Updated proxy to its current running configuration

host/proxy/default.nix

@@ -14,12 +14,17 @@
 
       # caddy
       ./modules/caddy
+      ./modules/cloudflared
     ];
 
   ## NETWORKING ##
   networking.firewall = {
-    allowedTCPPorts = [ 22 80 443 ];
-    allowedUDPPorts = [ ];
+    allowedTCPPorts = [ 22 80 443 14333 ];
+    allowedUDPPorts = [ 53 ];
+    interfaces.podman1 = {
+      # so that containers find eachother's names
+      allowedUDPPorts = [ 53 ]; 
+    };
   };
 
   ## ENVIORMENT & PACKAGES ##
@@ -30,8 +35,19 @@
     ranger
     sshfs
   ];
+  
+  environment.etc = {
+    "cloudflared/.keep" = {
+      text = "This directory is used to store cloudflared configuration files.";
+    };
+  };
 
   environment.variables = {
     HOSTNAME = hostName;
   };
+
+  ## PROGRAMS & SERVICES ##
+  # Enable podman
+  virtualisation.podman.enable = true;
+  virtualisation.oci-containers.backend = "podman";
 }

host/proxy/modules/acme/cloudflare.ini.example

@@ -1 +0,0 @@
-CF_DNS_API_TOKEN=

host/proxy/modules/acme/default.nix

@@ -1,17 +0,0 @@
-{ config, lib, pkgs, ... }: {
-    
-    # letsencrypt 
-    security.acme = {
-        acceptTerms = true;
-        defaults = {
-            email = "chris@toph.cc";
-            dnsProvider = "cloudflare";
-            environmentFile = ./cloudflare.ini;
-        };
-        certs = {
-            "ryot.foo" = {
-                extraDomainNames = ["*.ryot.foo"];
-            };
-        };
-    };
-}

host/proxy/modules/caddy/default.nix

@@ -12,7 +12,7 @@
             "adguard.ryot.foo" = {
                 useACMEHost = "ryot.foo";
                 extraConfig = ''
-                    reverse_proxy opnsense:81
+                    reverse_proxy 104.40.4.1:81
                 '';
             };
             
@@ -30,7 +30,7 @@
             "cloudflared.ryot.foo" = {
                 useACMEHost = "ryot.foo";
                 extraConfig = ''
-                    reverse_proxy http://104.40.4.44:14333
+                    reverse_proxy http://104.40.4.8:14333
                 '';
             };
 
@@ -84,6 +84,13 @@
                     reverse_proxy http://104.40.4.44:81
                 '';
             };
+            
+            "opn.ryot.foo" = {
+                useACMEHost = "ryot.foo";
+                extraConfig = ''
+                    reverse_proxy 104.40.4.1
+                '';
+            };
 
             "pve.ryot.foo" = {
                 useACMEHost = "ryot.foo";
@@ -104,4 +111,4 @@
             };
         };
     };
-}
+}

host/proxy/modules/cloudflared/default.nix

@@ -0,0 +1,14 @@
+{ config, ... }:
+{
+    config.virtualisation.oci-containers.containers.cloudflared = {
+        image = "docker.io/wisdomsky/cloudflared-web:latest";
+        autoStart = true;
+        extraOptions = [
+            "--network=host"
+        ];
+        hostname = "cloudflared";
+        volumes = [
+            "/etc/cloudflared:/config"
+        ];
+    };
+}

host/proxy/modules/nginx/default.nix

@@ -1,18 +0,0 @@
-{
-
-    # INFO: migth need at some point so keeping it here
-
-    # Nginx
-    services.nginx = {
-        enable = true;
-        # Use recommended settings
-        recommendedGzipSettings = true;
-        recommendedOptimisation = true;
-        recommendedProxySettings = true;
-        recommendedTlsSettings = true;
-
-        # Add a virtual host
-        virtualHosts."ryot.com" = {};
-
-    };
-}

host/proxy/modules/ssh/default.nix

@@ -1,18 +0,0 @@
-{
-    programs.ssh.startAgent = true;
-
-    users.users.root.openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
-    ];
-
-    services.openssh = {
-        enable = true;
-        settings = {
-            AllowUsers = null; # everyone
-            GatewayPorts = "yes"; # allow remote port forwarding with AutoSSH
-            KbdInteractiveAuthentication = false;
-            PasswordAuthentication = false;
-            PermitRootLogin = "yes";
-        };
-    };
-}