rico0: move world accessible vhosts here

2024-10-28 23:52:16 +05:30 · 2024-10-28 23:52:16 +05:30 · 06d36bb45a
commit 06d36bb45a
parent f0cf26941d
16 changed files with 112 additions and 224 deletions
--- a/hosts/layne/services/apps/jellyfin.nix
+++ b/hosts/layne/services/apps/jellyfin.nix
@ -1,7 +1,6 @@
 _:
 let
  inherit (import ../../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge;
-  domainName = "watch.acomputer.lol";
 in
 {
  services = {
@ -21,30 +20,8 @@ in
            reverse_proxy 127.0.0.1:8096
          '';
        };
-        "${domainName}" = {
-          inherit logFormat;
-          extraConfig = ''
-            reverse_proxy 127.0.0.1:8096
-          '';
-        };
      };
    };
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ domainName ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ domainName ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
    jellyfin = {
      enable = true;
      user = "mediaserver";
--- a/hosts/rico0/services/apps/acomputer.lol.nix
+++ b/hosts/rico0/services/apps/acomputer.lol.nix
@ -17,26 +17,9 @@ in
        handle /.well-known/matrix/client {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
-          #respond `{"m.homeserver": {"base_url": "https://matrix.${domainName}:443"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.${domainName}"}}`
          respond `{"m.homeserver": {"base_url": "https://matrix.${domainName}:443"}}`
        }
      '';
    };
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
  };
 }
--- a/hosts/rico0/services/apps/adtya.xyz.nix
+++ b/hosts/rico0/services/apps/adtya.xyz.nix
@ -17,21 +17,5 @@ in
        }
      '';
    };
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" "www.${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" "www.${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
  };
 }
--- a/hosts/rico0/services/apps/default.nix
+++ b/hosts/rico0/services/apps/default.nix
@ -1,8 +1,14 @@
 _: {
  imports = [
+    ./acomputer.lol.nix
    ./adtya.xyz.nix
+    ./dendrite.nix
+    ./forgejo.nix
+    ./jellyfin.nix
+    ./ntfy.nix
    ./proofs.nix
    ./wiki.nix
+    ./dendrite.nix
    ../../../shared/prometheus-exporters.nix
    ../../../shared/promtail.nix
  ];
--- a/hosts/rico0/services/apps/dendrite.nix
+++ b/hosts/rico0/services/apps/dendrite.nix
@ -0,0 +1,15 @@
+_:
+let
+  inherit (import ../../../shared/caddy-helpers.nix) logFormat;
+  domainName = "matrix.acomputer.lol";
+in
+{
+  services = {
+    caddy.virtualHosts."${domainName}" = {
+      inherit logFormat;
+      extraConfig = ''
+        reverse_proxy 10.10.10.13:8008
+      '';
+    };
+  };
+}
--- a/hosts/rico0/services/apps/forgejo.nix
+++ b/hosts/rico0/services/apps/forgejo.nix
@ -0,0 +1,15 @@
+_:
+let
+  inherit (import ../../../shared/caddy-helpers.nix) logFormat;
+  domainName = "forge.acomputer.lol";
+in
+{
+  services = {
+    caddy.virtualHosts."${domainName}" = {
+      inherit logFormat;
+      extraConfig = ''
+        reverse_proxy 10.10.10.13:3000
+      '';
+    };
+  };
+}
--- a/hosts/rico0/services/apps/jellyfin.nix
+++ b/hosts/rico0/services/apps/jellyfin.nix
@ -0,0 +1,17 @@
+_:
+let
+  inherit (import ../../../shared/caddy-helpers.nix) logFormat;
+  domainName = "watch.acomputer.lol";
+in
+{
+  services = {
+    caddy.virtualHosts = {
+      "${domainName}" = {
+        inherit logFormat;
+        extraConfig = ''
+          reverse_proxy 10.10.10.14:8096
+        '';
+      };
+    };
+  };
+}
--- a/hosts/rico0/services/apps/ntfy.nix
+++ b/hosts/rico0/services/apps/ntfy.nix
@ -0,0 +1,18 @@
+_:
+let
