erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

heimdall: Add proxy for external access to gitea

Browse source
This commit is contained in:
Erwin Boskma 2024-04-16 19:52:25 +02:00
parent a3e902c45e
commit b4dfe3bcb4
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
2 changed files with 23 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
machines/heimdall/configuration.nix
View file

@ -1,5 +1,10 @@
{ self, ... }@inputs: { self, ... }@inputs:
{ modulesPath, lib, ... }: {
pkgs,
modulesPath,
lib,
...
}:
# let # let
# pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux; # pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
# in # in
@ -16,6 +21,18 @@
enable = true; enable = true;
server = true; server = true;
}; };
caddy-proxy = {
enable = true;
package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
proxyHosts = [
{
externalHostname = "git.datarift.nl";
proxyAddress = "gitea.barn-beaver.ts.net:3000";
external = true;
}
];
};
headscale = { headscale = {
enable = false; enable = false;
baseDomain = "asgard.datarift.nl"; baseDomain = "asgard.datarift.nl";
@ -157,6 +174,7 @@
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {
keycloak-db-password = { }; keycloak-db-password = { };
caddy-env = { };
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

7
machines/heimdall/secrets.yaml
View file

@ -1,4 +1,5 @@
keycloak-db-password: ENC[AES256_GCM,data:F7kYKVyra5dKixtxMhhyCKDr50BEK6OhICRCKSmpCe25bB3xXpXW4sZS+9y8LIwBpCDXeQmghOXskRRQvslHKmQpj5AxNXNDLBG4Coj+ilfoh7BUbLtDJTCNum0mHGw3haCUh1rn0PGNW7A6aI+BrlsDuiwhnJ9m2q57ggAo1Gs=,iv:hQpuzx9Q40caXXX+9XuiwqpMSeBJr9DWaQmCyZUw8X8=,tag:s4vFvz41i9wyzkBuCT9k1A==,type:str] keycloak-db-password: ENC[AES256_GCM,data:F7kYKVyra5dKixtxMhhyCKDr50BEK6OhICRCKSmpCe25bB3xXpXW4sZS+9y8LIwBpCDXeQmghOXskRRQvslHKmQpj5AxNXNDLBG4Coj+ilfoh7BUbLtDJTCNum0mHGw3haCUh1rn0PGNW7A6aI+BrlsDuiwhnJ9m2q57ggAo1Gs=,iv:hQpuzx9Q40caXXX+9XuiwqpMSeBJr9DWaQmCyZUw8X8=,tag:s4vFvz41i9wyzkBuCT9k1A==,type:str]
caddy-env: ENC[AES256_GCM,data:VIZiA87DGW336hNnHRTRycTJRkD5DWlL7viCTHk7dT9RO8os5c3M+9fJ4AsLa0iehcUBZsuT,iv:zoU16J+Ov+VBFIl1OEZ3AJOh9OjKYqbJCxy5/VuXGvY=,tag:V6PfO7rSnxo4psLvdD8YRw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -32,8 +33,8 @@ sops:
cHJwVnhySC81SEF1OU1mRDhqaHVDMVkKYHqrt7CPVW3x12Ayo4PIZIhLpjaj28tK cHJwVnhySC81SEF1OU1mRDhqaHVDMVkKYHqrt7CPVW3x12Ayo4PIZIhLpjaj28tK
ON+NGAOxvZbpB+FYCNVdyFD/geHnkR4yDfBnR9nAlILsptFZuaNVmg== ON+NGAOxvZbpB+FYCNVdyFD/geHnkR4yDfBnR9nAlILsptFZuaNVmg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-01T14:11:42Z" lastmodified: "2024-04-16T17:45:21Z"
mac: ENC[AES256_GCM,data:Um2wARWNib6/9Ajo2ukXPe3duUgRsKEJqwauVNfKzHlv69TjJcb4lywmWQeyyKaRuPltkj1h9nCQBxR3GRwURG5bbMUCwBetvpWtiD3Gvj4FD2jetLbemiTUACvplajyHIa0lbV5HTtlSLb9hUpvoz33BPHuvMLeUCivHH7w5bo=,iv:iH/0jCAEi2gT4+NtndmVAk9kKuNCU3FsHA1sYEN0xS4=,tag:4zMeq7ESZ08r2kTkI7Wuuw==,type:str] mac: ENC[AES256_GCM,data:IUS8Tn8QxxJNo4J71DLLPaxlSgqQg1nK4FYL9Io4Xc7Nx19WG8s9eUsEbZGiUjLv5GST7twnliQF1f/STWtFAJyZWf3XVkIagQtxo9i6VdlP3dJV+12GNKfj8HnSBCAE5rDmfagwq+VewH+vIX4E1vkpPW3uiQ5g8KKqzPQmKjs=,iv:18fpXmaZ7W+73kHd8Kvk7yBI2Kp79fh4RR4NbACtrcQ=,tag:YeHCoXEwiOM1sRot3rCnbg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1