From ef3d9510ce625dc8323df3aaa33760449f27ae4e Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Sat, 16 Nov 2024 23:08:16 +0530 Subject: [PATCH] bifrost: move public facing reverse proxies to bifrost --- hosts/bifrost/network/wireguard.nix | 1 + .../services/apps/acomputer.lol.nix | 2 -- .../services/apps/adtya.xyz.nix | 2 -- hosts/bifrost/services/apps/default.nix | 11 +++++++++++ .../services/apps/dendrite.nix | 2 -- .../services/apps/forgejo.nix | 2 -- hosts/bifrost/services/apps/ntfy.nix | 13 +++++++++++++ hosts/bifrost/services/apps/proofs.nix | 13 +++++++++++++ .../{rico0 => bifrost}/services/apps/wiki.nix | 2 -- hosts/bifrost/services/default.nix | 4 ++++ hosts/layne/network/wireguard.nix | 2 +- hosts/rico0/network/wireguard.nix | 2 +- hosts/rico0/services/apps/default.nix | 8 -------- hosts/rico0/services/apps/ntfy.nix | 18 ------------------ hosts/rico0/services/apps/proofs.nix | 17 ----------------- hosts/rico1/network/wireguard.nix | 2 +- hosts/rico2/network/wireguard.nix | 2 +- hosts/shared/caddy-helpers.nix | 7 ------- hosts/shared/caddy.nix | 10 ++-------- modules/default.nix | 1 + modules/facts.nix | 12 ++++++++++++ 21 files changed, 61 insertions(+), 72 deletions(-) rename hosts/{rico0 => bifrost}/services/apps/acomputer.lol.nix (86%) rename hosts/{rico0 => bifrost}/services/apps/adtya.xyz.nix (81%) create mode 100644 hosts/bifrost/services/apps/default.nix rename hosts/{rico0 => bifrost}/services/apps/dendrite.nix (68%) rename hosts/{rico0 => bifrost}/services/apps/forgejo.nix (68%) create mode 100644 hosts/bifrost/services/apps/ntfy.nix create mode 100644 hosts/bifrost/services/apps/proofs.nix rename hosts/{rico0 => bifrost}/services/apps/wiki.nix (79%) delete mode 100644 hosts/rico0/services/apps/ntfy.nix delete mode 100644 hosts/rico0/services/apps/proofs.nix delete mode 100644 hosts/shared/caddy-helpers.nix create mode 100644 modules/facts.nix diff --git a/hosts/bifrost/network/wireguard.nix b/hosts/bifrost/network/wireguard.nix index a47cc6c..46348e0 100644 --- a/hosts/bifrost/network/wireguard.nix +++ b/hosts/bifrost/network/wireguard.nix @@ -3,6 +3,7 @@ let wireguard-peers = import ../../shared/wireguard-peers.nix; in { + nodeconfig.facts.wireguard-ip = "10.10.10.1"; sops.secrets = { "wireguard/bifrost/pk" = { mode = "400"; diff --git a/hosts/rico0/services/apps/acomputer.lol.nix b/hosts/bifrost/services/apps/acomputer.lol.nix similarity index 86% rename from hosts/rico0/services/apps/acomputer.lol.nix rename to hosts/bifrost/services/apps/acomputer.lol.nix index 263c08e..d2bf137 100644 --- a/hosts/rico0/services/apps/acomputer.lol.nix +++ b/hosts/bifrost/services/apps/acomputer.lol.nix @@ -1,12 +1,10 @@ _: let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; domainName = "acomputer.lol"; in { services = { caddy.virtualHosts."${domainName}" = { - inherit logFormat; extraConfig = '' handle /.well-known/matrix/server { header Content-Type application/json diff --git a/hosts/rico0/services/apps/adtya.xyz.nix b/hosts/bifrost/services/apps/adtya.xyz.nix similarity index 81% rename from hosts/rico0/services/apps/adtya.xyz.nix rename to hosts/bifrost/services/apps/adtya.xyz.nix index 29bb097..38eb4ab 100644 --- a/hosts/rico0/services/apps/adtya.xyz.nix +++ b/hosts/bifrost/services/apps/adtya.xyz.nix @@ -1,13 +1,11 @@ { inputs, pkgs, ... }: let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; domainName = "adtya.xyz"; in { services = { caddy.virtualHosts."${domainName}" = { serverAliases = [ "www.${domainName}" ]; - inherit logFormat; extraConfig = '' handle { root * ${inputs.adtyaxyz.packages.