adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bifrost: move public facing reverse proxies to bifrost

Browse source
This commit is contained in:
Adithya 2024-11-16 23:08:16 +05:30
parent 940e3a811f
commit ef3d9510ce
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
21 changed files with 61 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/bifrost/network/wireguard.nix
View file

@ -3,6 +3,7 @@ let
wireguard-peers = import ../../shared/wireguard-peers.nix; wireguard-peers = import ../../shared/wireguard-peers.nix;
in in
{ {
nodeconfig.facts.wireguard-ip = "10.10.10.1";
sops.secrets = { sops.secrets = {
"wireguard/bifrost/pk" = { "wireguard/bifrost/pk" = {
mode = "400"; mode = "400";

2
hosts/rico0/services/apps/acomputer.lol.nix → hosts/bifrost/services/apps/acomputer.lol.nix
View file

@ -1,12 +1,10 @@
_: _:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "acomputer.lol"; domainName = "acomputer.lol";
in in
{ {
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
handle /.well-known/matrix/server { handle /.well-known/matrix/server {
header Content-Type application/json header Content-Type application/json

2
hosts/rico0/services/apps/adtya.xyz.nix → hosts/bifrost/services/apps/adtya.xyz.nix
View file

@ -1,13 +1,11 @@
{ inputs, pkgs, ... }: { inputs, pkgs, ... }:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "adtya.xyz"; domainName = "adtya.xyz";
in in
{ {
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
serverAliases = [ "www.${domainName}" ]; serverAliases = [ "www.${domainName}" ];
inherit logFormat;
extraConfig = '' extraConfig = ''
handle { handle {
root * ${inputs.adtyaxyz.packages.${pkgs.system}.default}/share/web root * ${inputs.adtyaxyz.packages.${pkgs.system}.default}/share/web

11
hosts/bifrost/services/apps/default.nix Normal file
View file

@ -0,0 +1,11 @@
_: {
imports = [
./adtya.xyz.nix
./acomputer.lol.nix
./dendrite.nix
./forgejo.nix
./ntfy.nix
./proofs.nix
./wiki.nix
];
}

2
hosts/rico0/services/apps/dendrite.nix → hosts/bifrost/services/apps/dendrite.nix
View file

@ -1,12 +1,10 @@
_: _:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "matrix.acomputer.lol"; domainName = "matrix.acomputer.lol";
in in
{ {
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 10.10.10.13:8008 reverse_proxy 10.10.10.13:8008
''; '';

2
hosts/rico0/services/apps/forgejo.nix → hosts/bifrost/services/apps/forgejo.nix
View file

@ -1,12 +1,10 @@
_: _:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "forge.acomputer.lol"; domainName = "forge.acomputer.lol";
in in
{ {
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 10.10.10.13:3000 reverse_proxy 10.10.10.13:3000
''; '';

13
hosts/bifrost/services/apps/ntfy.nix Normal file
View file

@ -0,0 +1,13 @@
_:
let
domainName = "ntfy.acomputer.lol";
in
{
services = {
caddy.virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy 10.10.10.13:8080
'';
};
};
}

13
hosts/bifrost/services/apps/proofs.nix Normal file
View file

@ -0,0 +1,13 @@
_:
let
domainName = "proofs.adtya.xyz";
in
{
services = {
caddy.virtualHosts."${domainName}" = {
extraConfig = ''
redir https://keyoxide.org/hkp/51E4F5AB1B82BE45B4229CC243A5E25AA5A27849
'';
};
};
}

2
hosts/rico0/services/apps/wiki.nix → hosts/bifrost/services/apps/wiki.nix
View file

@ -1,12 +1,10 @@
{ inputs, pkgs, ... }: { inputs, pkgs, ... }:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "wiki.adtya.xyz"; domainName = "wiki.adtya.xyz";
in in
{ {
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
handle { handle {
root * ${inputs.wiki.packages.${pkgs.system}.default}/share/web root * ${inputs.wiki.packages.${pkgs.system}.default}/share/web

4
hosts/bifrost/services/default.nix
View file

@ -1,5 +1,9 @@
_: { _: {
imports = [ imports = [
./ssh.nix ./ssh.nix
../../shared/caddy.nix
./apps
]; ];
} }

