waveringana/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: waveringana:30fc5a37e3b6c5e198888eac8612e9c83ed1cc1c
Branches Tags
waveringana:main
..
compare: waveringana:2a961aaa91cc3239d187c7b15f6bd2059ac17bb7
Branches Tags
waveringana:main

No commits in common. "30fc5a37e3b6c5e198888eac8612e9c83ed1cc1c" and "2a961aaa91cc3239d187c7b15f6bd2059ac17bb7" have entirely different histories.
30fc5a37e3 ... 2a961aaa91

3 changed files with 4 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

11
hosts/morax/default.nix
View file

@ -11,17 +11,6 @@
../../host-secrets.nix ../../host-secrets.nix
]; ];
# Enable modules
modules.caddy.enable = true;
modules.garage.enable = true;
modules.caddy = {
email = "ana@nekomimi.pet";
reverseProxies = {
"s3.nkp.pet" = ["valefar:3900" "morax:3900"];
};
};
system.stateVersion = "25.05"; system.stateVersion = "25.05";
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";

5
hosts/morax/hardware.nix
View file

@ -18,11 +18,6 @@
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/garage" = {
device = "/dev/sda1";
fsType = "ext4";
};
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

65
modules/caddy/default.nix
View file

@ -8,58 +8,11 @@ with lib;
let let
cfg = config.modules.caddy; cfg = config.modules.caddy;
caddyMetricsPort = 2019; caddyMetricsPort = 2019;
# Generate Caddyfile content from the proxy configuration
generateCaddyfile = proxies:
let
proxyEntries = mapAttrsToList (domain: upstreams:
let
upstreamList = if isList upstreams then upstreams else [upstreams];
upstreamStr = concatStringsSep " " upstreamList;
in ''
${domain} {
reverse_proxy ${upstreamStr}
# Optional: Add some common headers for better proxying
header_up Host {upstream_hostport}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
'') proxies;
in
concatStringsSep "\n\n" proxyEntries;
in in
{ {
options = { options = {
modules = { modules = {
caddy = { caddy = { enable = mkEnableOption "Deploy Caddy"; };
enable = mkEnableOption "Deploy Caddy";
reverseProxies = mkOption {
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing.";
example = {
"notes.nekomimi.pet" = "valefar:3009";
"git.nekomimi.pet" = ["morax:3000" "valefar:3000"]; # Load balance between multiple upstreams
"api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"];
};
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = "Extra Caddyfile configuration to append";
};
email = mkOption {
type = types.nullOr types.str;
default = null;
description = "Email address for ACME certificate registration";
};
};
}; };
}; };
@ -77,21 +30,9 @@ in
services.caddy = { services.caddy = {
enable = true; enable = true;
/* package = pkgs.caddy.withPlugins { /* package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"]; plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii"; hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
};*/ };*/
extraConfig = ''
${optionalString (cfg.email != null) ''
{
email ${cfg.email}
}
''}
${generateCaddyfile cfg.reverseProxies}
${cfg.extraConfig}
'';
}; };
systemd.services.caddy = { systemd.services.caddy = {