From 30fc5a37e3b6c5e198888eac8612e9c83ed1cc1c Mon Sep 17 00:00:00 2001 From: waveringana Date: Mon, 16 Jun 2025 17:37:29 -0400 Subject: [PATCH] blep --- hosts/morax/default.nix | 11 +++++++++++ hosts/morax/hardware.nix | 5 +++++ modules/caddy/default.nix | 27 ++++++++++++++------------- 3 files changed, 30 insertions(+), 13 deletions(-) diff --git a/hosts/morax/default.nix b/hosts/morax/default.nix index aa1459c..1e653d0 100755 --- a/hosts/morax/default.nix +++ b/hosts/morax/default.nix @@ -11,6 +11,17 @@ ../../host-secrets.nix ]; + # Enable modules + modules.caddy.enable = true; + modules.garage.enable = true; + + modules.caddy = { + email = "ana@nekomimi.pet"; + reverseProxies = { + "s3.nkp.pet" = ["valefar:3900" "morax:3900"]; + }; + }; + system.stateVersion = "25.05"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; diff --git a/hosts/morax/hardware.nix b/hosts/morax/hardware.nix index 932aab3..79a2a14 100755 --- a/hosts/morax/hardware.nix +++ b/hosts/morax/hardware.nix @@ -18,6 +18,11 @@ fsType = "ext4"; }; + fileSystems."/garage" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking diff --git a/modules/caddy/default.nix b/modules/caddy/default.nix index d30f8ad..674325b 100755 --- a/modules/caddy/default.nix +++ b/modules/caddy/default.nix @@ -12,9 +12,13 @@ let # Generate Caddyfile content from the proxy configuration generateCaddyfile = proxies: let - proxyEntries = mapAttrsToList (domain: upstream: '' + proxyEntries = mapAttrsToList (domain: upstreams: + let + upstreamList = if isList upstreams then upstreams else [upstreams]; + upstreamStr = concatStringsSep " " upstreamList; + in '' ${domain} { - reverse_proxy ${upstream} + reverse_proxy ${upstreamStr} # Optional: Add some common headers for better proxying header_up Host {upstream_hostport} @@ -33,25 +37,23 @@ in caddy = { enable = mkEnableOption "Deploy Caddy"; - # New option for reverse proxy configuration reverseProxies = mkOption { - type = types.attrsOf types.str; + type = types.attrsOf (types.either types.str (types.listOf types.str)); default = {}; - description = "Attribute set of domain to upstream mappings for reverse proxying"; + description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing."; example = { "notes.nekomimi.pet" = "valefar:3009"; - "git.nekomimi.pet" = "morax:3000"; + "git.nekomimi.pet" = ["morax:3000" "valefar:3000"]; # Load balance between multiple upstreams + "api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"]; }; }; - # Optional: Allow custom Caddyfile content to be appended extraConfig = mkOption { type = types.lines; default = ""; description = "Extra Caddyfile configuration to append"; }; - # Optional: Email for ACME/Let's Encrypt email = mkOption { type = types.nullOr types.str; default = null; @@ -64,7 +66,7 @@ in config = mkIf cfg.enable { # Allow network access when building # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy - nix.settings.sandbox = false; + #nix.settings.sandbox = false; networking.firewall.allowedTCPPorts = [ 80 @@ -74,12 +76,11 @@ in services.caddy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare"]; + /*package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"]; hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii"; - }; + };*/ - # Generate the Caddyfile from our configuration extraConfig = '' ${optionalString (cfg.email != null) '' {