From ed2507c9f1b674552f7b38e78b61e2aaa4899415 Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Wed, 22 Jan 2025 17:28:07 -0500 Subject: [PATCH] DNS changed in OPNsense, proxy changes - proxy no longer handles all the redirecting - caddy modules in service lxcs --- host/cloud/default.nix | 8 +- host/cloud/modules/caddy/default.nix | 19 +++ host/cloud/modules/nginx/default.nix | 27 ----- host/komodo/default.nix | 8 +- host/komodo/modules/caddy/default.nix | 85 +++++++++++-- host/komodo/modules/forgejo/default.nix | 20 ++-- host/proxy/modules/caddy/default.nix | 153 ++++++------------------ 7 files changed, 147 insertions(+), 173 deletions(-) create mode 100644 host/cloud/modules/caddy/default.nix delete mode 100644 host/cloud/modules/nginx/default.nix diff --git a/host/cloud/default.nix b/host/cloud/default.nix index 1d898ce..8a2ea04 100644 --- a/host/cloud/default.nix +++ b/host/cloud/default.nix @@ -15,11 +15,9 @@ # cron ./modules/cron # Logrotate - ./modules/logrotate - # Nextcloud - ./modules/nextcloud - # Nginx - ./modules/nginx + ./modules/logrotate + # Caddy + ./modules/caddy # Snapraid-runner ./modules/snapraid ]; diff --git a/host/cloud/modules/caddy/default.nix b/host/cloud/modules/caddy/default.nix new file mode 100644 index 0000000..5f6e1f3 --- /dev/null +++ b/host/cloud/modules/caddy/default.nix @@ -0,0 +1,19 @@ +{ + services.caddy = { + enable = true; + virtualHosts = { + "drive.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://localhost:8181 { + header_up Host {host} + header_up X-Forwarded-For {remote} + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Protocol {scheme} + header_up X-Forwarded-Port {server_port} + } + ''; + }; + }; + }; +} diff --git a/host/cloud/modules/nginx/default.nix b/host/cloud/modules/nginx/default.nix deleted file mode 100644 index bc4966f..0000000 --- a/host/cloud/modules/nginx/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - # Nginx - services.nginx = { - - enable = true; - - # Use recommended settings - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - # Setup Nextcloud virtual host to listen on ports - virtualHosts = { - - "cloud.ryot.foo" = { - ## Force HTTP redirect to HTTPS - forceSSL = true; - ## LetsEncrypt - enableACME = true; - }; - }; - }; -} \ No newline at end of file diff --git a/host/komodo/default.nix b/host/komodo/default.nix index 6b1f663..8ea2a36 100644 --- a/host/komodo/default.nix +++ b/host/komodo/default.nix @@ -9,7 +9,7 @@ ## MODULES & IMPORTS ## imports = [ # Common Modules - # ../../common/acme + ../../common/acme ../../common/lxc ../../common/ssh # ../../common/vscode-server @@ -18,7 +18,7 @@ ./hardware.nix # Local Modules - # ./modules/caddy + ./modules/caddy ./modules/frp ./modules/forgejo ./modules/komodo @@ -30,10 +30,10 @@ [REDACTED] [REDACTED] [REDACTED] - 222 # GitTea SSH + # 222 # Forgejo SSH + [REDACTED] [REDACTED] [REDACTED] - 3003 # GitTea [REDACTED] [REDACTED] 8080 # File Browser diff --git a/host/komodo/modules/caddy/default.nix b/host/komodo/modules/caddy/default.nix index 4da652f..9dcdaf0 100644 --- a/host/komodo/modules/caddy/default.nix +++ b/host/komodo/modules/caddy/default.nix @@ -1,20 +1,87 @@ { - # FIXME: This works IN server but not connecting via ssh to caenus services.caddy = { enable = true; virtualHosts = { - # "ryot.foo" = { - # useACMEHost = "ryot.foo"; - # extraConfig = '' - # reverse_proxy 104.40.4.44:80 - # ''; + # useACMEHost = "ryot.foo"; + # extraConfig = '' + # reverse_proxy 104.40.4.44:80 + # ''; # }; - "map.goldenlemon.cc" = { - useACMEHost = "goldenlemon.cc"; + "auth.ryot.foo" = { + useACMEHost = "ryot.foo"; extraConfig = '' - reverse_proxy http://104.40.4.44:25566 + reverse_proxy localhost:9000 { + header_up Host {host} + header_up X-Forwarded-For {remote} + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Protocol {scheme} + header_up X-Forwarded-Port {server_port} + } + ''; + }; + + "frp.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:4041 + ''; + }; + + "grafana.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:3001 + ''; + }; + + "git.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:3003 + ''; + }; + + "influx.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:8086 + ''; + }; + + "home.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:7475 + ''; + }; + + "komodo.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:9120 + ''; + }; + + "mail.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:9002 + ''; + }; + + "map.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:25566 + ''; + }; + + "upsnap.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy localhost:8090 ''; }; }; diff --git a/host/komodo/modules/forgejo/default.nix b/host/komodo/modules/forgejo/default.nix index 56fe839..8f21671 100644 --- a/host/komodo/modules/forgejo/default.nix +++ b/host/komodo/modules/forgejo/default.nix @@ -30,10 +30,11 @@ server = { # Configuration for reverse proxy - ROOT_URL = "https://git.ryot.foo/"; - HTTP_ADDR = "0.0.0.0"; + DOMAIN = "git.ryot.foo"; + HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3003; - DOMAIN = "localhost"; + ROOT_URL = "https://git.ryot.foo/"; + # SSH_PORT = 222; }; repository = { @@ -43,12 +44,11 @@ ui = { DEFAULT_THEME = "forgejo-dark"; SHOW_USER_EMAIL = false; - }; - - "ui.meta" = { - AUTHOR = "Ryot"; - DESCRIPTION = "Ryot Gitea instance"; - KEYWORDS = ""; + meta = { + AUTHOR = "Ryot"; + DESCRIPTION = "Ryot Gitea instance"; + KEYWORDS = ""; + }; }; security = { @@ -63,7 +63,7 @@ DISABLE_GRAVATAR = true; }; - "cron.sync_external_users".ENABLED = false; + cron.sync_external_users.ENABLED = false; log.LEVEL = "Info"; # Private server diff --git a/host/proxy/modules/caddy/default.nix b/host/proxy/modules/caddy/default.nix index 3d73550..f5ad1af 100644 --- a/host/proxy/modules/caddy/default.nix +++ b/host/proxy/modules/caddy/default.nix @@ -2,133 +2,50 @@ services.caddy = { enable = true; virtualHosts = { - "ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy 104.40.4.44:80 - ''; - }; - - "adguard.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy 104.40.4.1:81 - ''; - }; - - "auth.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:9000 { - header_up Host {host} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Protocol {scheme} - header_up X-Forwarded-Port {server_port} - } - ''; - }; + # "ryot.foo" = { + # useACMEHost = "ryot.foo"; + # extraConfig = '' + # reverse_proxy 104.40.4.44:80 + # ''; + # }; "cloudflared.ryot.foo" = { useACMEHost = "ryot.foo"; extraConfig = '' - reverse_proxy http://104.40.4.8:14333 + reverse_proxy localhost:14333 ''; }; - "drive.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.24:8181 { - header_up Host {host} - header_up X-Forwarded-For {remote} - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Protocol {scheme} - header_up X-Forwarded-Port {server_port} - } - ''; - }; + # "drive.ryot.foo" = { + # useACMEHost = "ryot.foo"; + # extraConfig = '' + # reverse_proxy http://104.40.4.24:8181 { + # header_up Host {host} + # header_up X-Forwarded-For {remote} + # header_up X-Forwarded-Proto {scheme} + # header_up X-Forwarded-Protocol {scheme} + # header_up X-Forwarded-Port {server_port} + # } + # ''; + # }; - "frp.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:4041 - ''; - }; + # "opn.ryot.foo" = { + # useACMEHost = "ryot.foo"; + # extraConfig = '' + # reverse_proxy 104.40.4.1 + # ''; + # }; - "grafana.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:3001 - ''; - }; - - "git.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:3003 - ''; - }; - - "influx.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:8086 - ''; - }; - - "home.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:7475 - ''; - }; - - "komodo.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:9120 - ''; - }; - - "mail.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:9002 - ''; - }; - - "map.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:25566 - ''; - }; - - "opn.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy 104.40.4.1 - ''; - }; - - "pve.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy 10.163.22.82:8006 { - transport http { - tls_insecure_skip_verify - } - } - ''; - }; - - "upsnap.ryot.foo" = { - useACMEHost = "ryot.foo"; - extraConfig = '' - reverse_proxy http://104.40.4.44:8090 - ''; - }; + # "pve.ryot.foo" = { + # useACMEHost = "ryot.foo"; + # extraConfig = '' + # reverse_proxy 10.163.22.82:8006 { + # transport http { + # tls_insecure_skip_verify + # } + # } + # ''; + # }; }; }; }