heimdall: Add proxy for external access to gitea

2024-04-16 19:52:25 +02:00 · 2024-04-16 19:52:25 +02:00 · b4dfe3bcb4
commit b4dfe3bcb4
parent a3e902c45e
2 changed files with 23 additions and 4 deletions
--- a/machines/heimdall/configuration.nix
+++ b/machines/heimdall/configuration.nix
@ -1,5 +1,10 @@
 { self, ... }@inputs:
-{ modulesPath, lib, ... }:
+{
+  pkgs,
+  modulesPath,
+  lib,
+  ...
+}:
 # let
 #   pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
 # in
@ -16,6 +21,18 @@
      enable = true;
      server = true;
    };
+
+    caddy-proxy = {
+      enable = true;
+      package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
+      proxyHosts = [
+        {
+          externalHostname = "git.datarift.nl";
+          proxyAddress = "gitea.barn-beaver.ts.net:3000";
+          external = true;
+        }
+      ];
+    };
    headscale = {
      enable = false;
      baseDomain = "asgard.datarift.nl";
@ -157,6 +174,7 @@
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    keycloak-db-password = { };
+    caddy-env = { };
  };

  system.stateVersion = "23.05";
--- a/machines/heimdall/secrets.yaml
+++ b/machines/heimdall/secrets.yaml
@ -1,4 +1,5 @@
 keycloak-db-password: ENC[AES256_GCM,data:F7kYKVyra5dKixtxMhhyCKDr50BEK6OhICRCKSmpCe25bB3xXpXW4sZS+9y8LIwBpCDXeQmghOXskRRQvslHKmQpj5AxNXNDLBG4Coj+ilfoh7BUbLtDJTCNum0mHGw3haCUh1rn0PGNW7A6aI+BrlsDuiwhnJ9m2q57ggAo1Gs=,iv:hQpuzx9Q40caXXX+9XuiwqpMSeBJr9DWaQmCyZUw8X8=,tag:s4vFvz41i9wyzkBuCT9k1A==,type:str]
+caddy-env: ENC[AES256_GCM,data:VIZiA87DGW336hNnHRTRycTJRkD5DWlL7viCTHk7dT9RO8os5c3M+9fJ4AsLa0iehcUBZsuT,iv:zoU16J+Ov+VBFIl1OEZ3AJOh9OjKYqbJCxy5/VuXGvY=,tag:V6PfO7rSnxo4psLvdD8YRw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -32,8 +33,8 @@ sops:
            cHJwVnhySC81SEF1OU1mRDhqaHVDMVkKYHqrt7CPVW3x12Ayo4PIZIhLpjaj28tK
            ON+NGAOxvZbpB+FYCNVdyFD/geHnkR4yDfBnR9nAlILsptFZuaNVmg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-01T14:11:42Z"
-    mac: ENC[AES256_GCM,data:Um2wARWNib6/9Ajo2ukXPe3duUgRsKEJqwauVNfKzHlv69TjJcb4lywmWQeyyKaRuPltkj1h9nCQBxR3GRwURG5bbMUCwBetvpWtiD3Gvj4FD2jetLbemiTUACvplajyHIa0lbV5HTtlSLb9hUpvoz33BPHuvMLeUCivHH7w5bo=,iv:iH/0jCAEi2gT4+NtndmVAk9kKuNCU3FsHA1sYEN0xS4=,tag:4zMeq7ESZ08r2kTkI7Wuuw==,type:str]
+    lastmodified: "2024-04-16T17:45:21Z"
+    mac: ENC[AES256_GCM,data:IUS8Tn8QxxJNo4J71DLLPaxlSgqQg1nK4FYL9Io4Xc7Nx19WG8s9eUsEbZGiUjLv5GST7twnliQF1f/STWtFAJyZWf3XVkIagQtxo9i6VdlP3dJV+12GNKfj8HnSBCAE5rDmfagwq+VewH+vIX4E1vkpPW3uiQ5g8KKqzPQmKjs=,iv:18fpXmaZ7W+73kHd8Kvk7yBI2Kp79fh4RR4NbACtrcQ=,tag:YeHCoXEwiOM1sRot3rCnbg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.7.3
+    version: 3.8.1