Replace Caddy with Newt service config

- Remove Caddy config files for multiple hosts - Add Newt service configuration to cloud, komo, and sock
2025-06-14 01:18:26 -04:00 · 2025-06-14 01:18:26 -04:00 · f62a612758
commit f62a612758
parent 39f0026f52
8 changed files with 22 additions and 161 deletions
--- a/hosts/x86/cloud/config/caddy.nix
+++ b/hosts/x86/cloud/config/caddy.nix
@ -1,20 +0,0 @@
 {
  services.caddy = {
    enable = true;
    virtualHosts = {
      ## Filerun ##
      "drive.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy http://localhost:8181 {
            header_up Host {host}
            # header_up X-Forwarded-For {remote}
            # header_up X-Forwarded-Proto {scheme}
            # header_up X-Forwarded-Protocol {scheme}
            # header_up X-Forwarded-Port {server_port}
          }
        '';
      };
    };
  };
 }
--- a/hosts/x86/cloud/config/newt.nix
+++ b/hosts/x86/cloud/config/newt.nix
@ -0,0 +1,7 @@
 {
  services.newt = {
    enable = true;
    id = "v0d4o5oras85zq8";
    secret = "zyqht58kymdv4iij6t4no4ldnr7djg7wbfec95olnsg8jzf2";
  };
 }
--- a/hosts/x86/cloud/default.nix
+++ b/hosts/x86/cloud/default.nix
@ -31,7 +31,6 @@ in
      "hosts/global/core"
      ## Optional Configs ##
      "hosts/global/common/acme"
      "hosts/global/common/docker.nix"
    ])
  ];
--- a/hosts/x86/komo/config/caddy.nix
+++ b/hosts/x86/komo/config/caddy.nix
@ -1,119 +0,0 @@
 {
  services.caddy = {
    enable = true;
    virtualHosts = {
      ## TOPH.CC ##
      "blog.toph.cc" = {
        useACMEHost = "toph.cc";
        extraConfig = ''
          reverse_proxy localhost:2368
        '';
      };
      ## RYOT.FOO ##
      "auth.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:9000 {
            header_up Host {host}
            header_up X-Forwarded-For {remote}
            header_up X-Forwarded-Proto {scheme}
            header_up X-Forwarded-Protocol {scheme}
            header_up X-Forwarded-Port {server_port}
          }
        '';
      };
      "frp.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          route {
            # 1) Proxy all outpost requests back to Authentik
            reverse_proxy /outpost.goauthentik.io/* localhost:9000
            # 2) Protect everything else via forward_auth
            forward_auth localhost:9000 {
              uri     /outpost.goauthentik.io/auth/caddy
              # copy user info headers from Authentik
              copy_headers  X-Authentik-Username X-Authentik-Groups \
                            X-Authentik-Entitlements X-Authentik-Email \
                            X-Authentik-Name X-Authentik-Uid \
                            X-Authentik-Jwt X-Authentik-Meta-Jwks \
                            X-Authentik-Meta-Outpost X-Authentik-Meta-Provider \
                            X-Authentik-Meta-App X-Authentik-Meta-Version
              trusted_proxies private_ranges
            }
            # 3) If authenticated, proxy to your FRP UI
            reverse_proxy localhost:4041 {
              header_up Host             {host}
              header_up X-Real-IP         {remote}
              header_up X-Forwarded-For   {remote}
              header_up X-Forwarded-Proto {scheme}
              header_up X-Forwarded-Port  {server_port}
            }
          }
        '';
      };
      "grafana.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3001
        '';
      };
      "git.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3003
        '';
      };
      "influx.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:8086
        '';
      };
      "home.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:7475
        '';
      };
      "komodo.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:9120
        '';
      };
      "map.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:25566
        '';
      };
      "outline.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3480 
        '';
      };
      "plane.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:3000 
        '';
      };
    };
  };
 }
--- a/hosts/x86/komo/config/newt.nix
+++ b/hosts/x86/komo/config/newt.nix
@ -0,0 +1,8 @@
 {
  services.newt = {
    enable = true;
    id = "7o2m62kaxpoi5pb";
    secret = "t97xvz0itdkga6jr8x88oddxijzs73yslpsunlvyqu9xiyys";
    useHostNetwork = true;
  };
 }
--- a/hosts/x86/sock/config/caddy.nix
+++ b/hosts/x86/sock/config/caddy.nix
@ -1,20 +0,0 @@
 {
  services.caddy = {
    enable = true;
    virtualHosts = {
      "upsnap.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:8090
        '';
      };
      "sock.ryot.foo" = {
        useACMEHost = "ryot.foo";
        extraConfig = ''
          reverse_proxy localhost:9120
        '';
      };
    };
  };
 }
--- a/hosts/x86/sock/config/newt.nix
+++ b/hosts/x86/sock/config/newt.nix
@ -0,0 +1,7 @@
 {
  services.newt = {
    enable = true;
    id = "3p15lzqz0ep9f46";
    secret = "8uz056bzh22vuemtsxda31ibiu7jkqmyn1b7bifbqk38nlm4";
  };
 }
--- a/hosts/x86/sock/default.nix
+++ b/hosts/x86/sock/default.nix
@ -31,7 +31,6 @@ in
      "hosts/global/core"
      ## Optional Configs ##
      "hosts/global/common/acme"
      "hosts/global/common/docker.nix"
    ])
  ];