erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

caddy-proxy: Decouple configuration of virtualHosts from module

Browse source
This commit is contained in:
Erwin Boskma 2024-04-10 22:19:33 +02:00
parent a73ea8306a
commit d9bd7d8586
Signed by: erwin
SSH key fingerprint: SHA256:/Wk1WZdLg+vQHs3in9qq7PsIp8SMzwGSk/RLZ5zPuZk
2 changed files with 74 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
machines/proxy/configuration.nix
View file

@ -23,6 +23,39 @@
plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ];
vendorHash = "sha256-UYNFkGK4A7DJSmin4nCo9rUD60gx80e9YZodn7uEcUM=";
};
proxyHosts = [
{
externalHostname = "home.datarift.nl";
proxyAddress = "homeassistant.barn-beaver.ts.net:8123";
external = true;
}
{
externalHostname = "frigate.datarift.nl";
proxyAddress = "frigate.barn-beaver.ts.net:5000";
}
{
externalHostname = "git.datarift.nl";
proxyAddress = "gitea.barn-beaver.ts.net:3000";
external = true;
}
{
externalHostname = "minio.datarift.nl";
proxyAddress = "minio.barn-beaver.ts.net:9000";
external = true;
}
{
externalHostname = "minio-admin.datarift.nl";
proxyAddress = "minio.barn-beaver.ts.net:9001";
}
{
externalHostname = "saga.datarift.nl";
proxyAddress = "saga.barn-beaver.ts.net:3000";
}
{
externalHostname = "unifi.datarift.nl";
proxyAddress = "unifi.barn-beaver.ts.net:8443";
}
];
};
tailscale.enable = true;
};

59
modules/caddy-proxy/default.nix
View file

@ -8,14 +8,25 @@ with lib;
let
cfg = config.eboskma.caddy-proxy;
proxyHost = types.submodule {
options = {
externalHostname = mkOption {
description = "Hostname where this service should be reached";
type = types.str;
};
proxyAddress = mkOption {
description = "Internal address where this service is reachable";
type = types.str;
};
external = mkEnableOption "Make this host externally reachable.";
};
};
mkProxyHost = target: {
extraConfig = ''
reverse_proxy ${target}
tls {
dns cloudflare {env.CF_API_TOKEN}
propagation_timeout -1
}
import cloudflare-tls
'';
};
@ -31,10 +42,7 @@ let
error "Nope." 403
}
tls {
dns cloudflare {env.CF_API_TOKEN}
propagation_timeout -1
}
import cloudflare-tls
'';
};
in
@ -42,6 +50,10 @@ in
options.eboskma.caddy-proxy = {
enable = mkEnableOption "Caddy proxy";
package = mkPackageOption pkgs "caddy" { };
proxyHosts = mkOption {
description = "Proxy hosts";
type = types.listOf proxyHost;
};
};
config = mkIf cfg.enable {
@ -53,16 +65,27 @@ in
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
virtualHosts = {
"home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123";
"ci.datarift.nl" = mkProxyHost "ci.barn-beaver.ts.net:8100";
"frigate.datarift.nl" = mkLocalProxyHost "frigate.barn-beaver.ts.net:5000";
"git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000";
"minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000";
"minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001";
"saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000";
"unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443";
};
extraConfig = ''
(cloudflare-tls) {
tls {
dns cloudflare {env.CF_API_TOKEN}
propagation_timeout -1
}
}
'';
virtualHosts = builtins.listToAttrs (
map (
host:
let
mkProxy = if host ? external && host.external then mkProxyHost else mkLocalProxyHost;
in
{
name = host.externalHostname;
value = mkProxy host.proxyAddress;
}
) cfg.proxyHosts
);
};
systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];