mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stuffs like bruh wtf

Browse Source
This commit is contained in:
mjallen18
2026-02-04 19:40:00 -06:00
parent 87fb1c96e5
commit 1f99318fcd
5 changed files with 146 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/module/default.nix
View File

@@ -154,7 +154,7 @@ rec {
mkOpt (types.attrsOf types.str) { }
"Extra environment variables for code-server";
reverseProxy = mkReverseProxyOpt;
reverseProxy = mkReverseProxyOpt name;
}
// options;
};
@@ -221,12 +221,12 @@ rec {
mkBoolOpt' = mkOpt' types.bool;
mkReverseProxyOpt = {
mkReverseProxyOpt = name: {
enable = mkBoolOpt false "Enable reverse proxy support";
subdomain = mkOpt types.str "" "subdomain of the service";
subdomain = mkOpt types.str name "subdomain of the service";
middlewares = mkOpt (types.listOf types.str) [ ] "List of middlewares to use";
middlewares = mkOpt (types.listOf types.str) [ "crowdsec" "whitelist-geoblock" ] "List of middlewares to use";
};
# Standard enable/disable patterns

121
modules/nixos/services/caddy/default.nix Normal file
View File

@@ -0,0 +1,121 @@
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
name = "caddy";
cfg = config.${namespace}.services.${name};
caddyPackage = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.2" ];
hash = "sha256-dnhEjopeA0UiI+XVYHYpsjcEI6Y1Hacbi28hVKYQURg=";
};
caddy = lib.${namespace}.mkModule {
inherit config name;
description = "caddy Service";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/traefik/crowdsec/lapi-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/crowdsec/capi-machine-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/crowdsec/capi-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-zone-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-api-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-email" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
};
templates = {
"caddy.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
};
};
services.caddy = {
enable = true;
# package = caddyPackage;
# environmentFile = config.sops.templates."caddy.env".path;
email = "jalle008@proton.me";
enableReload = false;
dataDir = "${cfg.configDir}/caddy";
globalConfig = ''
metrics
http_port 80
https_port 443
default_bind 0.0.0.0
''; # b710da1b0182eadcb1e569408de778f9f3c50
virtualHosts = {
"gitea.mjallen.dev" = {
extraConfig = ''
reverse_proxy http://10.0.1.3:3000
'';
};
"jellyfin.mjallen.dev" = {
extraConfig = ''
reverse_proxy http://10.0.1.3:8096
'';
};
"hass.mjallen.dev" = {
extraConfig = ''
reverse_proxy http://10.0.1.4:8123
'';
};
};
};
};
};
in
{
imports = [ caddy ];
}

9
modules/nixos/services/traefik/default.nix
View File

@@ -28,9 +28,16 @@ let
let
makeRouter =
router:
let
hostRule =
if router.subdomain == "" then
"Host(`${domain}`)"
else
"Host(`${router.subdomain}.${domain}`)";
in
nameValuePair router.subdomain {
entryPoints = router.entryPoints;
rule = "Host(`${router.subdomain}.${domain}`)";
rule = hostRule;
service = router.service;
middlewares = router.middlewares ++ [
"crowdsec"

14
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -127,7 +127,7 @@ in
matrix = {
enable = false;
port = 8448;
reverseProxy.enable = true;
reverseProxy.enable = false;
};
minecraft = disabled;
mongodb = disabled;
@@ -143,7 +143,10 @@ in
enable = true;
port = 2586;
createUser = true;
reverseProxy.enable = true;
reverseProxy = {
enable = true;
subdomain = "ntfy";
};
};
ocis = disabled;
onlyoffice = {
@@ -153,7 +156,7 @@ in
opencloud = {
enable = false;
port = 9200;
reverseProxy.enable = true;
reverseProxy.enable = false;
};
orca-slicer = {
enable = false;
@@ -187,6 +190,11 @@ in
serverPort = 8266;
};
traefik = enabled;
caddy = disabled;
unmanic = {
enable = true;
port = 8265;

2
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -143,6 +143,8 @@ in
allowPing = true;
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = [
80
443
8008 # restic
9000 # authentik
2342 # grafana