${pkgs.system}.default}/share/web diff --git a/hosts/bifrost/services/apps/default.nix b/hosts/bifrost/services/apps/default.nix new file mode 100644 index 0000000..d8409ab --- /dev/null +++ b/hosts/bifrost/services/apps/default.nix @@ -0,0 +1,11 @@ +_: { + imports = [ + ./adtya.xyz.nix + ./acomputer.lol.nix + ./dendrite.nix + ./forgejo.nix + ./ntfy.nix + ./proofs.nix + ./wiki.nix + ]; +} diff --git a/hosts/rico0/services/apps/dendrite.nix b/hosts/bifrost/services/apps/dendrite.nix similarity index 68% rename from hosts/rico0/services/apps/dendrite.nix rename to hosts/bifrost/services/apps/dendrite.nix index 62f1ab5..d9daba3 100644 --- a/hosts/rico0/services/apps/dendrite.nix +++ b/hosts/bifrost/services/apps/dendrite.nix @@ -1,12 +1,10 @@ _: let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; domainName = "matrix.acomputer.lol"; in { services = { caddy.virtualHosts."${domainName}" = { - inherit logFormat; extraConfig = '' reverse_proxy 10.10.10.13:8008 ''; diff --git a/hosts/rico0/services/apps/forgejo.nix b/hosts/bifrost/services/apps/forgejo.nix similarity index 68% rename from hosts/rico0/services/apps/forgejo.nix rename to hosts/bifrost/services/apps/forgejo.nix index d3c96ca..6bb75f9 100644 --- a/hosts/rico0/services/apps/forgejo.nix +++ b/hosts/bifrost/services/apps/forgejo.nix @@ -1,12 +1,10 @@ _: let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; domainName = "forge.acomputer.lol"; in { services = { caddy.virtualHosts."${domainName}" = { - inherit logFormat; extraConfig = '' reverse_proxy 10.10.10.13:3000 ''; diff --git a/hosts/bifrost/services/apps/ntfy.nix b/hosts/bifrost/services/apps/ntfy.nix new file mode 100644 index 0000000..1f4744d --- /dev/null +++ b/hosts/bifrost/services/apps/ntfy.nix @@ -0,0 +1,13 @@ +_: +let + domainName = "ntfy.acomputer.lol"; +in +{ + services = { + caddy.virtualHosts."${domainName}" = { + extraConfig = '' + reverse_proxy 10.10.10.13:8080 + ''; + }; + }; +} diff --git a/hosts/bifrost/services/apps/proofs.nix b/hosts/bifrost/services/apps/proofs.nix new file mode 100644 index 0000000..d9bde18 --- /dev/null +++ b/hosts/bifrost/services/apps/proofs.nix @@ -0,0 +1,13 @@ +_: +let + domainName = "proofs.adtya.xyz"; +in +{ + services = { + caddy.virtualHosts."${domainName}" = { + extraConfig = '' + redir https://keyoxide.org/hkp/51E4F5AB1B82BE45B4229CC243A5E25AA5A27849 + ''; + }; + }; +} diff --git a/hosts/rico0/services/apps/wiki.nix b/hosts/bifrost/services/apps/wiki.nix similarity index 79% rename from hosts/rico0/services/apps/wiki.nix rename to hosts/bifrost/services/apps/wiki.nix index e45fa7d..dd70a72 100644 --- a/hosts/rico0/services/apps/wiki.nix +++ b/hosts/bifrost/services/apps/wiki.nix @@ -1,12 +1,10 @@ { inputs, pkgs, ... }: let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; domainName = "wiki.adtya.xyz"; in { services = { caddy.virtualHosts."${domainName}" = { - inherit logFormat; extraConfig = '' handle { root * ${inputs.wiki.packages.${pkgs.system}.default}/share/web diff --git a/hosts/bifrost/services/default.nix b/hosts/bifrost/services/default.nix index 53cf156..ee5c306 100644 --- a/hosts/bifrost/services/default.nix +++ b/hosts/bifrost/services/default.nix @@ -1,5 +1,9 @@ _: { imports = [ ./ssh.nix + + ../../shared/caddy.nix + + ./apps ]; } diff --git a/hosts/layne/network/wireguard.nix b/hosts/layne/network/wireguard.nix index 49cf71b..b71c6b8 100644 --- a/hosts/layne/network/wireguard.nix +++ b/hosts/layne/network/wireguard.nix @@ -1,4 +1,4 @@ -{ config, ...}: +{ config, ... }: let wireguard-peers = import ../../shared/wireguard-peers.nix; in diff --git a/hosts/rico0/network/wireguard.nix b/hosts/rico0/network/wireguard.nix index 5f755bf..25972de 100644 --- a/hosts/rico0/network/wireguard.nix +++ b/hosts/rico0/network/wireguard.nix @@ -1,4 +1,4 @@ -{config, ...