saga: Add caddy
This commit is contained in:
parent
a46bdfc8d1
commit
b232f0a2c8
2 changed files with 33 additions and 16 deletions
|
@ -1,5 +1,6 @@
|
||||||
{ self, ... }:
|
{ self, caddy-with-plugins, ... }:
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
modulesPath,
|
modulesPath,
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
@ -22,6 +23,16 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
server = true;
|
server = true;
|
||||||
};
|
};
|
||||||
|
caddy-proxy = {
|
||||||
|
enable = true;
|
||||||
|
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
|
||||||
|
proxyHosts = [
|
||||||
|
{
|
||||||
|
externalHostname = "saga.datarift.nl";
|
||||||
|
proxyAddress = "localhost:3000";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
nix-common = {
|
nix-common = {
|
||||||
enable = true;
|
enable = true;
|
||||||
remote-builders = true;
|
remote-builders = true;
|
||||||
|
@ -48,25 +59,29 @@
|
||||||
firewall.trustedInterfaces = [ "tailscale0" ];
|
firewall.trustedInterfaces = [ "tailscale0" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.network = {
|
systemd = {
|
||||||
enable = true;
|
network = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
wait-online.anyInterface = true;
|
wait-online.anyInterface = true;
|
||||||
|
|
||||||
networks = {
|
networks = {
|
||||||
"40-eth0" = {
|
"40-eth0" = {
|
||||||
matchConfig = {
|
matchConfig = {
|
||||||
Name = "eth0";
|
Name = "eth0";
|
||||||
};
|
};
|
||||||
|
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
Address = "10.0.0.212/24";
|
Address = "10.0.0.212/24";
|
||||||
Gateway = "10.0.0.1";
|
Gateway = "10.0.0.1";
|
||||||
DNS = "10.0.0.206";
|
DNS = "10.0.0.206";
|
||||||
DHCP = "no";
|
DHCP = "no";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.logrotate-checkconf.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
security = {
|
security = {
|
||||||
|
@ -80,6 +95,7 @@
|
||||||
|
|
||||||
sops.defaultSopsFile = ./secrets.yaml;
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
|
caddy-env = { };
|
||||||
metrics_ca = {
|
metrics_ca = {
|
||||||
owner = config.systemd.services.prometheus.serviceConfig.User;
|
owner = config.systemd.services.prometheus.serviceConfig.User;
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,6 +2,7 @@ metrics_cert: ENC[AES256_GCM,data:hxI6B6h1eOaHlYpUeHcsXMAEPZwuKpAgZ9gYkkqK73guUy
|
||||||