+  inherit (import ../../../shared/caddy-helpers.nix) logFormat;
+  domainName = "ntfy.acomputer.lol";
+in
+{
+  services = {
+    caddy.virtualHosts = {
+
+      "${domainName}" = {
+        inherit logFormat;
+        extraConfig = ''
+          reverse_proxy 10.10.10.13:8080
+        '';
+      };
+    };
+  };
+}
--- a/hosts/rico0/services/apps/proofs.nix
+++ b/hosts/rico0/services/apps/proofs.nix
@ -13,22 +13,5 @@ in
        '';
      };
    };
-
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
  };
 }
--- a/hosts/rico0/services/apps/wiki.nix
+++ b/hosts/rico0/services/apps/wiki.nix
@ -16,21 +16,5 @@ in
        }
      '';
    };
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
  };
 }
--- a/hosts/rico0/services/default.nix
+++ b/hosts/rico0/services/default.nix
@ -1,53 +1,10 @@
 _:
-let
-  inherit (import ../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge;
-in
 {
  imports = [
    ./apps
    ./btrfs.nix
    ./ssh.nix
    ../../shared/caddy.nix
-    ../../shared/frp.nix
  ];

-  services.caddy = {
-    virtualHosts = {
-      "gateway.labs.adtya.xyz" = {
-        inherit logFormat;
-        extraConfig = ''
-          ${tlsAcmeDnsChallenge}
-          reverse_proxy 192.168.0.1:80
-        '';
-      };
-      "ap1.labs.adtya.xyz" = {
-        inherit logFormat;
-        extraConfig = ''
-          ${tlsAcmeDnsChallenge}
-          reverse_proxy 192.168.1.1:80
-        '';
-      };
-      "ap2.labs.adtya.xyz" = {
-        inherit logFormat;
-        extraConfig = ''
-          ${tlsAcmeDnsChallenge}
-          reverse_proxy 192.168.1.2:80
-        '';
-      };
-      "switch.labs.adtya.xyz" = {
-        inherit logFormat;
-        extraConfig = ''
-          ${tlsAcmeDnsChallenge}
-          reverse_proxy 192.168.1.3:80
-        '';
-      };
-      "frp.labs.adtya.xyz" = {
-        inherit logFormat;
-        extraConfig = ''
-          ${tlsAcmeDnsChallenge}
-          reverse_proxy 10.10.10.1:7500
-        '';
-      };
-    };
-  };
 }
--- a/hosts/rico1/services/apps/default.nix
+++ b/hosts/rico1/services/apps/default.nix
@ -1,4 +1,8 @@
-_: {
+_:
+let
+  inherit (import ../../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge;
+in
+{
  imports = [
    ./alertmanager.nix
    ./blocky.nix
@ -8,4 +12,36 @@ _: {
    ../../../shared/prometheus-exporters.nix
    ../../../shared/promtail.nix
  ];
+  services.caddy = {
+    virtualHosts = {
+      "gateway.labs.adtya.xyz" = {
+        inherit logFormat;
+        extraConfig = ''
+          ${tlsAcmeDnsChallenge}
+          reverse_proxy 192.168.0.1:80
+        '';
+      };
+      "ap1.labs.adtya.xyz" = {
+        inherit logFormat;
+        extraConfig = ''
+          ${tlsAcmeDnsChallenge}
+          reverse_proxy 192.168.1.1:80
+        '';
+      };
+      "ap2.labs.adtya.xyz" = {
+        inherit logFormat;
+        extraConfig = ''
+          ${tlsAcmeDnsChallenge}
+          reverse_proxy 192.168.1.2:80
+        '';
+      };
+      "switch.labs.adtya.xyz" = {
+        inherit logFormat;
+        extraConfig = ''
+          ${tlsAcmeDnsChallenge}
+          reverse_proxy 192.168.1.3:80
+        '';
+      };
+    };
+  };
 }
--- a/hosts/wynne/services/apps/default.nix
+++ b/hosts/wynne/services/apps/default.nix
@ -1,7 +1,6 @@
 _: {
  imports = [
    ./dendrite
-    ./acomputer.lol.nix
    ./forgejo.nix
    ./ntfy.nix
    ./postgresql.nix
--- a/hosts/wynne/services/apps/dendrite/default.nix
+++ b/hosts/wynne/services/apps/dendrite/default.nix
@ -1,8 +1,4 @@
 { config, pkgs, ... }:
-let
-  inherit (import ../../../../shared/caddy-helpers.nix) logFormat;
