From d9bd7d8586949711dbcf0fdc11dfca63e73034c3 Mon Sep 17 00:00:00 2001 From: Erwin Boskma Date: Wed, 10 Apr 2024 22:19:33 +0200 Subject: [PATCH] caddy-proxy: Decouple configuration of virtualHosts from module --- machines/proxy/configuration.nix | 33 ++++++++++++++++++ modules/caddy-proxy/default.nix | 59 ++++++++++++++++++++++---------- 2 files changed, 74 insertions(+), 18 deletions(-) diff --git a/machines/proxy/configuration.nix b/machines/proxy/configuration.nix index 1c01540..749c825 100644 --- a/machines/proxy/configuration.nix +++ b/machines/proxy/configuration.nix @@ -23,6 +23,39 @@ plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ]; vendorHash = "sha256-UYNFkGK4A7DJSmin4nCo9rUD60gx80e9YZodn7uEcUM="; }; + proxyHosts = [ + { + externalHostname = "home.datarift.nl"; + proxyAddress = "homeassistant.barn-beaver.ts.net:8123"; + external = true; + } + { + externalHostname = "frigate.datarift.nl"; + proxyAddress = "frigate.barn-beaver.ts.net:5000"; + } + { + externalHostname = "git.datarift.nl"; + proxyAddress = "gitea.barn-beaver.ts.net:3000"; + external = true; + } + { + externalHostname = "minio.datarift.nl"; + proxyAddress = "minio.barn-beaver.ts.net:9000"; + external = true; + } + { + externalHostname = "minio-admin.datarift.nl"; + proxyAddress = "minio.barn-beaver.ts.net:9001"; + } + { + externalHostname = "saga.datarift.nl"; + proxyAddress = "saga.barn-beaver.ts.net:3000"; + } + { + externalHostname = "unifi.datarift.nl"; + proxyAddress = "unifi.barn-beaver.ts.net:8443"; + } + ]; }; tailscale.enable = true; }; diff --git a/modules/caddy-proxy/default.nix b/modules/caddy-proxy/default.nix index f6419ae..2078485 100644 --- a/modules/caddy-proxy/default.nix +++ b/modules/caddy-proxy/default.nix @@ -8,14 +8,25 @@ with lib; let cfg = config.eboskma.caddy-proxy; + proxyHost = types.submodule { + options = { + externalHostname = mkOption { + description = "Hostname where this service should be reached"; + type = types.str; + }; + proxyAddress = mkOption { + description = "Internal address where this service is reachable"; + type = types.str; + }; + external = mkEnableOption "Make this host externally reachable."; + }; + }; + mkProxyHost = target: { extraConfig = '' reverse_proxy ${target} - tls { - dns cloudflare {env.CF_API_TOKEN} - propagation_timeout -1 - } + import cloudflare-tls ''; }; @@ -31,10 +42,7 @@ let error "Nope." 403 } - tls { - dns cloudflare {env.CF_API_TOKEN} - propagation_timeout -1 - } + import cloudflare-tls ''; }; in @@ -42,6 +50,10 @@ in options.eboskma.caddy-proxy = { enable = mkEnableOption "Caddy proxy"; package = mkPackageOption pkgs "caddy" { }; + proxyHosts = mkOption { + description = "Proxy hosts"; + type = types.listOf proxyHost; + }; }; config = mkIf cfg.enable { @@ -53,16 +65,27 @@ in acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; - virtualHosts = { - "home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123"; - "ci.datarift.nl" = mkProxyHost "ci.barn-beaver.ts.net:8100"; - "frigate.datarift.nl" = mkLocalProxyHost "frigate.barn-beaver.ts.net:5000"; - "git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000"; - "minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000"; - "minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001"; - "saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000"; - "unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443"; - }; + extraConfig = '' + (cloudflare-tls) { + tls { + dns cloudflare {env.CF_API_TOKEN} + propagation_timeout -1 + } + } + ''; + + virtualHosts = builtins.listToAttrs ( + map ( + host: + let + mkProxy = if host ? external && host.external then mkProxyHost else mkLocalProxyHost; + in + { + name = host.externalHostname; + value = mkProxy host.proxyAddress; + } + ) cfg.proxyHosts + ); }; systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];