toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated proxy to its current running configuration

Browse source
This commit is contained in:
Chris Toph 2024-09-27 21:01:47 -04:00
parent 5821ca7cde
commit 7d1d4e74e8
7 changed files with 42 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
host/proxy/default.nix
View file

@ -14,12 +14,17 @@
# caddy # caddy
./modules/caddy ./modules/caddy
./modules/cloudflared
]; ];
## NETWORKING ## ## NETWORKING ##
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 22 80 443 14333 ];
allowedUDPPorts = [ ]; allowedUDPPorts = [ 53 ];
interfaces.podman1 = {
# so that containers find eachother's names
allowedUDPPorts = [ 53 ];
};
}; };
## ENVIORMENT & PACKAGES ## ## ENVIORMENT & PACKAGES ##
@ -30,8 +35,19 @@
ranger ranger
sshfs sshfs
]; ];
environment.etc = {
"cloudflared/.keep" = {
text = "This directory is used to store cloudflared configuration files.";
};
};
environment.variables = { environment.variables = {
HOSTNAME = hostName; HOSTNAME = hostName;
}; };
## PROGRAMS & SERVICES ##
# Enable podman
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
} }

1
host/proxy/modules/acme/cloudflare.ini.example
View file

@ -1 +0,0 @@
CF_DNS_API_TOKEN=

17
host/proxy/modules/acme/default.nix
View file

@ -1,17 +0,0 @@
{ config, lib, pkgs, ... }: {
# letsencrypt
security.acme = {
acceptTerms = true;
defaults = {
email = "chris@toph.cc";
dnsProvider = "cloudflare";
environmentFile = ./cloudflare.ini;
};
certs = {
"ryot.foo" = {
extraDomainNames = ["*.ryot.foo"];
};
};
};
}

13
host/proxy/modules/caddy/default.nix
View file

@ -12,7 +12,7 @@
"adguard.ryot.foo" = { "adguard.ryot.foo" = {
useACMEHost = "ryot.foo"; useACMEHost = "ryot.foo";
extraConfig = '' extraConfig = ''
reverse_proxy opnsense:81 reverse_proxy 104.40.4.1:81
''; '';
}; };
@ -30,7 +30,7 @@
"cloudflared.ryot.foo" = { "cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo"; useACMEHost = "ryot.foo";
extraConfig = '' extraConfig = ''
reverse_proxy http://104.40.4.44:14333 reverse_proxy http://104.40.4.8:14333
''; '';
}; };
@ -84,6 +84,13 @@
reverse_proxy http://104.40.4.44:81 reverse_proxy http://104.40.4.44:81
''; '';
}; };
"opn.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.1
'';
};
"pve.ryot.foo" = { "pve.ryot.foo" = {
useACMEHost = "ryot.foo"; useACMEHost = "ryot.foo";
@ -104,4 +111,4 @@
}; };
}; };
}; };
} }

14
host/proxy/modules/cloudflared/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }:
{
config.virtualisation.oci-containers.containers.cloudflared = {
image = "docker.io/wisdomsky/cloudflared-web:latest";
autoStart = true;
extraOptions = [
"--network=host"
];
hostname = "cloudflared";
volumes = [
"/etc/cloudflared:/config"
];
};
}

18
host/proxy/modules/nginx/default.nix
View file

@ -1,18 +0,0 @@
{
# INFO: migth need at some point so keeping it here
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Add a virtual host
virtualHosts."ryot.com" = {};
};
}

18
host/proxy/modules/ssh/default.nix
View file

@ -1,18 +0,0 @@
{
programs.ssh.startAgent = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
services.openssh = {
enable = true;
settings = {
AllowUsers = null; # everyone
GatewayPorts = "yes"; # allow remote port forwarding with AutoSSH
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
}