mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix traefik stuff

Browse Source
This commit is contained in:
mjallen18
2026-02-04 20:02:32 -06:00
parent 1f99318fcd
commit 4d4808490b
4 changed files with 33 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/nixos/services/caddy/default.nix
View File

@@ -84,8 +84,8 @@ let
services.caddy = {
enable = true;
# package = caddyPackage;
# environmentFile = config.sops.templates."caddy.env".path;
package = caddyPackage;
environmentFile = config.sops.templates."caddy.env".path;
email = "jalle008@proton.me";
enableReload = false;
dataDir = "${cfg.configDir}/caddy";
@@ -96,19 +96,26 @@ let
default_bind 0.0.0.0
''; # b710da1b0182eadcb1e569408de778f9f3c50
virtualHosts = {
"gitea.mjallen.dev" = {
"*.mjallen.dev" = {
extraConfig = ''
reverse_proxy http://10.0.1.3:3000
'';
};
"jellyfin.mjallen.dev" = {
extraConfig = ''
reverse_proxy http://10.0.1.3:8096
'';
};
"hass.mjallen.dev" = {
extraConfig = ''
reverse_proxy http://10.0.1.4:8123
tls {
dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
}
@gitea host gitea.mjallen.dev
handle @gitea {
reverse_proxy http://10.0.1.3:3000
}
@jellyfin host jellyfin.mjallen.dev
handle @jellyfin {
reverse_proxy http://10.0.1.3:8096
}
@homeassistant host hass.mjallen.dev
handle @homeassistant {
reverse_proxy http://10.0.1.4:8123
}
'';
};
};

197
modules/nixos/services/traefik/default.nix
View File

@@ -67,19 +67,9 @@ let
# Forward services
authUrl = "http://${serverIp}:9000/outpost.goauthentik.io";
authentikUrl = "http://${serverIp}:9000";
cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http:/10.0.1.3:9200";
# cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
hassUrl = "http://10.0.1.4:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://10.0.1.3:${toString config.services.jellyseerr.port}";
lubeloggerUrl = "http://${serverIp}:6754";
# onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}";
onlyofficeUrl = "http://10.0.1.3:9980";
openWebUIUrl = "http://${serverIp}:8888";
paperlessUrl = "http://${serverIp}:${toString config.services.paperless.port}";
# Plugins
traefikPlugins = {
@@ -267,17 +257,6 @@ in
# };
http = {
serversTransports = {
internal-https = {
insecureSkipVerify = true;
};
attich1 = {
serverName = "localhost";
disableHTTP2 = true;
};
};
middlewares = {
authentik = {
forwardAuth = {
@@ -389,88 +368,18 @@ in
url = authUrl;
}
];
gitea.loadBalancer.servers = [
{
url = "http://10.0.1.3:3000";
}
];
actual.loadBalancer.servers = [
{
url = "http://10.0.1.3:3333";
}
];
matrix.loadBalancer.servers = [
{
url = "http://10.0.1.3:8448";
}
];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
}
];
cache.loadBalancer = {
servers = [
{
url = cacheUrl;
}
];
serversTransport = "attich1";
};
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
cloud.loadBalancer = {
servers = [
{
url = cloudUrl;
}
];
};
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
immich.loadBalancer.servers = [
{
url = immichUrl;
}
];
jellyfin.loadBalancer.servers = [
{
url = jellyfinUrl;
}
];
jellyseerr.loadBalancer.servers = [
{
url = jellyseerrUrl;
}
];
lubelogger.loadBalancer.servers = [
{
url = lubeloggerUrl;
}
];
onlyoffice.loadBalancer = {
servers = [
{
url = onlyofficeUrl;
}
];
passHostHeader = true;
};
paperless.loadBalancer.servers = [
{
url = paperlessUrl;
}
];
}
// extraServiceConfigs
// reverseProxyServiceConfigs;
@@ -488,49 +397,6 @@ in
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
matrix = {
entryPoints = [ "websecure" ];
rule = "Host(`matrix.${domain}`)";
service = "matrix";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
@@ -539,16 +405,7 @@ in
priority = 10;
tls.certResolver = "letsencrypt";
};
cloud = {
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
@@ -561,58 +418,6 @@ in
priority = 10;
tls.certResolver = "letsencrypt";
};
immich = {
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [
"crowdsec"
"whitelist-geoblock"
# "onlyoffice-headers"
"collabora-headers"
];
tls.certResolver = "letsencrypt";
};
}
// extraRouterConfigs
// reverseProxyRouterConfigs;

28
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -14,14 +14,7 @@ in
enable = true;
port = 3333;
createUser = true;
reverseProxy = {
enable = true;
subdomain = "actual";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
reverseProxy = enabled;
};
ai = enabled;
arrs = {
@@ -38,6 +31,7 @@ in
enable = false;
configureDb = true;
port = 9000;
reverseProxy = enabled;
environmentFile = "/run/secrets/jallen-nas/authentik-env";
redis = {
enable = true;
@@ -49,6 +43,7 @@ in
port = 4822;
# environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO
};
caddy = disabled;
calibre = {
enable = false;
port = 8084;
@@ -88,6 +83,7 @@ in
gitea = {
enable = true;
port = 3000;
reverseProxy = enabled;
};
glance = {
enable = true;
@@ -106,19 +102,23 @@ in
immich = {
enable = true;
port = 2283;
reverseProxy = enabled;
};
jellyfin = {
enable = true;
port = 8096;
reverseProxy = enabled;
};
jellyseerr = {
enable = true;
port = 5055;
createUser = true;
reverseProxy = enabled;
};
lubelogger = {
enable = true;
port = 6754;
reverseProxy = enabled;
};
manyfold = {
enable = true;
@@ -127,7 +127,7 @@ in
matrix = {
enable = false;
port = 8448;
reverseProxy.enable = false;
reverseProxy = enabled;
};
minecraft = disabled;
mongodb = disabled;
@@ -143,10 +143,7 @@ in
enable = true;
port = 2586;
createUser = true;
reverseProxy = {
enable = true;
subdomain = "ntfy";
};
reverseProxy = enabled;
};
ocis = disabled;
onlyoffice = {
@@ -190,11 +187,6 @@ in
serverPort = 8266;
};
traefik = enabled;
caddy = disabled;
unmanic = {
enable = true;
port = 8265;

1
systems/x86_64-linux/jallen-nas/vpn.nix
View File

@@ -110,6 +110,7 @@
openvpn = {
servers = {
"us.protonvpn.udp" = lib.mkForce {
autoStart = false;
authUserPass = config.sops.templates."protonvpn".path;
updateResolvConf = lib.mkForce true;
config = ''