Compare commits

...

5 commits

Author SHA1 Message Date
10252c50e7
heimdall: Use default method of TLS certificate handling 2024-04-16 21:47:37 +02:00
266be843bf
Use preconfigured caddy with cloudflare plugin 2024-04-16 19:53:46 +02:00
c70439b9b9
flake: Make caddy-with-plugins follow local treefmt-nix 2024-04-16 19:52:48 +02:00
b4dfe3bcb4
heimdall: Add proxy for external access to gitea 2024-04-16 19:52:25 +02:00
a3e902c45e
flake.lock: Update
Flake lock file updates:

• Updated input 'anyrun':
    'github:Kirottu/anyrun/be6728884d543665e7bd137bbef62dc1d04a210b?narHash=sha256-LpjQJYC24S5P5XhJsZX6HqsQT1pohcFzM6N42I6qo/U%3D' (2024-04-03)
  → 'github:Kirottu/anyrun/f9d30e34fa4ccb2797c6becec37e8bcff6585d39?narHash=sha256-WTO84hUL8IlNuHDK2yOCeJ38EewFzGt5E0kzBjNWxa8%3D' (2024-04-16)
• Updated input 'atuin':
    'github:atuinsh/atuin/a0231a70950fbec9dcc3403e37066d891d1fc833?narHash=sha256-TTQ2XLqng7TMLnRsLDb/50yyHYuMSPZJ4H%2B7CEFWQQ0%3D' (2024-04-15)
  → 'github:atuinsh/atuin/19f70cdc918769e0485b0e4aba4069327e96dc3b?narHash=sha256-thdSd8oeztVJ3Ly2SvPCfoP%2BFCoDQCVHSizO0vMGHsI%3D' (2024-04-16)
• Updated input 'caddy-with-plugins':
    'github:eboskma/caddy-with-plugins/c2c66faccc086e077cef927bdf001e7233689228?narHash=sha256-arNUMJvbGtWo%2BIzgB4J0D9%2BsxgpTDBesiQFSXwlSzWE%3D' (2024-01-14)
  → 'github:eboskma/caddy-with-plugins/bb26c2e7fa43be39d4d184c0d443d649cda91897?narHash=sha256-bTVj6mAr%2BNAqwzVhHBBhOszRpWiNYglp93aNIzukiYE%3D' (2024-04-16)
• Added input 'caddy-with-plugins/treefmt-nix':
    'github:numtide/treefmt-nix/49dc4a92b02b8e68798abd99184f228243b6e3ac?narHash=sha256-N3QDhoaX%2BpaWXHbEXZapqd1r95mdshxToGowtjtYkGI%3D' (2024-04-01)
• Added input 'caddy-with-plugins/treefmt-nix/nixpkgs':
    follows 'caddy-with-plugins/nixpkgs'
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/cf218237d0d80f1ec8109677ebc82ded2ca84c43?narHash=sha256-6qPfZsYW3BvyJq%2BBahgygLdFd5bdqrFue8QGat4lSQo%3D' (2024-04-15)
  → 'github:nix-community/emacs-overlay/502906af674eae890790ec48cad959d42dc2f040?narHash=sha256-LpbYsViVHQ19Qyjw4FxlTWcZNSbiagMfPMrUBuDVTBk%3D' (2024-04-16)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/90055d5e616bd943795d38808c94dbf0dd35abe8?narHash=sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib%2B8%3D' (2024-04-13)
  → 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e?narHash=sha256-m7%2BIWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s%3D' (2024-04-15)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/b186d85e747e2b7bee220ec95839fb66c868dc47?narHash=sha256-Ic7zCPfiSYc9nFFp%2BE44WFk3TBJ99J/uPZ4QXX%2BuPPw%3D' (2024-04-15)
  → 'github:oxalica/rust-overlay/847bc25ebab8dc72a86d2b1f0c088740eebbb1b8?narHash=sha256-dPGrCy5ttx6E3bUOmDynY/cAotRqvoIAimZlbv%2BZr1w%3D' (2024-04-16)
2024-04-16 19:46:43 +02:00
7 changed files with 35 additions and 36 deletions