-  domainName = "matrix.acomputer.lol";
-in
 {
  sops = {
    secrets = {
@ -13,43 +9,6 @@ in
      };
    };
  };
-  services = {
-    caddy.virtualHosts."${domainName}" = {
-      inherit logFormat;
-      extraConfig = ''
-        reverse_proxy /client/* 127.0.0.1:8009
-        # reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync 127.0.0.1:8009
-        reverse_proxy /_matrix/* 127.0.0.1:8008
-        reverse_proxy /_dendrite/* 127.0.0.1:8008
-        reverse_proxy /_synapse/* 127.0.0.1:8008
-      '';
-    };
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
-    #matrix-sliding-sync = {
-    #enable = true;
-    #settings = {
-    #  SYNCV3_SERVER = "https://${domainName}";
-    #  SYNCV3_BINDADDR = "127.0.0.1:8009";
-    #  SYNCV3_DB = "postgresql://dendrite@localhost/dendrite?sslmode=disable";
-    #};
-    #environmentFile = config.sops.secrets."matrix/syncv3_secret".path;
-    #};
-  };
  systemd.services.dendrite =
    let
      dendrite_package = pkgs.dendrite;
@ -69,7 +28,7 @@ in
        RuntimeDirectoryMode = "0700";
        LimitNOFILE = 65535;
        ExecStart = ''
-          ${dendrite_package}/bin/dendrite -http-bind-address 127.0.0.1:8008 -config ${./config.yaml}
+          ${dendrite_package}/bin/dendrite -http-bind-address 10.10.10.13:8008 -config ${./config.yaml}
        '';
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        Restart = "on-failure";
--- a/hosts/wynne/services/apps/forgejo.nix
+++ b/hosts/wynne/services/apps/forgejo.nix
@ -1,33 +1,10 @@
 { config, lib, ... }:
 let
-  inherit (import ../../../shared/caddy-helpers.nix) logFormat;
-  domainName = "forge.acomputer.lol";
  cfg = config.services.forgejo;
+  domainName = "forge.acomputer.lol";
 in
 {
  services = {
-    caddy.virtualHosts."${domainName}" = {
-      inherit logFormat;
-      extraConfig = ''
-        reverse_proxy ${cfg.settings.server.HTTP_ADDR}:${toString cfg.settings.server.HTTP_PORT}
-      '';
-    };
-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
    forgejo = {
      enable = true;
      stateDir = "/mnt/data/Forgejo";
@ -42,7 +19,7 @@ in
          ROOT_URL = "https://${domainName}";
          PROTOCOL = "http";
          SSH_PORT = 42069;
-          HTTP_ADDR = "127.0.0.1";
+          HTTP_ADDR = "10.10.10.13";
          HTTP_PORT = 3000;
          DOMAIN = domainName;
        };
--- a/hosts/wynne/services/apps/ntfy.nix
+++ b/hosts/wynne/services/apps/ntfy.nix
@ -6,12 +6,6 @@ in
 {
  services = {
    caddy.virtualHosts = {
-      "${domainName}" = {
-        inherit logFormat;
-        extraConfig = ''
-          reverse_proxy ${config.services.ntfy-sh.settings.listen-http}
-        '';
-      };
      "${config.networking.hostName}.labs.adtya.xyz" = {
        inherit logFormat;
        extraConfig = ''
@ -24,27 +18,11 @@ in
      };
    };

-    frp.settings.proxies = [
-      {
-        name = "http.${domainName}";
-        type = "http";
-        customDomains = [ "${domainName}" ];
-        localPort = 80;
-        transport.useCompression = true;
-      }
-      {
-        name = "https.${domainName}";
-        type = "https";
-        customDomains = [ "${domainName}" ];
-        localPort = 443;
-        transport.useCompression = true;
-      }
-    ];
    ntfy-sh = {
      enable = true;
      settings = {
        base-url = "https://${domainName}";
-        listen-http = "127.0.0.1:8080";
+        listen-http = "10.10.10.13:8080";
        metrics-listen-http = "127.0.0.1:8081";
        auth-file = "/mnt/data/ntfy-sh/user.db";
        attachment-cache-dir = "/mnt/data/ntfy-sh/attachments";