, pkgs, ... }:
{
imports = [
@ -18,7 +18,10 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "home.datarift.nl";

6
machines/read/configuration.nix
View file

@ -1,6 +1,5 @@
{
self,
caddy-with-plugins,
...
}:
{
@ -31,7 +30,10 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "read.datarift.nl";

7
machines/saga/configuration.nix
View file

@ -1,4 +1,4 @@
{ self, caddy-with-plugins, ... }:
{ self, ... }:
{
pkgs,
modulesPath,
@ -25,7 +25,10 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "saga.datarift.nl";

2
machines/search/configuration.nix
View file

@ -79,7 +79,7 @@
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-Aqu2st8blQr/Ekia2KrH1AP/2BVZIN4jOJpdLc1Rr4g=";
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
virtualHosts = {

4
machines/valkyrie/blocky/default.nix
View file

@ -39,8 +39,8 @@
customDNS = {
mapping = {
# Horus
"vaultserver.horus.nu" = "192.168.4.32";
"downloads.horus.nu" = "192.168.4.129";
# "vaultserver.horus.nu" = "192.168.4.32";
# "downloads.horus.nu" = "192.168.4.129";
};
};

7
machines/valkyrie/configuration.nix
View file

@ -1,4 +1,4 @@
{ self, caddy-with-plugins, ... }:
{ self, ... }:
{ pkgs, modulesPath, ... }:
{
imports = [
@ -23,7 +23,10 @@
# };
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "blocky.datarift.nl";