From 23fc9cdfe62190a4d07efde1fcf330386c17e513 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Fri, 28 Mar 2025 14:31:33 -0400 Subject: [PATCH] Add Proxy host and new configurations needed or related --- hosts/common/optional/caddy/cloud.nix | 16 +++ hosts/common/optional/caddy/defaut.nix | 10 ++ hosts/common/optional/caddy/komodo.nix | 100 ++++++++++++++++++ hosts/common/optional/caddy/proxy.nix | 10 ++ .../optional/containers/cloudflared.nix | 15 +++ hosts/common/optional/docker.nix | 10 ++ hosts/common/optional/lxc.nix | 21 ---- hosts/common/optional/system/lxc.nix | 21 ++++ hosts/common/optional/system/pool.nix | 35 ++++++ hosts/nixos/proxy/default.nix | 72 +++++++++++++ hosts/nixos/proxy/hardware.nix | 12 +++ hosts/nixos/vm/hardware.nix | 5 +- 12 files changed, 302 insertions(+), 25 deletions(-) create mode 100644 hosts/common/optional/caddy/cloud.nix create mode 100644 hosts/common/optional/caddy/defaut.nix create mode 100644 hosts/common/optional/caddy/komodo.nix create mode 100644 hosts/common/optional/caddy/proxy.nix create mode 100644 hosts/common/optional/containers/cloudflared.nix create mode 100644 hosts/common/optional/docker.nix delete mode 100644 hosts/common/optional/lxc.nix create mode 100644 hosts/common/optional/system/lxc.nix create mode 100644 hosts/common/optional/system/pool.nix create mode 100644 hosts/nixos/proxy/default.nix create mode 100644 hosts/nixos/proxy/hardware.nix diff --git a/hosts/common/optional/caddy/cloud.nix b/hosts/common/optional/caddy/cloud.nix new file mode 100644 index 0000000..810c7a3 --- /dev/null +++ b/hosts/common/optional/caddy/cloud.nix @@ -0,0 +1,16 @@ +{ + services.caddy.virtualHosts = { + "drive.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://localhost:8181 { + header_up Host {host} + # header_up X-Forwarded-For {remote} + # header_up X-Forwarded-Proto {scheme} + # header_up X-Forwarded-Protocol {scheme} + # header_up X-Forwarded-Port {server_port} + } + ''; + }; + }; +} diff --git a/hosts/common/optional/caddy/defaut.nix b/hosts/common/optional/caddy/defaut.nix new file mode 100644 index 0000000..3cb38b3 --- /dev/null +++ b/hosts/common/optional/caddy/defaut.nix @@ -0,0 +1,10 @@ +{ config, ... }: +{ + imports = [ + "./${config.hostSpec.hostName}.nix" + ]; + + services.caddy = { + enable = true; + }; +} diff --git a/hosts/common/optional/caddy/komodo.nix b/hosts/common/optional/caddy/komodo.nix new file mode 100644 index 0000000..4430016 --- /dev/null +++ b/hosts/common/optional/caddy/komodo.nix @@ -0,0 +1,100 @@ +{ + services.caddy.virtualHosts = { + # "ryot.foo" = { + # useACMEHost = "ryot.foo"; + # extraConfig = '' + # reverse_proxy 104.40.3.44:80 + # ''; + # }; + + "auth.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:9000 { + header_up Host {host} + header_up X-Forwarded-For {remote} + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Protocol {scheme} + header_up X-Forwarded-Port {server_port} + } + ''; + }; + + "frp.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:4041 + ''; + }; + + "grafana.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:3001 + ''; + }; + + "git.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:3003 + ''; + }; + + "influx.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:8086 + ''; + }; + + "home.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:7475 + ''; + }; + + "komodo.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:9120 + ''; + }; + + "mail.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:9002 + ''; + }; + + "map.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:25566 + ''; + }; + + "outline.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:3480 + ''; + }; + + "plane.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:3000 + ''; + }; + + "upsnap.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:8090 + ''; + }; + }; +} diff --git a/hosts/common/optional/caddy/proxy.nix b/hosts/common/optional/caddy/proxy.nix new file mode 100644 index 0000000..5cf77b4 --- /dev/null +++ b/hosts/common/optional/caddy/proxy.nix @@ -0,0 +1,10 @@ +{ + services.caddy.virtualHosts = { + "cloudflared.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:14333 + ''; + }; + }; +} diff --git a/hosts/common/optional/containers/cloudflared.nix b/hosts/common/optional/containers/cloudflared.nix new file mode 100644 index 0000000..428fcca --- /dev/null +++ b/hosts/common/optional/containers/cloudflared.nix @@ -0,0 +1,15 @@ +{ config, ... }: +{ + config.virtualisation.oci-containers.containers.cloudflared = { + image = "docker.io/wisdomsky/cloudflared-web:latest"; + autoStart = true; + extraOptions = [ + "--network=host" + "--pull=always" + ]; + hostname = "cloudflared"; + volumes = [ + "/etc/cloudflared:/config" + ]; + }; +} diff --git a/hosts/common/optional/docker.nix b/hosts/common/optional/docker.nix new file mode 100644 index 0000000..33cf96f --- /dev/null +++ b/hosts/common/optional/docker.