View file

@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1712136515,
"narHash": "sha256-LpjQJYC24S5P5XhJsZX6HqsQT1pohcFzM6N42I6qo/U=",
"lastModified": 1713259062,
"narHash": "sha256-WTO84hUL8IlNuHDK2yOCeJ38EewFzGt5E0kzBjNWxa8=",
"owner": "Kirottu",
"repo": "anyrun",
"rev": "be6728884d543665e7bd137bbef62dc1d04a210b",
"rev": "f9d30e34fa4ccb2797c6becec37e8bcff6585d39",
"type": "github"
},
"original": {
@ -54,11 +54,11 @@
]
},
"locked": {
"lastModified": 1713173848,
"narHash": "sha256-TTQ2XLqng7TMLnRsLDb/50yyHYuMSPZJ4H+7CEFWQQ0=",
"lastModified": 1713279551,
"narHash": "sha256-thdSd8oeztVJ3Ly2SvPCfoP+FCoDQCVHSizO0vMGHsI=",
"owner": "atuinsh",
"repo": "atuin",
"rev": "a0231a70950fbec9dcc3403e37066d891d1fc833",
"rev": "19f70cdc918769e0485b0e4aba4069327e96dc3b",
"type": "github"
},
"original": {
@ -74,14 +74,17 @@
],
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": [
"treefmt-nix"
]
},
"locked": {
"lastModified": 1705250260,
"narHash": "sha256-arNUMJvbGtWo+IzgB4J0D9+sxgpTDBesiQFSXwlSzWE=",
"lastModified": 1713279563,
"narHash": "sha256-bTVj6mAr+NAqwzVhHBBhOszRpWiNYglp93aNIzukiYE=",
"owner": "eboskma",
"repo": "caddy-with-plugins",
"rev": "c2c66faccc086e077cef927bdf001e7233689228",
"rev": "bb26c2e7fa43be39d4d184c0d443d649cda91897",
"type": "github"
},
"original": {
@ -216,11 +219,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1713200735,
"narHash": "sha256-6qPfZsYW3BvyJq+BahgygLdFd5bdqrFue8QGat4lSQo=",
"lastModified": 1713287188,
"narHash": "sha256-LpbYsViVHQ19Qyjw4FxlTWcZNSbiagMfPMrUBuDVTBk=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "cf218237d0d80f1ec8109677ebc82ded2ca84c43",
"rev": "502906af674eae890790ec48cad959d42dc2f040",
"type": "github"
},
"original": {
@ -732,11 +735,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1713013257,
"narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
"lastModified": 1713145326,
"narHash": "sha256-m7+IWM6mkWOg22EC5kRUFCycXsXLSU7hWmHdmBfmC3s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
"rev": "53a2c32bc66f5ae41a28d7a9a49d321172af621e",
"type": "github"
},
"original": {
@ -912,11 +915,11 @@
]
},
"locked": {
"lastModified": 1713150335,
"narHash": "sha256-Ic7zCPfiSYc9nFFp+E44WFk3TBJ99J/uPZ4QXX+uPPw=",
"lastModified": 1713233539,
"narHash": "sha256-dPGrCy5ttx6E3bUOmDynY/cAotRqvoIAimZlbv+Zr1w=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "b186d85e747e2b7bee220ec95839fb66c868dc47",
"rev": "847bc25ebab8dc72a86d2b1f0c088740eebbb1b8",
"type": "github"
},
"original": {

View file

@ -119,6 +119,7 @@
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
treefmt-nix.follows = "treefmt-nix";
};
};

View file

@ -8,11 +8,7 @@
{
services.caddy = {
enable = true;
package = inputs.caddy-with-plugins.lib.caddyWithPackages {
inherit (pkgs) caddy buildGoModule;
plugins = [ "github.com/caddy-dns/cloudflare@2fa0c8ac916ab13ee14c836e59fec9d85857e429" ];
vendorHash = "sha256-9ogaUKtczQ3U/BFdum+tD9kWJ9CH3amR4z2ozE324bY=";
};
package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
email = "erwin@datarift.nl";

