blep

2025-06-16 17:37:29 -04:00 · 2025-06-16 17:37:29 -04:00 · 30fc5a37e3
commit 30fc5a37e3
parent 1023e50fb9
3 changed files with 30 additions and 13 deletions
--- a/hosts/morax/default.nix
+++ b/hosts/morax/default.nix
@ -11,6 +11,17 @@
    ../../host-secrets.nix
  ];

+  # Enable modules
+  modules.caddy.enable = true;
+  modules.garage.enable = true;
+
+  modules.caddy = {
+    email = "ana@nekomimi.pet";
+    reverseProxies = {
+      "s3.nkp.pet" = ["valefar:3900" "morax:3900"];
+    };
+  };
+
  system.stateVersion = "25.05";

  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
--- a/hosts/morax/hardware.nix
+++ b/hosts/morax/hardware.nix
@ -18,6 +18,11 @@
      fsType = "ext4";
    };

+  fileSystems."/garage" = {
+  device = "/dev/sda1";
+    fsType = "ext4";
+  };
+
  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/modules/caddy/default.nix
+++ b/modules/caddy/default.nix
@ -12,9 +12,13 @@ let
  # Generate Caddyfile content from the proxy configuration
  generateCaddyfile = proxies: 
    let
-      proxyEntries = mapAttrsToList (domain: upstream: ''
+      proxyEntries = mapAttrsToList (domain: upstreams: 
+        let
+          upstreamList = if isList upstreams then upstreams else [upstreams];
+          upstreamStr = concatStringsSep " " upstreamList;
+        in ''
        ${domain} {
-          reverse_proxy ${upstream}
+          reverse_proxy ${upstreamStr}
          
          # Optional: Add some common headers for better proxying
          header_up Host {upstream_hostport}
@ -33,25 +37,23 @@ in
      caddy = { 
        enable = mkEnableOption "Deploy Caddy";
        
-        # New option for reverse proxy configuration
        reverseProxies = mkOption {
-          type = types.attrsOf types.str;
+          type = types.attrsOf (types.either types.str (types.listOf types.str));
          default = {};
-          description = "Attribute set of domain to upstream mappings for reverse proxying";
+          description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing.";
          example = {
            "notes.nekomimi.pet" = "valefar:3009";
-            "git.nekomimi.pet" = "morax:3000";
+            "git.nekomimi.pet" = ["morax:3000" "valefar:3000"];  # Load balance between multiple upstreams
+            "api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"];
          };
        };
        
-        # Optional: Allow custom Caddyfile content to be appended
        extraConfig = mkOption {
          type = types.lines;
          default = "";
          description = "Extra Caddyfile configuration to append";
        };
        
-        # Optional: Email for ACME/Let's Encrypt
        email = mkOption {
          type = types.nullOr types.str;
          default = null;
@ -64,7 +66,7 @@ in
  config = mkIf cfg.enable {
    # Allow network access when building
    # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
-    nix.settings.sandbox = false;
+    #nix.settings.sandbox = false;

    networking.firewall.allowedTCPPorts = [
      80
@ -74,12 +76,11 @@ in

    services.caddy = {
      enable = true;
-      package = pkgs.caddy.withPlugins {
-        plugins = [ "github.com/caddy-dns/cloudflare"];
+      /*package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"];
        hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";
-      };
+      };*/
      
-      # Generate the Caddyfile from our configuration
      extraConfig = ''
        ${optionalString (cfg.email != null) ''
          {