From 06d36bb45a85c0d23dd99ff6fc1aa24184901df8 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Mon, 28 Oct 2024 23:52:16 +0530 Subject: [PATCH] rico0: move world accessible vhosts here --- hosts/layne/services/apps/jellyfin.nix | 23 ---------- .../services/apps/acomputer.lol.nix | 17 -------- hosts/rico0/services/apps/adtya.xyz.nix | 16 ------- hosts/rico0/services/apps/default.nix | 6 +++ hosts/rico0/services/apps/dendrite.nix | 15 +++++++ hosts/rico0/services/apps/forgejo.nix | 15 +++++++ hosts/rico0/services/apps/jellyfin.nix | 17 ++++++++ hosts/rico0/services/apps/ntfy.nix | 18 ++++++++ hosts/rico0/services/apps/proofs.nix | 17 -------- hosts/rico0/services/apps/wiki.nix | 16 ------- hosts/rico0/services/default.nix | 43 ------------------- hosts/rico1/services/apps/default.nix | 38 +++++++++++++++- hosts/wynne/services/apps/default.nix | 1 - .../wynne/services/apps/dendrite/default.nix | 43 +------------------ hosts/wynne/services/apps/forgejo.nix | 27 +----------- hosts/wynne/services/apps/ntfy.nix | 24 +---------- 16 files changed, 112 insertions(+), 224 deletions(-) rename hosts/{wynne => rico0}/services/apps/acomputer.lol.nix (54%) create mode 100644 hosts/rico0/services/apps/dendrite.nix create mode 100644 hosts/rico0/services/apps/forgejo.nix create mode 100644 hosts/rico0/services/apps/jellyfin.nix create mode 100644 hosts/rico0/services/apps/ntfy.nix diff --git a/hosts/layne/services/apps/jellyfin.nix b/hosts/layne/services/apps/jellyfin.nix index 0cdebcb..cce2e83 100644 --- a/hosts/layne/services/apps/jellyfin.nix +++ b/hosts/layne/services/apps/jellyfin.nix @@ -1,7 +1,6 @@ _: let inherit (import ../../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge; - domainName = "watch.acomputer.lol"; in { services = { @@ -21,30 +20,8 @@ in reverse_proxy 127.0.0.1:8096 ''; }; - "${domainName}" = { - inherit logFormat; - extraConfig = '' - reverse_proxy 127.0.0.1:8096 - ''; - }; }; }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ domainName ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ domainName ]; - localPort = 443; - transport.useCompression = true; - } - ]; jellyfin = { enable = true; user = "mediaserver"; diff --git a/hosts/wynne/services/apps/acomputer.lol.nix b/hosts/rico0/services/apps/acomputer.lol.nix similarity index 54% rename from hosts/wynne/services/apps/acomputer.lol.nix rename to hosts/rico0/services/apps/acomputer.lol.nix index 3e79afa..263c08e 100644 --- a/hosts/wynne/services/apps/acomputer.lol.nix +++ b/hosts/rico0/services/apps/acomputer.lol.nix @@ -17,26 +17,9 @@ in handle /.well-known/matrix/client { header Content-Type application/json header Access-Control-Allow-Origin * - #respond `{"m.homeserver": {"base_url": "https://matrix.${domainName}:443"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.${domainName}"}}` respond `{"m.homeserver": {"base_url": "https://matrix.${domainName}:443"}}` } ''; }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; }; } diff --git a/hosts/rico0/services/apps/adtya.xyz.nix b/hosts/rico0/services/apps/adtya.xyz.nix index 0b2883d..29bb097 100644 --- a/hosts/rico0/services/apps/adtya.xyz.nix +++ b/hosts/rico0/services/apps/adtya.xyz.nix @@ -17,21 +17,5 @@ in } ''; }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" "www.