2
hosts/layne/network/wireguard.nix
View file

@ -1,4 +1,4 @@
{ config, ...}: { config, ... }:
let let
wireguard-peers = import ../../shared/wireguard-peers.nix; wireguard-peers = import ../../shared/wireguard-peers.nix;
in in

2
hosts/rico0/network/wireguard.nix
View file

@ -1,4 +1,4 @@
{config, ...}: { config, ... }:
let let
wireguard-peers = import ../../shared/wireguard-peers.nix; wireguard-peers = import ../../shared/wireguard-peers.nix;
in in

8
hosts/rico0/services/apps/default.nix
View file

@ -1,13 +1,5 @@
_: { _: {
imports = [ imports = [
./acomputer.lol.nix
./adtya.xyz.nix
./dendrite.nix
./forgejo.nix
./ntfy.nix
./proofs.nix
./wiki.nix
./dendrite.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix
]; ];

18
hosts/rico0/services/apps/ntfy.nix
View file

@ -1,18 +0,0 @@
_:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "ntfy.acomputer.lol";
in
{
services = {
caddy.virtualHosts = {
"${domainName}" = {
inherit logFormat;
extraConfig = ''
reverse_proxy 10.10.10.13:8080
'';
};
};
};
}

17
hosts/rico0/services/apps/proofs.nix
View file

@ -1,17 +0,0 @@
_:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "proofs.adtya.xyz";
in
{
services = {
caddy.virtualHosts = {
"${domainName}" = {
inherit logFormat;
extraConfig = ''
redir https://keyoxide.org/hkp/51E4F5AB1B82BE45B4229CC243A5E25AA5A27849
'';
};
};
};
}

2
hosts/rico1/network/wireguard.nix
View file

@ -1,4 +1,4 @@
{config, ...}: { config, ... }:
let let
wireguard-peers = import ../../shared/wireguard-peers.nix; wireguard-peers = import ../../shared/wireguard-peers.nix;
in in

2
hosts/rico2/network/wireguard.nix
View file

@ -1,4 +1,4 @@
{ config, ...}: { config, ... }:
let let
wireguard-peers = import ../shared/wireguard-peers.nix; wireguard-peers = import ../shared/wireguard-peers.nix;
in in

7
hosts/shared/caddy-helpers.nix
View file

@ -1,7 +0,0 @@
{
logFormat = ''
output stderr
format json
level ERROR
'';
}

10
hosts/shared/caddy.nix
View file

@ -1,8 +1,4 @@
{ config, inputs, pkgs, ... }: { config, inputs, pkgs, ... }: {
let
inherit (import ./caddy-helpers.nix) logFormat;
in
{
sops = { sops = {
secrets = { secrets = {
"caddy/env_file" = { "caddy/env_file" = {
@ -17,14 +13,12 @@ in
package = inputs.caddy.packages.${pkgs.system}.caddy; package = inputs.caddy.packages.${pkgs.system}.caddy;
email = "admin@acomputer.lol"; email = "admin@acomputer.lol";
globalConfig = '' globalConfig = ''
admin ${config.nodeconfig.facts.wireguard-ip}:2019
acme_dns hetzner {env.HETZNER_ACCESS_TOKEN} acme_dns hetzner {env.HETZNER_ACCESS_TOKEN}
servers { servers {
trusted_proxies static private_ranges 10.10.10.0/24
client_ip_headers X-Forwarded-For X-Real-IP
metrics metrics
} }
''; '';
inherit logFormat;
}; };
systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.secrets."caddy/env_file".path; systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.secrets."caddy/env_file".path;
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];

1
modules/default.nix
View file

@ -1,5 +1,6 @@
_: { _: {
imports = [ imports = [
./facts.nix
./general.nix ./general.nix
./nix.nix ./nix.nix
./pi.nix ./pi.nix

12
modules/facts.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, ... }: {
options.nodeconfig = {
facts = {
wireguard-ip = lib.mkOption {
type = lib.types.str;
default = null;
example = "10.0.0.1";
description = "Wireguard IP of the node";
};
};
};
}