erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

saga: Add caddy

Browse source
This commit is contained in:
Erwin Boskma 2024-06-10 10:59:31 +02:00
parent a46bdfc8d1
commit b232f0a2c8
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
2 changed files with 33 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
machines/saga/configuration.nix
View file

@ -1,5 +1,6 @@
{ self, ... }:
{ self, caddy-with-plugins, ... }:
{
pkgs,
modulesPath,
lib,
config,
@ -22,6 +23,16 @@
enable = true;
server = true;
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
proxyHosts = [
{
externalHostname = "saga.datarift.nl";
proxyAddress = "localhost:3000";
}
];
};
nix-common = {
enable = true;
remote-builders = true;
@ -48,7 +59,8 @@
firewall.trustedInterfaces = [ "tailscale0" ];
};
systemd.network = {
systemd = {
network = {
enable = true;
wait-online.anyInterface = true;
@ -69,6 +81,9 @@
};
};
services.logrotate-checkconf.enable = false;
};
security = {
sudo-rs = {
enable = true;
@ -80,6 +95,7 @@
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
caddy-env = { };
metrics_ca = {
owner = config.systemd.services.prometheus.serviceConfig.User;
};

5
machines/saga/secrets.yaml
View file

@ -2,6 +2,7 @@ metrics_cert: ENC[AES256_GCM,data:hxI6B6h1eOaHlYpUeHcsXMAEPZwuKpAgZ9gYkkqK73guUy
metrics_key: ENC[AES256_GCM,data:fGpIg3k/PBcq4dVdLL5oNEdbrPTFarDAi9QLw7ViEfzG4jdxOec8rdFNtECX3IdtGIFZ7VtLd7hTISYrklafBqYMyBw0y3dxmbQaG7CQoIPoxnoJlbwAxofjfgFyVa69V6/o1mvCBfw3Tv8akRQel+3lTTB7RgqBsd+JNjiIsrC5r4JAr6KJCkKKLbNJZ79W1PGdKb2VEeVwGmdfWcvKz4TN6Za4cwhc51IAnZBH+2QnNNCYM6JnT0LVIzERS6ljF8MOb2Xmaqb9w6QxxTLX4nheEceWpOMLc71nIGtMSsU+SiRiZtHEdcUsDGBUdriqQ2mP5Q10Yz0K0u1wqXiLiz/wfeFGIvRPNOpP/b/cSFQSp494ZnMdO2bsnXOKQNFVBkkIO2jvB2SOlIJwC329n9vG,iv:jktiYgPJluYrQOpOOTwwpQ9SDJVvsO4lEwDe+l2cn3Q=,tag:rduGq7/XVShG9SqQeWl19g==,type:str]