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + virtualisation = { + docker = { + enable = true; + autoPrune.enable = true; + }; + oci-containers.backend = "docker"; + }; +} diff --git a/hosts/common/optional/lxc.nix b/hosts/common/optional/lxc.nix deleted file mode 100644 index 002211f..0000000 --- a/hosts/common/optional/lxc.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ - # Include the default lxc/lxd configuration. - "${modulesPath}/virtualisation/lxc-container.nix" - ]; - - # Treats the system as a container. - boot.isContainer = true; - - # Set your system kind (needed for flakes) - nixpkgs.hostPlatform = "x86_64-linux"; - - # Supress systemd units that don't work because of LXC. - # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak - systemd.suppressedSystemUnits = [ - "dev-mqueue.mount" - "sys-kernel-debug.mount" - "sys-fs-fuse-connections.mount" - ]; -} \ No newline at end of file diff --git a/hosts/common/optional/system/lxc.nix b/hosts/common/optional/system/lxc.nix new file mode 100644 index 0000000..4c88692 --- /dev/null +++ b/hosts/common/optional/system/lxc.nix @@ -0,0 +1,21 @@ +{ modulesPath, ... }: +{ + imports = [ + # Include the default lxc/lxd configuration. + "${modulesPath}/virtualisation/lxc-container.nix" + ]; + + # Treats the system as a container. + boot.isContainer = true; + + # Set your system kind (needed for flakes) + nixpkgs.hostPlatform = "x86_64-linux"; + + # Supress systemd units that don't work because of LXC. + # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak + systemd.suppressedSystemUnits = [ + "dev-mqueue.mount" + "sys-kernel-debug.mount" + "sys-fs-fuse-connections.mount" + ]; +} diff --git a/hosts/common/optional/system/pool.nix b/hosts/common/optional/system/pool.nix new file mode 100644 index 0000000..a9840a6 --- /dev/null +++ b/hosts/common/optional/system/pool.nix @@ -0,0 +1,35 @@ +{ config, ... }: +{ + # For less permission issues with SSHFS + programs.fuse.userAllowOther = true; + + # Create the directories if they do not exist + systemd.tmpfiles.rules = [ + "d /pool 2775 ${config.hostSpec.username} ryot -" + "d /home/${config.hostSpec.username}/git 2775 ${config.hostSpec.username} ryot -" + ]; + + # File system configuration + fileSystems = { + "/pool" = { + device = "${config.hostSpec.username}@cloud:/pool"; + fsType = "sshfs"; + options = [ + "defaults" + "reconnect" + "_netdev" + "allow_other" + "identityfile=/home/${config.hostSpec.username}/.ssh/pve" + ]; + }; + + "/home/${config.hostSpec.username}/git" = { + fsType = "none"; + device = "/pool/git"; + options = [ + "bind" + "nofail" + ]; + }; + }; +} diff --git a/hosts/nixos/proxy/default.nix b/hosts/nixos/proxy/default.nix new file mode 100644 index 0000000..4157504 --- /dev/null +++ b/hosts/nixos/proxy/default.nix @@ -0,0 +1,72 @@ +############################################################### +# +# Prozy - LXC Container +# NixOS container, Ryzen 5 5600G (3 Cores), 2GB/2GB RAM/SWAP +# +############################################################### + +{ + inputs, + lib, + config, + pkgs, + ... +}: +let + username = "toph"; +in +{ + imports = lib.flatten [ + ## Hardware ## + ./hardware.nix + + (map lib.custom.relativeToRoot [ + ## Required Configs ## + "hosts/common/core" + + ## Optional Configs ## + "hosts/common/optional/docker.nix" + "hosts/common/optional/containers/cloudflared.nix" + + ## Proxy Specific ## + "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ + ]) + ]; + + ## Host Specifications ## + hostSpec = { + hostName = "proxy"; + username = username; + handle = "tophC7"; + password = "[REDACTED]"; + [REDACTED]; + email = "[REDACTED]"; + userFullName = "[REDACTED]"; + isARM = false; + }; + + networking = { + enableIPv6 = false; + # Container Ports + [REDACTED] + 80 # Caddy + 443 # Caddy + [REDACTED] + ]; + }; + + ## System-wide packages ## + programs.nix-ld.enable = true; + environment.systemPackages = with pkgs; [ + lazydocker + ]; + + environment.etc = { + "cloudflared/.keep" = { + text = "This directory is used to store cloudflared configuration files."; + }; + }; + + # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/hosts/nixos/proxy/hardware.nix b/hosts/nixos/proxy/hardware.nix new file mode 100644 index 0000000..f0e401e --- /dev/null +++ b/hosts/nixos/proxy/hardware.nix @@ -0,0 +1,12 @@ +{ + lib, + ... +}: +{ + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "hosts/common/optional/system/lxc.nix" + "hosts/common/optional/system/pool.nix" + ]) + ]; +} diff --git a/hosts/nixos/vm/hardware.nix b/hosts/nixos/vm/hardware.nix index d7c04b2..d4c905b 100644 --- a/hosts/nixos/vm/hardware.nix +++ b/hosts/nixos/vm/hardware.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, @@ -53,7 +50,7 @@ in }; "/pool" = { - device = "${username}@104.40.4.24:/pool"; + device = "${username}@cloud:/pool"; fsType = "sshfs"; options = [ "defaults"