View file

@ -137,6 +137,11 @@
}
'';
};
"git.datarift.nl" = {
extraConfig = ''
reverse_proxy gitea.barn-beaver.ts.net:3000
'';
};
};
};
};
@ -157,6 +162,7 @@
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
keycloak-db-password = { };
caddy-env = { };
};
system.stateVersion = "23.05";

View file

@ -1,4 +1,5 @@
keycloak-db-password: ENC[AES256_GCM,data:F7kYKVyra5dKixtxMhhyCKDr50BEK6OhICRCKSmpCe25bB3xXpXW4sZS+9y8LIwBpCDXeQmghOXskRRQvslHKmQpj5AxNXNDLBG4Coj+ilfoh7BUbLtDJTCNum0mHGw3haCUh1rn0PGNW7A6aI+BrlsDuiwhnJ9m2q57ggAo1Gs=,iv:hQpuzx9Q40caXXX+9XuiwqpMSeBJr9DWaQmCyZUw8X8=,tag:s4vFvz41i9wyzkBuCT9k1A==,type:str]
caddy-env: ENC[AES256_GCM,data:VIZiA87DGW336hNnHRTRycTJRkD5DWlL7viCTHk7dT9RO8os5c3M+9fJ4AsLa0iehcUBZsuT,iv:zoU16J+Ov+VBFIl1OEZ3AJOh9OjKYqbJCxy5/VuXGvY=,tag:V6PfO7rSnxo4psLvdD8YRw==,type:str]
sops:
kms: []
gcp_kms: []
@ -32,8 +33,8 @@ sops:
cHJwVnhySC81SEF1OU1mRDhqaHVDMVkKYHqrt7CPVW3x12Ayo4PIZIhLpjaj28tK
ON+NGAOxvZbpB+FYCNVdyFD/geHnkR4yDfBnR9nAlILsptFZuaNVmg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-01T14:11:42Z"
mac: ENC[AES256_GCM,data:Um2wARWNib6/9Ajo2ukXPe3duUgRsKEJqwauVNfKzHlv69TjJcb4lywmWQeyyKaRuPltkj1h9nCQBxR3GRwURG5bbMUCwBetvpWtiD3Gvj4FD2jetLbemiTUACvplajyHIa0lbV5HTtlSLb9hUpvoz33BPHuvMLeUCivHH7w5bo=,iv:iH/0jCAEi2gT4+NtndmVAk9kKuNCU3FsHA1sYEN0xS4=,tag:4zMeq7ESZ08r2kTkI7Wuuw==,type:str]
lastmodified: "2024-04-16T17:45:21Z"
mac: ENC[AES256_GCM,data:IUS8Tn8QxxJNo4J71DLLPaxlSgqQg1nK4FYL9Io4Xc7Nx19WG8s9eUsEbZGiUjLv5GST7twnliQF1f/STWtFAJyZWf3XVkIagQtxo9i6VdlP3dJV+12GNKfj8HnSBCAE5rDmfagwq+VewH+vIX4E1vkpPW3uiQ5g8KKqzPQmKjs=,iv:18fpXmaZ7W+73kHd8Kvk7yBI2Kp79fh4RR4NbACtrcQ=,tag:YeHCoXEwiOM1sRot3rCnbg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1

View file

@ -132,11 +132,7 @@
caddy = {
enable = true;
package = caddy-with-plugins.lib.caddyWithPackages {
inherit (pkgs) caddy buildGoModule;
plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ];
vendorHash = "sha256-UYNFkGK4A7DJSmin4nCo9rUD60gx80e9YZodn7uEcUM=";
};
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
email = "erwin@datarift.nl";

View file

@ -18,11 +18,7 @@
};
caddy-proxy = {
enable = true;
package = caddy-with-plugins.lib.caddyWithPackages {
inherit (pkgs) caddy buildGoModule;
plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ];
vendorHash = "sha256-UYNFkGK4A7DJSmin4nCo9rUD60gx80e9YZodn7uEcUM=";
};
package = caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
proxyHosts = [
{
externalHostname = "home.datarift.nl";