${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" "www.${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; }; } diff --git a/hosts/rico0/services/apps/default.nix b/hosts/rico0/services/apps/default.nix index fcab3d5..61ca3ac 100644 --- a/hosts/rico0/services/apps/default.nix +++ b/hosts/rico0/services/apps/default.nix @@ -1,8 +1,14 @@ _: { imports = [ + ./acomputer.lol.nix ./adtya.xyz.nix + ./dendrite.nix + ./forgejo.nix + ./jellyfin.nix + ./ntfy.nix ./proofs.nix ./wiki.nix + ./dendrite.nix ../../../shared/prometheus-exporters.nix ../../../shared/promtail.nix ]; diff --git a/hosts/rico0/services/apps/dendrite.nix b/hosts/rico0/services/apps/dendrite.nix new file mode 100644 index 0000000..62f1ab5 --- /dev/null +++ b/hosts/rico0/services/apps/dendrite.nix @@ -0,0 +1,15 @@ +_: +let + inherit (import ../../../shared/caddy-helpers.nix) logFormat; + domainName = "matrix.acomputer.lol"; +in +{ + services = { + caddy.virtualHosts."${domainName}" = { + inherit logFormat; + extraConfig = '' + reverse_proxy 10.10.10.13:8008 + ''; + }; + }; +} diff --git a/hosts/rico0/services/apps/forgejo.nix b/hosts/rico0/services/apps/forgejo.nix new file mode 100644 index 0000000..d3c96ca --- /dev/null +++ b/hosts/rico0/services/apps/forgejo.nix @@ -0,0 +1,15 @@ +_: +let + inherit (import ../../../shared/caddy-helpers.nix) logFormat; + domainName = "forge.acomputer.lol"; +in +{ + services = { + caddy.virtualHosts."${domainName}" = { + inherit logFormat; + extraConfig = '' + reverse_proxy 10.10.10.13:3000 + ''; + }; + }; +} diff --git a/hosts/rico0/services/apps/jellyfin.nix b/hosts/rico0/services/apps/jellyfin.nix new file mode 100644 index 0000000..eb1b227 --- /dev/null +++ b/hosts/rico0/services/apps/jellyfin.nix @@ -0,0 +1,17 @@ +_: +let + inherit (import ../../../shared/caddy-helpers.nix) logFormat; + domainName = "watch.acomputer.lol"; +in +{ + services = { + caddy.virtualHosts = { + "${domainName}" = { + inherit logFormat; + extraConfig = '' + reverse_proxy 10.10.10.14:8096 + ''; + }; + }; + }; +} diff --git a/hosts/rico0/services/apps/ntfy.nix b/hosts/rico0/services/apps/ntfy.nix new file mode 100644 index 0000000..9974655 --- /dev/null +++ b/hosts/rico0/services/apps/ntfy.nix @@ -0,0 +1,18 @@ +_: +let + inherit (import ../../../shared/caddy-helpers.nix) logFormat; + domainName = "ntfy.acomputer.lol"; +in +{ + services = { + caddy.virtualHosts = { + + "${domainName}" = { + inherit logFormat; + extraConfig = '' + reverse_proxy 10.10.10.13:8080 + ''; + }; + }; + }; +} diff --git a/hosts/rico0/services/apps/proofs.nix b/hosts/rico0/services/apps/proofs.nix index 783d717..f6dbdfd 100644 --- a/hosts/rico0/services/apps/proofs.nix +++ b/hosts/rico0/services/apps/proofs.nix @@ -13,22 +13,5 @@ in ''; }; }; - - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; }; } diff --git a/hosts/rico0/services/apps/wiki.nix b/hosts/rico0/services/apps/wiki.nix index 403755d..e45fa7d 100644 --- a/hosts/rico0/services/apps/wiki.nix +++ b/hosts/rico0/services/apps/wiki.nix @@ -16,21 +16,5 @@ in } ''; }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; }; } diff --git a/hosts/rico0/services/default.nix b/hosts/rico0/services/default.nix index 1710c90..89497bc 100644 --- a/hosts/rico0/services/default.nix +++ b/hosts/rico0/services/default.nix @@ -1,53 +1,10 @@ _: -let - inherit (import ../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge; -in { imports = [ ./apps ./btrfs.nix ./ssh.nix ../../shared/caddy.nix - ../../shared/frp.nix ]; - services.caddy = { - virtualHosts = { - "gateway.labs.adtya.xyz" = { - inherit logFormat; - extraConfig = '' - ${tlsAcmeDnsChallenge} - reverse_proxy 192.168.0.1:80 - ''; - }; - "ap1.labs.adtya.xyz" = { - inherit logFormat; - extraConfig = '' - ${tlsAcmeDnsChallenge} - reverse_proxy 192.168.1.1:80 - ''; - }; - "ap2.labs.adtya.xyz" = { - inherit logFormat; - extraConfig = '' - ${tlsAcmeDnsChallenge} - reverse_proxy 192.168.1.2:80 - ''; - }; - "switch.labs.adtya.xyz" = { - inherit logFormat; - extraConfig = '' - ${tlsAcmeDnsChallenge} - reverse_proxy 192.168.1.3:80 - ''; - }; - "frp.labs.adtya.xyz" = { - inherit logFormat; - extraConfig = '' - ${tlsAcmeDnsChallenge} - reverse_proxy 10.10.10.1:7500 - ''; - }; - }; - }; } diff --git a/hosts/rico1/services/apps/default.nix b/hosts/rico1/services/apps/default.nix index 20210ce..3602537 100644 --- a/hosts/rico1/services/apps/default.nix +++ b/hosts/rico1/services/apps/default.nix @@ -1,4 +1,8 @@ -_: { +_: +let + inherit (import ../../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge; +in +{ imports = [ ./alertmanager.nix ./blocky.nix @@ -8,4 +12,36 @@ _: { ../../../shared/prometheus-exporters.nix ../../../shared/promtail.nix ]; + services.caddy = { + virtualHosts = { + "gateway.labs.adtya.xyz" = { + inherit logFormat; + extraConfig = '' + ${tlsAcmeDnsChallenge} + reverse_proxy 192.168.0.1:80 + ''; + }; + "ap1.labs.adtya.xyz" = { + inherit logFormat; + extraConfig = '' + ${tlsAcmeDnsChallenge} + reverse_proxy 192.168.1.1:80 + ''; + }; + "ap2.labs.adtya.xyz" = { + inherit logFormat; + extraConfig = '' + ${tlsAcmeDnsChallenge} + reverse_proxy 192.168.1.2:80 + ''; + }; + "switch.labs.adtya.xyz" = { + inherit logFormat; + extraConfig = '' + ${tlsAcmeDnsChallenge} + reverse_proxy 192.168.1.3:80 + ''; + }; + }; + }; } diff --git a/hosts/wynne/services/apps/default.nix b/hosts/wynne/services/apps/default.nix index c8f4324..841a502 100644 --- a/hosts/wynne/services/apps/default.nix +++ b/hosts/wynne/services/apps/default.nix @@ -1,7 +1,6 @@ _: { imports = [ ./dendrite - ./acomputer.lol.nix ./forgejo.nix ./ntfy.nix ./postgresql.nix diff --git a/hosts/wynne/services/apps/dendrite/default.nix b/hosts/wynne/services/apps/dendrite/default.nix index acdcb5c..32e700b 100644 --- a/hosts/wynne/services/apps/dendrite/default.nix +++ b/hosts/wynne/services/apps/dendrite/default.nix @@ -1,8 +1,4 @@ { config, pkgs, ... }: -let - inherit (import ../../../../shared/caddy-helpers.nix) logFormat; - domainName = "matrix.acomputer.lol"; -in { sops = { secrets = { @@ -13,43 +9,6 @@ in }; }; }; - services = { - caddy.virtualHosts."