}: +{ config, ... }: let wireguard-peers = import ../../shared/wireguard-peers.nix; in diff --git a/hosts/rico0/services/apps/default.nix b/hosts/rico0/services/apps/default.nix index 2608e5b..b3afbb0 100644 --- a/hosts/rico0/services/apps/default.nix +++ b/hosts/rico0/services/apps/default.nix @@ -1,13 +1,5 @@ _: { imports = [ - ./acomputer.lol.nix - ./adtya.xyz.nix - ./dendrite.nix - ./forgejo.nix - ./ntfy.nix - ./proofs.nix - ./wiki.nix - ./dendrite.nix ../../../shared/prometheus-exporters.nix ../../../shared/promtail.nix ]; diff --git a/hosts/rico0/services/apps/ntfy.nix b/hosts/rico0/services/apps/ntfy.nix deleted file mode 100644 index 9974655..0000000 --- a/hosts/rico0/services/apps/ntfy.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: -let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; - domainName = "ntfy.acomputer.lol"; -in -{ - services = { - caddy.virtualHosts = { - - "${domainName}" = { - inherit logFormat; - extraConfig = '' - reverse_proxy 10.10.10.13:8080 - ''; - }; - }; - }; -} diff --git a/hosts/rico0/services/apps/proofs.nix b/hosts/rico0/services/apps/proofs.nix deleted file mode 100644 index f6dbdfd..0000000 --- a/hosts/rico0/services/apps/proofs.nix +++ /dev/null @@ -1,17 +0,0 @@ -_: -let - inherit (import ../../../shared/caddy-helpers.nix) logFormat; - domainName = "proofs.adtya.xyz"; -in -{ - services = { - caddy.virtualHosts = { - "${domainName}" = { - inherit logFormat; - extraConfig = '' - redir https://keyoxide.org/hkp/51E4F5AB1B82BE45B4229CC243A5E25AA5A27849 - ''; - }; - }; - }; -} diff --git a/hosts/rico1/network/wireguard.nix b/hosts/rico1/network/wireguard.nix index 28a41aa..d274212 100644 --- a/hosts/rico1/network/wireguard.nix +++ b/hosts/rico1/network/wireguard.nix @@ -1,4 +1,4 @@ -{config, ...}: +{ config, ... }: let wireguard-peers = import ../../shared/wireguard-peers.nix; in diff --git a/hosts/rico2/network/wireguard.nix b/hosts/rico2/network/wireguard.nix index 79d87cd..d987e0d 100644 --- a/hosts/rico2/network/wireguard.nix +++ b/hosts/rico2/network/wireguard.nix @@ -1,4 +1,4 @@ -{ config, ...}: +{ config, ... }: let wireguard-peers = import ../shared/wireguard-peers.nix; in diff --git a/hosts/shared/caddy-helpers.nix b/hosts/shared/caddy-helpers.nix deleted file mode 100644 index 857b711..0000000 --- a/hosts/shared/caddy-helpers.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - logFormat = '' - output stderr - format json - level ERROR - ''; -} diff --git a/hosts/shared/caddy.nix b/hosts/shared/caddy.nix index 7f1b161..01c0a3e 100644 --- a/hosts/shared/caddy.nix +++ b/hosts/shared/caddy.nix @@ -1,8 +1,4 @@ -{ config, inputs, pkgs, ... }: -let - inherit (import ./caddy-helpers.nix) logFormat; -in -{ +{ config, inputs, pkgs, ... }: { sops = { secrets = { "caddy/env_file" = { @@ -17,14 +13,12 @@ in package = inputs.caddy.packages.${pkgs.system}.caddy; email = "admin@acomputer.lol"; globalConfig = '' + admin ${config.nodeconfig.facts.wireguard-ip}:2019 acme_dns hetzner {env.HETZNER_ACCESS_TOKEN} servers { - trusted_proxies static private_ranges 10.10.10.0/24 - client_ip_headers X-Forwarded-For X-Real-IP metrics } ''; - inherit logFormat; }; systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.secrets."caddy/env_file".path; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/default.nix b/modules/default.nix index 185501c..4ed84f6 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,6 @@ _: { imports = [ + ./facts.nix ./general.nix ./nix.nix ./pi.nix diff --git a/modules/facts.nix b/modules/facts.nix new file mode 100644 index 0000000..07b2c75 --- /dev/null +++ b/modules/facts.nix @@ -0,0 +1,12 @@ +{ lib, ... }: { + options.nodeconfig = { + facts = { + wireguard-ip = lib.mkOption { + type = lib.types.str; + default = null; + example = "10.0.0.1"; + description = "Wireguard IP of the node"; + }; + }; + }; +}