metrics_ca: ENC[AES256_GCM,data:nMocCNsco+iYrrZbJxuoWhQ5ytDyy+JjaRTbalTof4CPK3CtWpu2KhHhVJNN+XaThns3jzBEjEDyuPqhb27CaUG871Z8O8BGAEtYWUa886sIdgPgOkL3rsDCELxnnEkCKIcyfu3DZFIcs+hWQGOVQ3KBY44dpwJzm5xm/PbbpiPo7QawAzEhOynmRz1eN+At+aDgBNMRJ9fWg5qaImf6iFL804M7q6mjVAOopvL+I5vMAn4FODWWn93Vm0edHWjhIDb2NHuwSL0WRdt74GMES+ZPvBjpnGsMFteCC1sWGuAMY9S78V54+o95Ijf6j8yzPadyayZb51K2/qGWas/wpaQlmva2mQvv/y1jpDfewLt4ZstzqCamVhhXzZfguf7F+MpbEGpNUl7SvCnS6BtNU7XCaV5bEp8vTKfhYVh+/AqBPYG2BpLB0N/Q198/nTkW82CgP1V4BJ8HD8FiWympZjhLjdglkMZ3h1u9k6VQIAZ9kQS3B60kKBq1mWhDVmZmNTSMf85zfV48XrBPF/ttCfCjd33gxopok5OLMZqVHNKY4PxCLI6e5FKOwwEmrzf6MffGiDWZWMgTaz3OM+d9Yv8yjNDeboGb6TGRn4yXfKlcsl4mYZi+C3IJ0BkmUA9BXaLXhhWKl/e5Xs5Ajtgf3fwSVEgsQ8G3kC2OQT0qoIMKx37K4YmABYVFx0qcJy2diQ3ZoFmvGAwvYb5vKtlyJHnbDz6OyXWfYc1UkAG4mtHNMrsgSL7ruju4QvIeZPwXDsNazI9R3dWaLbnz041JQNRvA0Kpwg3LxHaf4D0Ln7nBokEmvRycuBXljPk35B3CuGoj2qnCJzx057MTQoX/UKtQ/KRbGP0Dmmu+s1cH9dHw8l3ya+zZEKBJHt2w7rmmMiYVXMetjoPIHevePumDeXFRyCvU3mWwj7xUtzbrpTwY0zSYi5brdMRe4NBtmYJsMmH7Jgc+HOgtbm8MC++FApxiKpV2,iv:08lM7WQLcnuC7DvTZ1999sOojo9l35gAZpp4oIMuJBY=,tag:YW0xjTJkycV7xJHZuhE0uQ==,type:str]
grafana-oauth2-secret: ENC[AES256_GCM,data:D4f/MxiIGaeKD5DNXiCLg2IeFMX0TAkxIR1BY+1z89w=,iv:XNrRSwipAbpQFnXG94zke28gTL22zNf/HfGriChaRgA=,tag:6tsqNc68wHujtlmV4plwPQ==,type:str]
caddy-env: ENC[AES256_GCM,data:ntuUzIevCFYT6pUmVzcbvaHTdCIhpdtlYHhQynojNI77JqnF3o/OJVugXI0O4DqRLVkzaKcQ,iv:XqWjxR1PrwN/pO3Nh/TLdDlpcm2QfdVIVCACfrsCwEk=,tag:d8FFJ+P4hFrNp/tBckPteQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -35,8 +36,8 @@ sops:
K1FHaGVOQlo2cjBTQ3ZIYXZ5ZzNsNlEKLZWrUkNXTv8ECwXz1aPdnrpMs6r9Q+yI
k5rFkaa+ylIk4OqouKRxxlNFdgcdqqYdZEqLrfuLnamzr6LNaoL1dQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-29T15:40:45Z"
mac: ENC[AES256_GCM,data:+gH5ZcPlJ1ESdo93Td9BfuMKB1la18ER8OnA65/WERL5bjFai0GRjLxUGOLiJF5ApIj1JMfoqd08awvS8xUVM/4zccYXTeHtngVw2Ra9q3wcvFK4VzQ7kIO0btd6+YSdGGFpWLwBvErsn1yUs67sl69qr4qz0BxMrFn3zac3aQU=,iv:4fxThNrDrOsNNSykVVEmAHfl2VpcZVA58E5lZ+krEpE=,tag:RFigNQQzcZBMiCky5nL3Wg==,type:str]
lastmodified: "2024-06-10T09:03:14Z"
mac: ENC[AES256_GCM,data:5M837MDd/9ZPyoczsKQ0UJVtFxcX+DsKxZplsZgQA2iKhgzKtWsrz/HciYUnDsYqlTswDWPZhcMpEAhzozUxuKJEoWswmwuKAEBLn5zb6fcvy3H8oMDELR/e3IFZ+5dpxeaWrJwx2mXHdk/aW1AiWjtSpcNlNlF1QM8oFvwjlbA=,iv:h+uRWTlMZlkatS6zBLa9znGb77o8oPA2KC2C/rrVnGw=,tag:8/hTW2BDdTN8V36gSXFMEg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1