From 7d1d4e74e8d808e0b5d1b4469c8b60884faef758 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Fri, 27 Sep 2024 21:01:47 -0400 Subject: [PATCH] Updated proxy to its current running configuration --- host/proxy/default.nix | 20 +++++++++++++++++-- .../proxy/modules/acme/cloudflare.ini.example | 1 - host/proxy/modules/acme/default.nix | 17 ---------------- host/proxy/modules/caddy/default.nix | 13 +++++++++--- host/proxy/modules/cloudflared/default.nix | 14 +++++++++++++ host/proxy/modules/nginx/default.nix | 18 ----------------- host/proxy/modules/ssh/default.nix | 18 ----------------- 7 files changed, 42 insertions(+), 59 deletions(-) delete mode 100644 host/proxy/modules/acme/cloudflare.ini.example delete mode 100644 host/proxy/modules/acme/default.nix create mode 100644 host/proxy/modules/cloudflared/default.nix delete mode 100644 host/proxy/modules/nginx/default.nix delete mode 100644 host/proxy/modules/ssh/default.nix diff --git a/host/proxy/default.nix b/host/proxy/default.nix index 4d198e1..4993ebf 100644 --- a/host/proxy/default.nix +++ b/host/proxy/default.nix @@ -14,12 +14,17 @@ # caddy ./modules/caddy + ./modules/cloudflared ]; ## NETWORKING ## networking.firewall = { - allowedTCPPorts = [ 22 80 443 ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = [ 22 80 443 14333 ]; + allowedUDPPorts = [ 53 ]; + interfaces.podman1 = { + # so that containers find eachother's names + allowedUDPPorts = [ 53 ]; + }; }; ## ENVIORMENT & PACKAGES ## @@ -30,8 +35,19 @@ ranger sshfs ]; + + environment.etc = { + "cloudflared/.keep" = { + text = "This directory is used to store cloudflared configuration files."; + }; + }; environment.variables = { HOSTNAME = hostName; }; + + ## PROGRAMS & SERVICES ## + # Enable podman + virtualisation.podman.enable = true; + virtualisation.oci-containers.backend = "podman"; } diff --git a/host/proxy/modules/acme/cloudflare.ini.example b/host/proxy/modules/acme/cloudflare.ini.example deleted file mode 100644 index 3bb6b44..0000000 --- a/host/proxy/modules/acme/cloudflare.ini.example +++ /dev/null @@ -1 +0,0 @@ -CF_DNS_API_TOKEN= \ No newline at end of file diff --git a/host/proxy/modules/acme/default.nix b/host/proxy/modules/acme/default.nix deleted file mode 100644 index 1782ce6..0000000 --- a/host/proxy/modules/acme/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: { - - # letsencrypt - security.acme = { - acceptTerms = true; - defaults = { - email = "chris@toph.cc"; - dnsProvider = "cloudflare"; - environmentFile = ./cloudflare.ini; - }; - certs = { - "ryot.foo" = { - extraDomainNames = ["*.ryot.foo"]; - }; - }; - }; -} \ No newline at end of file diff --git a/host/proxy/modules/caddy/default.nix b/host/proxy/modules/caddy/default.nix index 6b9adcf..f398518 100644 --- a/host/proxy/modules/caddy/default.nix +++ b/host/proxy/modules/caddy/default.nix @@ -12,7 +12,7 @@ "adguard.ryot.foo" = { useACMEHost = "ryot.foo"; extraConfig = '' - reverse_proxy opnsense:81 + reverse_proxy 104.40.4.1:81 ''; }; @@ -30,7 +30,7 @@ "cloudflared.ryot.foo" = { useACMEHost = "ryot.foo"; extraConfig = '' - reverse_proxy http://104.40.4.44:14333 + reverse_proxy http://104.40.4.8:14333 ''; }; @@ -84,6 +84,13 @@ reverse_proxy http://104.40.4.44:81 ''; }; + + "opn.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy 104.40.4.1 + ''; + }; "pve.ryot.foo" = { useACMEHost = "ryot.foo"; @@ -104,4 +111,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/host/proxy/modules/cloudflared/default.nix b/host/proxy/modules/cloudflared/default.nix new file mode 100644 index 0000000..d07f1ad --- /dev/null +++ b/host/proxy/modules/cloudflared/default.nix @@ -0,0 +1,14 @@ +{ config, ... }: +{ + config.virtualisation.oci-containers.containers.cloudflared = { + image = "docker.io/wisdomsky/cloudflared-web:latest"; + autoStart = true; + extraOptions = [ + "--network=host" + ]; + hostname = "cloudflared"; + volumes = [ + "/etc/cloudflared:/config" + ]; + }; +} \ No newline at end of file diff --git a/host/proxy/modules/nginx/default.nix b/host/proxy/modules/nginx/default.nix deleted file mode 100644 index 13db7f9..0000000 --- a/host/proxy/modules/nginx/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - - # INFO: migth need at some point so keeping it here - - # Nginx - services.nginx = { - enable = true; - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # Add a virtual host - virtualHosts."ryot.com" = {}; - - }; -} \ No newline at end of file diff --git a/host/proxy/modules/ssh/default.nix b/host/proxy/modules/ssh/default.nix deleted file mode 100644 index f959784..0000000 --- a/host/proxy/modules/ssh/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - programs.ssh.startAgent = true; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - ]; - - services.openssh = { - enable = true; - settings = { - AllowUsers = null; # everyone - GatewayPorts = "yes"; # allow remote port forwarding with AutoSSH - KbdInteractiveAuthentication = false; - PasswordAuthentication = false; - PermitRootLogin = "yes"; - }; - }; -} \ No newline at end of file