toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Proxy host and new configurations needed or related

Browse source
This commit is contained in:
Chris Toph 2025-03-28 14:31:33 -04:00
parent f3977a6572
commit 23fc9cdfe6
12 changed files with 302 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
hosts/common/optional/caddy/cloud.nix Normal file
View file

@ -0,0 +1,16 @@
{
services.caddy.virtualHosts = {
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://localhost:8181 {
header_up Host {host}
# header_up X-Forwarded-For {remote}
# header_up X-Forwarded-Proto {scheme}
# header_up X-Forwarded-Protocol {scheme}
# header_up X-Forwarded-Port {server_port}
}
'';
};
};
}

10
hosts/common/optional/caddy/defaut.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, ... }:
{
imports = [
"./${config.hostSpec.hostName}.nix"
];
services.caddy = {
enable = true;
};
}

100
hosts/common/optional/caddy/komodo.nix Normal file
View file

@ -0,0 +1,100 @@
{
services.caddy.virtualHosts = {
# "ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 104.40.3.44:80
# '';
# };
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:4041
'';
};
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:25566
'';
};
"outline.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3480
'';
};
"plane.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3000
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
};
}

10
hosts/common/optional/caddy/proxy.nix Normal file
View file

@ -0,0 +1,10 @@
{
services.caddy.virtualHosts = {
"cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:14333
'';
};
};
}

15
hosts/common/optional/containers/cloudflared.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, ... }:
{
config.virtualisation.oci-containers.containers.cloudflared = {
image = "docker.io/wisdomsky/cloudflared-web:latest";
autoStart = true;
extraOptions = [
"--network=host"
"--pull=always"
];
hostname = "cloudflared";
volumes = [
"/etc/cloudflared:/config"
];
};
}

10
hosts/common/optional/docker.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
virtualisation = {
docker = {
enable = true;
autoPrune.enable = true;
};
oci-containers.backend = "docker";
};
}

21
hosts/common/optional/lxc.nix
View file

@ -1,21 +0,0 @@
{ modulesPath, ... }:
{
imports = [
# Include the default lxc/lxd configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
];
# Treats the system as a container.
boot.isContainer = true;
# Set your system kind (needed for flakes)
nixpkgs.hostPlatform = "x86_64-linux";
# Supress systemd units that don't work because of LXC.
# https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
}

21
hosts/common/optional/system/lxc.nix Normal file
View file

@ -0,0 +1,21 @@
{ modulesPath, ... }:
{
imports = [
# Include the default lxc/lxd configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
];
# Treats the system as a container.
boot.isContainer = true;
# Set your system kind (needed for flakes)
nixpkgs.hostPlatform = "x86_64-linux";
# Supress systemd units that don't work because of LXC.
# https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
}

35
hosts/common/optional/system/pool.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, ... }:
{
# For less permission issues with SSHFS
programs.fuse.userAllowOther = true;
# Create the directories if they do not exist
systemd.tmpfiles.rules = [
"d /pool 2775 ${config.hostSpec.username} ryot -"
"d /home/${config.hostSpec.username}/git 2775 ${config.hostSpec.username} ryot -"
];
# File system configuration
fileSystems = {
"/pool" = {
device = "${config.hostSpec.username}@cloud:/pool";
fsType = "sshfs";
options = [
"defaults"
"reconnect"
"_netdev"
"allow_other"
"identityfile=/home/${config.hostSpec.username}/.ssh/pve"
];
};
"/home/${config.hostSpec.username}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
}

72
hosts/nixos/proxy/default.nix Normal file
View file

@ -0,0 +1,72 @@
###############################################################
#
# Prozy - LXC Container
# NixOS container, Ryzen 5 5600G (3 Cores), 2GB/2GB RAM/SWAP
#
###############################################################
{
inputs,
lib,
config,
pkgs,
...
}:
let
username = "toph";
in
{
imports = lib.flatten [
## Hardware ##
./hardware.nix
(map lib.custom.relativeToRoot [
## Required Configs ##
"hosts/common/core"
## Optional Configs ##
"hosts/common/optional/docker.nix"
"hosts/common/optional/containers/cloudflared.nix"
## Proxy Specific ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];
## Host Specifications ##
hostSpec = {
hostName = "proxy";
username = username;
handle = "tophC7";
password = "[REDACTED]";
[REDACTED];
email = "[REDACTED]";
userFullName = "[REDACTED]";
isARM = false;
};
networking = {
enableIPv6 = false;
# Container Ports
[REDACTED]
80 # Caddy
443 # Caddy
[REDACTED]
];
};
## System-wide packages ##
programs.nix-ld.enable = true;
environment.systemPackages = with pkgs; [
lazydocker
];
environment.etc = {
"cloudflared/.keep" = {
text = "This directory is used to store cloudflared configuration files.";
};
};
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

12
hosts/nixos/proxy/hardware.nix Normal file
View file

@ -0,0 +1,12 @@
{
lib,
...
}:
{
imports = lib.flatten [
(map lib.custom.relativeToRoot [
"hosts/common/optional/system/lxc.nix"
"hosts/common/optional/system/pool.nix"
])
];
}

5
hosts/nixos/vm/hardware.nix
View file

@ -1,6 +1,3 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
@ -53,7 +50,7 @@ in
}; };
"/pool" = { "/pool" = {
device = "${username}@104.40.4.24:/pool"; device = "${username}@cloud:/pool";
fsType = "sshfs"; fsType = "sshfs";
options = [ options = [
"defaults" "defaults"