metrics_key: ENC[AES256_GCM,data:fGpIg3k/PBcq4dVdLL5oNEdbrPTFarDAi9QLw7ViEfzG4jdxOec8rdFNtECX3IdtGIFZ7VtLd7hTISYrklafBqYMyBw0y3dxmbQaG7CQoIPoxnoJlbwAxofjfgFyVa69V6/o1mvCBfw3Tv8akRQel+3lTTB7RgqBsd+JNjiIsrC5r4JAr6KJCkKKLbNJZ79W1PGdKb2VEeVwGmdfWcvKz4TN6Za4cwhc51IAnZBH+2QnNNCYM6JnT0LVIzERS6ljF8MOb2Xmaqb9w6QxxTLX4nheEceWpOMLc71nIGtMSsU+SiRiZtHEdcUsDGBUdriqQ2mP5Q10Yz0K0u1wqXiLiz/wfeFGIvRPNOpP/b/cSFQSp494ZnMdO2bsnXOKQNFVBkkIO2jvB2SOlIJwC329n9vG,iv:jktiYgPJluYrQOpOOTwwpQ9SDJVvsO4lEwDe+l2cn3Q=,tag:rduGq7/XVShG9SqQeWl19g==,type:str]
|
metrics_key: ENC[AES256_GCM,data:fGpIg3k/PBcq4dVdLL5oNEdbrPTFarDAi9QLw7ViEfzG4jdxOec8rdFNtECX3IdtGIFZ7VtLd7hTISYrklafBqYMyBw0y3dxmbQaG7CQoIPoxnoJlbwAxofjfgFyVa69V6/o1mvCBfw3Tv8akRQel+3lTTB7RgqBsd+JNjiIsrC5r4JAr6KJCkKKLbNJZ79W1PGdKb2VEeVwGmdfWcvKz4TN6Za4cwhc51IAnZBH+2QnNNCYM6JnT0LVIzERS6ljF8MOb2Xmaqb9w6QxxTLX4nheEceWpOMLc71nIGtMSsU+SiRiZtHEdcUsDGBUdriqQ2mP5Q10Yz0K0u1wqXiLiz/wfeFGIvRPNOpP/b/cSFQSp494ZnMdO2bsnXOKQNFVBkkIO2jvB2SOlIJwC329n9vG,iv:jktiYgPJluYrQOpOOTwwpQ9SDJVvsO4lEwDe+l2cn3Q=,tag:rduGq7/XVShG9SqQeWl19g==,type:str]
|
||||||
metrics_ca: ENC[AES256_GCM,data:nMocCNsco+iYrrZbJxuoWhQ5ytDyy+JjaRTbalTof4CPK3CtWpu2KhHhVJNN+XaThns3jzBEjEDyuPqhb27CaUG871Z8O8BGAEtYWUa886sIdgPgOkL3rsDCELxnnEkCKIcyfu3DZFIcs+hWQGOVQ3KBY44dpwJzm5xm/PbbpiPo7QawAzEhOynmRz1eN+At+aDgBNMRJ9fWg5qaImf6iFL804M7q6mjVAOopvL+I5vMAn4FODWWn93Vm0edHWjhIDb2NHuwSL0WRdt74GMES+ZPvBjpnGsMFteCC1sWGuAMY9S78V54+o95Ijf6j8yzPadyayZb51K2/qGWas/wpaQlmva2mQvv/y1jpDfewLt4ZstzqCamVhhXzZfguf7F+MpbEGpNUl7SvCnS6BtNU7XCaV5bEp8vTKfhYVh+/AqBPYG2BpLB0N/Q198/nTkW82CgP1V4BJ8HD8FiWympZjhLjdglkMZ3h1u9k6VQIAZ9kQS3B60kKBq1mWhDVmZmNTSMf85zfV48XrBPF/ttCfCjd33gxopok5OLMZqVHNKY4PxCLI6e5FKOwwEmrzf6MffGiDWZWMgTaz3OM+d9Yv8yjNDeboGb6TGRn4yXfKlcsl4mYZi+C3IJ0BkmUA9BXaLXhhWKl/e5Xs5Ajtgf3fwSVEgsQ8G3kC2OQT0qoIMKx37K4YmABYVFx0qcJy2diQ3ZoFmvGAwvYb5vKtlyJHnbDz6OyXWfYc1UkAG4mtHNMrsgSL7ruju4QvIeZPwXDsNazI9R3dWaLbnz041JQNRvA0Kpwg3LxHaf4D0Ln7nBokEmvRycuBXljPk35B3CuGoj2qnCJzx057MTQoX/UKtQ/KRbGP0Dmmu+s1cH9dHw8l3ya+zZEKBJHt2w7rmmMiYVXMetjoPIHevePumDeXFRyCvU3mWwj7xUtzbrpTwY0zSYi5brdMRe4NBtmYJsMmH7Jgc+HOgtbm8MC++FApxiKpV2,iv:08lM7WQLcnuC7DvTZ1999sOojo9l35gAZpp4oIMuJBY=,tag:YW0xjTJkycV7xJHZuhE0uQ==,type:str]
|
