toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DNS changed in OPNsense, proxy changes

Browse source 
- proxy no longer handles all the redirecting
- caddy modules in service lxcs
This commit is contained in:
Chris Toph 2025-01-22 17:28:07 -05:00
parent 395fa58624
commit ed2507c9f1
7 changed files with 147 additions and 173 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
host/cloud/default.nix
View file

@ -16,10 +16,8 @@
./modules/cron
# Logrotate
./modules/logrotate
# Nextcloud
./modules/nextcloud
# Nginx
./modules/nginx
# Caddy
./modules/caddy
# Snapraid-runner
./modules/snapraid
];

19
host/cloud/modules/caddy/default.nix Normal file
View file

@ -0,0 +1,19 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://localhost:8181 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
};
};
}

27
host/cloud/modules/nginx/default.nix
View file

@ -1,27 +0,0 @@
{
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"cloud.ryot.foo" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
};
};
};
}

8
host/komodo/default.nix
View file

@ -9,7 +9,7 @@
## MODULES & IMPORTS ##
imports = [
# Common Modules
# ../../common/acme
../../common/acme
../../common/lxc
../../common/ssh
# ../../common/vscode-server
@ -18,7 +18,7 @@
./hardware.nix
# Local Modules
# ./modules/caddy
./modules/caddy
./modules/frp
./modules/forgejo
./modules/komodo
@ -30,10 +30,10 @@
[REDACTED]
[REDACTED]
[REDACTED]
222 # GitTea SSH
# 222 # Forgejo SSH
[REDACTED]
[REDACTED]
[REDACTED]
3003 # GitTea
[REDACTED]
[REDACTED]
8080 # File Browser

77
host/komodo/modules/caddy/default.nix
View file

@ -1,9 +1,7 @@
{
# FIXME: This works IN server but not connecting via ssh to caenus
services.caddy = {
enable = true;
virtualHosts = {
# "ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
@ -11,10 +9,79 @@
# '';
# };
"map.goldenlemon.cc" = {
useACMEHost = "goldenlemon.cc";
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:25566
reverse_proxy localhost:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:4041
'';
};
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:25566
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
};

14
host/komodo/modules/forgejo/default.nix
View file

@ -30,10 +30,11 @@
server = {
# Configuration for reverse proxy
ROOT_URL = "https://git.ryot.foo/";
HTTP_ADDR = "0.0.0.0";
DOMAIN = "git.ryot.foo";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3003;
DOMAIN = "localhost";
ROOT_URL = "https://git.ryot.foo/";
# SSH_PORT = 222;
};
repository = {
@ -43,13 +44,12 @@
ui = {
DEFAULT_THEME = "forgejo-dark";
SHOW_USER_EMAIL = false;
};
"ui.meta" = {
meta = {
AUTHOR = "Ryot";
DESCRIPTION = "Ryot Gitea instance";
KEYWORDS = "";
};
};
security = {
INSTALL_LOCK = true;
@ -63,7 +63,7 @@
DISABLE_GRAVATAR = true;
};
"cron.sync_external_users".ENABLED = false;
cron.sync_external_users.ENABLED = false;
log.LEVEL = "Info";
# Private server

153
host/proxy/modules/caddy/default.nix
View file

@ -2,133 +2,50 @@
services.caddy = {
enable = true;
virtualHosts = {
"ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.44:80
'';
};
"adguard.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.1:81
'';
};
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
# "ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 104.40.4.44:80
# '';
# };
"cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.8:14333
reverse_proxy localhost:14333
'';
};
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.24:8181 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
# "drive.ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy http://104.40.4.24:8181 {
# header_up Host {host}
# header_up X-Forwarded-For {remote}
# header_up X-Forwarded-Proto {scheme}
# header_up X-Forwarded-Protocol {scheme}
# header_up X-Forwarded-Port {server_port}
# }
# '';
# };
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:4041
'';
};
# "opn.ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 104.40.4.1
# '';
# };
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:25566
'';
};
"opn.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.1
'';
};
"pve.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 10.163.22.82:8006 {
transport http {
tls_insecure_skip_verify
}
}
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8090
'';
};
# "pve.ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 10.163.22.82:8006 {
# transport http {
# tls_insecure_skip_verify
# }
# }
# '';
# };
};
};
}