${domainName}" = { - inherit logFormat; - extraConfig = '' - reverse_proxy /client/* 127.0.0.1:8009 - # reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync 127.0.0.1:8009 - reverse_proxy /_matrix/* 127.0.0.1:8008 - reverse_proxy /_dendrite/* 127.0.0.1:8008 - reverse_proxy /_synapse/* 127.0.0.1:8008 - ''; - }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; - #matrix-sliding-sync = { - #enable = true; - #settings = { - # SYNCV3_SERVER = "https://${domainName}"; - # SYNCV3_BINDADDR = "127.0.0.1:8009"; - # SYNCV3_DB = "postgresql://dendrite@localhost/dendrite?sslmode=disable"; - #}; - #environmentFile = config.sops.secrets."matrix/syncv3_secret".path; - #}; - }; systemd.services.dendrite = let dendrite_package = pkgs.dendrite; @@ -69,7 +28,7 @@ in RuntimeDirectoryMode = "0700"; LimitNOFILE = 65535; ExecStart = '' - ${dendrite_package}/bin/dendrite -http-bind-address 127.0.0.1:8008 -config ${./config.yaml} + ${dendrite_package}/bin/dendrite -http-bind-address 10.10.10.13:8008 -config ${./config.yaml} ''; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "on-failure"; diff --git a/hosts/wynne/services/apps/forgejo.nix b/hosts/wynne/services/apps/forgejo.nix index cb9e25d..8fea96c 100644 --- a/hosts/wynne/services/apps/forgejo.nix +++ b/hosts/wynne/services/apps/forgejo.nix @@ -1,33 +1,10 @@ { config, lib, ... }: let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; - domainName = "forge.acomputer.lol"; cfg = config.services.forgejo; + domainName = "forge.acomputer.lol"; in { services = { - caddy.virtualHosts."${domainName}" = { - inherit logFormat; - extraConfig = '' - reverse_proxy ${cfg.settings.server.HTTP_ADDR}:${toString cfg.settings.server.HTTP_PORT} - ''; - }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; forgejo = { enable = true; stateDir = "/mnt/data/Forgejo"; @@ -42,7 +19,7 @@ in ROOT_URL = "https://${domainName}"; PROTOCOL = "http"; SSH_PORT = 42069; - HTTP_ADDR = "127.0.0.1"; + HTTP_ADDR = "10.10.10.13"; HTTP_PORT = 3000; DOMAIN = domainName; }; diff --git a/hosts/wynne/services/apps/ntfy.nix b/hosts/wynne/services/apps/ntfy.nix index dc6e937..c9bbc35 100644 --- a/hosts/wynne/services/apps/ntfy.nix +++ b/hosts/wynne/services/apps/ntfy.nix @@ -6,12 +6,6 @@ in { services = { caddy.virtualHosts = { - "${domainName}" = { - inherit logFormat; - extraConfig = '' - reverse_proxy ${config.services.ntfy-sh.settings.listen-http} - ''; - }; "${config.networking.hostName}.labs.adtya.xyz" = { inherit logFormat; extraConfig = '' @@ -24,27 +18,11 @@ in }; }; - frp.settings.proxies = [ - { - name = "http.${domainName}"; - type = "http"; - customDomains = [ "${domainName}" ]; - localPort = 80; - transport.useCompression = true; - } - { - name = "https.${domainName}"; - type = "https"; - customDomains = [ "${domainName}" ]; - localPort = 443; - transport.useCompression = true; - } - ]; ntfy-sh = { enable = true; settings = { base-url = "https://${domainName}"; - listen-http = "127.0.0.1:8080"; + listen-http = "10.10.10.13:8080"; metrics-listen-http = "127.0.0.1:8081"; auth-file = "/mnt/data/ntfy-sh/user.db"; attachment-cache-dir = "/mnt/data/ntfy-sh/attachments";