metrics_ca: ENC[AES256_GCM,data:nMocCNsco+iYrrZbJxuoWhQ5ytDyy+JjaRTbalTof4CPK3CtWpu2KhHhVJNN+XaThns3jzBEjEDyuPqhb27CaUG871Z8O8BGAEtYWUa886sIdgPgOkL3rsDCELxnnEkCKIcyfu3DZFIcs+hWQGOVQ3KBY44dpwJzm5xm/PbbpiPo7QawAzEhOynmRz1eN+At+aDgBNMRJ9fWg5qaImf6iFL804M7q6mjVAOopvL+I5vMAn4FODWWn93Vm0edHWjhIDb2NHuwSL0WRdt74GMES+ZPvBjpnGsMFteCC1sWGuAMY9S78V54+o95Ijf6j8yzPadyayZb51K2/qGWas/wpaQlmva2mQvv/y1jpDfewLt4ZstzqCamVhhXzZfguf7F+MpbEGpNUl7SvCnS6BtNU7XCaV5bEp8vTKfhYVh+/AqBPYG2BpLB0N/Q198/nTkW82CgP1V4BJ8HD8FiWympZjhLjdglkMZ3h1u9k6VQIAZ9kQS3B60kKBq1mWhDVmZmNTSMf85zfV48XrBPF/ttCfCjd33gxopok5OLMZqVHNKY4PxCLI6e5FKOwwEmrzf6MffGiDWZWMgTaz3OM+d9Yv8yjNDeboGb6TGRn4yXfKlcsl4mYZi+C3IJ0BkmUA9BXaLXhhWKl/e5Xs5Ajtgf3fwSVEgsQ8G3kC2OQT0qoIMKx37K4YmABYVFx0qcJy2diQ3ZoFmvGAwvYb5vKtlyJHnbDz6OyXWfYc1UkAG4mtHNMrsgSL7ruju4QvIeZPwXDsNazI9R3dWaLbnz041JQNRvA0Kpwg3LxHaf4D0Ln7nBokEmvRycuBXljPk35B3CuGoj2qnCJzx057MTQoX/UKtQ/KRbGP0Dmmu+s1cH9dHw8l3ya+zZEKBJHt2w7rmmMiYVXMetjoPIHevePumDeXFRyCvU3mWwj7xUtzbrpTwY0zSYi5brdMRe4NBtmYJsMmH7Jgc+HOgtbm8MC++FApxiKpV2,iv:08lM7WQLcnuC7DvTZ1999sOojo9l35gAZpp4oIMuJBY=,tag:YW0xjTJkycV7xJHZuhE0uQ==,type:str]
|
||||||
grafana-oauth2-secret: ENC[AES256_GCM,data:D4f/MxiIGaeKD5DNXiCLg2IeFMX0TAkxIR1BY+1z89w=,iv:XNrRSwipAbpQFnXG94zke28gTL22zNf/HfGriChaRgA=,tag:6tsqNc68wHujtlmV4plwPQ==,type:str]
|
grafana-oauth2-secret: ENC[AES256_GCM,data:D4f/MxiIGaeKD5DNXiCLg2IeFMX0TAkxIR1BY+1z89w=,iv:XNrRSwipAbpQFnXG94zke28gTL22zNf/HfGriChaRgA=,tag:6tsqNc68wHujtlmV4plwPQ==,type:str]
|
||||||
|
caddy-env: ENC[AES256_GCM,data:ntuUzIevCFYT6pUmVzcbvaHTdCIhpdtlYHhQynojNI77JqnF3o/OJVugXI0O4DqRLVkzaKcQ,iv:XqWjxR1PrwN/pO3Nh/TLdDlpcm2QfdVIVCACfrsCwEk=,tag:d8FFJ+P4hFrNp/tBckPteQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -35,8 +36,8 @@ sops:
|
||||||
K1FHaGVOQlo2cjBTQ3ZIYXZ5ZzNsNlEKLZWrUkNXTv8ECwXz1aPdnrpMs6r9Q+yI
|
K1FHaGVOQlo2cjBTQ3ZIYXZ5ZzNsNlEKLZWrUkNXTv8ECwXz1aPdnrpMs6r9Q+yI
|
||||||
k5rFkaa+ylIk4OqouKRxxlNFdgcdqqYdZEqLrfuLnamzr6LNaoL1dQ==
|
k5rFkaa+ylIk4OqouKRxxlNFdgcdqqYdZEqLrfuLnamzr6LNaoL1dQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-29T15:40:45Z"
|
lastmodified: "2024-06-10T09:03:14Z"
|
||||||
mac: ENC[AES256_GCM,data:+gH5ZcPlJ1ESdo93Td9BfuMKB1la18ER8OnA65/WERL5bjFai0GRjLxUGOLiJF5ApIj1JMfoqd08awvS8xUVM/4zccYXTeHtngVw2Ra9q3wcvFK4VzQ7kIO0btd6+YSdGGFpWLwBvErsn1yUs67sl69qr4qz0BxMrFn3zac3aQU=,iv:4fxThNrDrOsNNSykVVEmAHfl2VpcZVA58E5lZ+krEpE=,tag:RFigNQQzcZBMiCky5nL3Wg==,type:str]
|
mac: ENC[AES256_GCM,data:5M837MDd/9ZPyoczsKQ0UJVtFxcX+DsKxZplsZgQA2iKhgzKtWsrz/HciYUnDsYqlTswDWPZhcMpEAhzozUxuKJEoWswmwuKAEBLn5zb6fcvy3H8oMDELR/e3IFZ+5dpxeaWrJwx2mXHdk/aW1AiWjtSpcNlNlF1QM8oFvwjlbA=,iv:h+uRWTlMZlkatS6zBLa9znGb77o8oPA2KC2C/rrVnGw=,tag:8/hTW2BDdTN8V36gSXFMEg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue