toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DNS changed in OPNsense, proxy changes

Browse source 
- proxy no longer handles all the redirecting
- caddy modules in service lxcs
This commit is contained in:
Chris Toph 2025-01-22 17:28:07 -05:00
parent 395fa58624
commit ed2507c9f1
7 changed files with 147 additions and 173 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
host/cloud/default.nix
View file

@ -15,11 +15,9 @@
# cron # cron
./modules/cron ./modules/cron
# Logrotate # Logrotate
./modules/logrotate ./modules/logrotate
# Nextcloud # Caddy
./modules/nextcloud ./modules/caddy
# Nginx
./modules/nginx
# Snapraid-runner # Snapraid-runner
./modules/snapraid ./modules/snapraid
]; ];

19
host/cloud/modules/caddy/default.nix Normal file
View file

@ -0,0 +1,19 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://localhost:8181 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
};
};
}

27
host/cloud/modules/nginx/default.nix
View file

@ -1,27 +0,0 @@
{
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"cloud.ryot.foo" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
};
};
};
}

8
host/komodo/default.nix
View file

@ -9,7 +9,7 @@
## MODULES & IMPORTS ## ## MODULES & IMPORTS ##
imports = [ imports = [
# Common Modules # Common Modules
# ../../common/acme ../../common/acme
../../common/lxc ../../common/lxc
../../common/ssh ../../common/ssh
# ../../common/vscode-server # ../../common/vscode-server
@ -18,7 +18,7 @@
./hardware.nix ./hardware.nix
# Local Modules # Local Modules
# ./modules/caddy ./modules/caddy
./modules/frp ./modules/frp
./modules/forgejo ./modules/forgejo
./modules/komodo ./modules/komodo
@ -30,10 +30,10 @@
[REDACTED] [REDACTED]
[REDACTED] [REDACTED]
[REDACTED] [REDACTED]
222 # GitTea SSH # 222 # Forgejo SSH
[REDACTED]
[REDACTED] [REDACTED]
[REDACTED] [REDACTED]
3003 # GitTea
[REDACTED] [REDACTED]
[REDACTED] [REDACTED]
8080 # File Browser 8080 # File Browser

85
host/komodo/modules/caddy/default.nix
View file

@ -1,20 +1,87 @@
{ {
# FIXME: This works IN server but not connecting via ssh to caenus
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
# "ryot.foo" = { # "ryot.foo" = {
# useACMEHost = "ryot.foo"; # useACMEHost = "ryot.foo";
# extraConfig = '' # extraConfig = ''
# reverse_proxy 104.40.4.44:80 # reverse_proxy 104.40.4.44:80
# ''; # '';
# }; # };
"map.goldenlemon.cc" = { "auth.ryot.foo" = {
useACMEHost = "goldenlemon.cc"; useACMEHost = "ryot.foo";
extraConfig = '' extraConfig = ''
reverse_proxy http://104.40.4.44:25566 reverse_proxy localhost:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:4041
'';
};
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:25566
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
''; '';
}; };
}; };

20
host/komodo/modules/forgejo/default.nix
View file

@ -30,10 +30,11 @@
server = { server = {
# Configuration for reverse proxy # Configuration for reverse proxy
ROOT_URL = "https://git.ryot.foo/"; DOMAIN = "git.ryot.foo";
HTTP_ADDR = "0.0.0.0"; HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3003; HTTP_PORT = 3003;
DOMAIN = "localhost"; ROOT_URL = "https://git.ryot.foo/";
# SSH_PORT = 222;
}; };
repository = { repository = {
@ -43,12 +44,11 @@
ui = { ui = {
DEFAULT_THEME = "forgejo-dark"; DEFAULT_THEME = "forgejo-dark";
SHOW_USER_EMAIL = false; SHOW_USER_EMAIL = false;
}; meta = {
AUTHOR = "Ryot";
"ui.meta" = { DESCRIPTION = "Ryot Gitea instance";
AUTHOR = "Ryot"; KEYWORDS = "";
DESCRIPTION = "Ryot Gitea instance"; };
KEYWORDS = "";
}; };
security = { security = {
@ -63,7 +63,7 @@
DISABLE_GRAVATAR = true; DISABLE_GRAVATAR = true;
}; };
"cron.sync_external_users".ENABLED = false; cron.sync_external_users.ENABLED = false;
log.LEVEL = "Info"; log.LEVEL = "Info";
# Private server # Private server

153
host/proxy/modules/caddy/default.nix
View file

@ -2,133 +2,50 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"ryot.foo" = { # "ryot.foo" = {
useACMEHost = "ryot.foo"; # useACMEHost = "ryot.foo";
extraConfig = '' # extraConfig = ''
reverse_proxy 104.40.4.44:80 # reverse_proxy 104.40.4.44:80
''; # '';
}; # };
"adguard.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.1:81
'';
};
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"cloudflared.ryot.foo" = { "cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo"; useACMEHost = "ryot.foo";
extraConfig = '' extraConfig = ''
reverse_proxy http://104.40.4.8:14333 reverse_proxy localhost:14333
''; '';
}; };
"drive.ryot.foo" = { # "drive.ryot.foo" = {
useACMEHost = "ryot.foo"; # useACMEHost = "ryot.foo";
extraConfig = '' # extraConfig = ''
reverse_proxy http://104.40.4.24:8181 { # reverse_proxy http://104.40.4.24:8181 {
header_up Host {host} # header_up Host {host}
header_up X-Forwarded-For {remote} # header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme} # header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme} # header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port} # header_up X-Forwarded-Port {server_port}
} # }
''; # '';
}; # };
"frp.ryot.foo" = { # "opn.ryot.foo" = {
useACMEHost = "ryot.foo"; # useACMEHost = "ryot.foo";
extraConfig = '' # extraConfig = ''
reverse_proxy http://104.40.4.44:4041 # reverse_proxy 104.40.4.1
''; # '';
}; # };
"grafana.ryot.foo" = { # "pve.ryot.foo" = {
useACMEHost = "ryot.foo"; # useACMEHost = "ryot.foo";
extraConfig = '' # extraConfig = ''
reverse_proxy http://104.40.4.44:3001 # reverse_proxy 10.163.22.82:8006 {
''; # transport http {
}; # tls_insecure_skip_verify
# }
"git.ryot.foo" = { # }
useACMEHost = "ryot.foo"; # '';
extraConfig = '' # };
reverse_proxy http://104.40.4.44:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:25566
'';
};
"opn.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.1
'';
};
"pve.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 10.163.22.82:8006 {
transport http {
tls_insecure_skip_verify
}
}
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8090
'';
};
}; };
}; };
} }