diff --git a/modules/nixos/services/caddy/default.nix b/modules/nixos/services/caddy/default.nix index e0234b0..3dd4cd7 100644 --- a/modules/nixos/services/caddy/default.nix +++ b/modules/nixos/services/caddy/default.nix @@ -84,8 +84,8 @@ let services.caddy = { enable = true; - # package = caddyPackage; - # environmentFile = config.sops.templates."caddy.env".path; + package = caddyPackage; + environmentFile = config.sops.templates."caddy.env".path; email = "jalle008@proton.me"; enableReload = false; dataDir = "${cfg.configDir}/caddy"; @@ -96,19 +96,26 @@ let default_bind 0.0.0.0 ''; # b710da1b0182eadcb1e569408de778f9f3c50 virtualHosts = { - "gitea.mjallen.dev" = { + "*.mjallen.dev" = { extraConfig = '' - reverse_proxy http://10.0.1.3:3000 - ''; - }; - "jellyfin.mjallen.dev" = { - extraConfig = '' - reverse_proxy http://10.0.1.3:8096 - ''; - }; - "hass.mjallen.dev" = { - extraConfig = '' - reverse_proxy http://10.0.1.4:8123 + tls { + dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN} + } + + @gitea host gitea.mjallen.dev + handle @gitea { + reverse_proxy http://10.0.1.3:3000 + } + + @jellyfin host jellyfin.mjallen.dev + handle @jellyfin { + reverse_proxy http://10.0.1.3:8096 + } + + @homeassistant host hass.mjallen.dev + handle @homeassistant { + reverse_proxy http://10.0.1.4:8123 + } ''; }; }; diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix index b575f7f..76d0501 100755 --- a/modules/nixos/services/traefik/default.nix +++ b/modules/nixos/services/traefik/default.nix @@ -67,19 +67,9 @@ let # Forward services authUrl = "http://${serverIp}:9000/outpost.goauthentik.io"; - authentikUrl = "http://${serverIp}:9000"; cacheUrl = "http://${serverIp}:9012"; - cloudUrl = "http:/10.0.1.3:9200"; - # cloudUrl = "http://${config.containers.nextcloud.localAddress}:80"; hassUrl = "http://10.0.1.4:8123"; - immichUrl = "http://${serverIp}:${toString config.services.immich.port}"; - jellyfinUrl = "http://${serverIp}:8096"; - jellyseerrUrl = "http://10.0.1.3:${toString config.services.jellyseerr.port}"; lubeloggerUrl = "http://${serverIp}:6754"; - # onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}"; - onlyofficeUrl = "http://10.0.1.3:9980"; - openWebUIUrl = "http://${serverIp}:8888"; - paperlessUrl = "http://${serverIp}:${toString config.services.paperless.port}"; # Plugins traefikPlugins = { @@ -267,17 +257,6 @@ in # }; http = { - - serversTransports = { - internal-https = { - insecureSkipVerify = true; - }; - attich1 = { - serverName = "localhost"; - disableHTTP2 = true; - }; - }; - middlewares = { authentik = { forwardAuth = { @@ -389,88 +368,18 @@ in url = authUrl; } ]; - - gitea.loadBalancer.servers = [ - { - url = "http://10.0.1.3:3000"; - } - ]; - - actual.loadBalancer.servers = [ - { - url = "http://10.0.1.3:3333"; - } - ]; - - matrix.loadBalancer.servers = [ - { - url = "http://10.0.1.3:8448"; - } - ]; - - authentik.loadBalancer.servers = [ - { - url = authentikUrl; - } - ]; cache.loadBalancer = { servers = [ { url = cacheUrl; } ]; - serversTransport = "attich1"; - }; - chat.loadBalancer.servers = [ - { - url = openWebUIUrl; - } - ]; - cloud.loadBalancer = { - servers = [ - { - url = cloudUrl; - } - ]; }; hass.loadBalancer.servers = [ { url = hassUrl; } ]; - immich.loadBalancer.servers = [ - { - url = immichUrl; - } - ]; - jellyfin.loadBalancer.servers = [ - { - url = jellyfinUrl; - } - ]; - jellyseerr.loadBalancer.servers = [ - { - url = jellyseerrUrl; - } - ]; - lubelogger.loadBalancer.servers = [ - { - url = lubeloggerUrl; - } - ]; - onlyoffice.loadBalancer = { - servers = [ - { - url = onlyofficeUrl; - } - ]; - passHostHeader = true; - }; - paperless.loadBalancer.servers = [ - { - url = paperlessUrl; - } - ]; } // extraServiceConfigs // reverseProxyServiceConfigs; @@ -488,49 +397,6 @@ in tls.certResolver = "letsencrypt"; }; - gitea = { - entryPoints = [ "websecure" ]; - rule = "Host(`gitea.${domain}`)"; - service = "gitea"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - - actual = { - entryPoints = [ "websecure" ]; - rule = "Host(`actual.${domain}`)"; - service = "actual"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - - matrix = { - entryPoints = [ "websecure" ]; - rule = "Host(`matrix.${domain}`)"; - service = "matrix"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - - authentik = { - entryPoints = [ "websecure" ]; - rule = "Host(`authentik.${domain}`)"; - service = "authentik"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; cache = { entryPoints = [ "websecure" ]; rule = "Host(`cache.${domain}`)"; @@ -539,16 +405,7 @@ in priority = 10; tls.certResolver = "letsencrypt"; }; - cloud = { - entryPoints = [ "websecure" ]; - rule = "Host(`cloud.${domain}`)"; - service = "cloud"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; + hass = { entryPoints = [ "websecure" ]; rule = "Host(`hass.${domain}`)"; @@ -561,58 +418,6 @@ in priority = 10; tls.certResolver = "letsencrypt"; }; - immich = { - entryPoints = [ "websecure" ]; - rule = "Host(`immich.${domain}`)"; - service = "immich"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - jellyfin = { - entryPoints = [ "websecure" ]; - rule = "Host(`jellyfin.${domain}`)"; - service = "jellyfin"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - jellyseerr = { - entryPoints = [ "websecure" ]; - rule = "Host(`jellyseerr.${domain}`)"; - service = "jellyseerr"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - lubelogger = { - entryPoints = [ "websecure" ]; - rule = "Host(`lubelogger.${domain}`)"; - service = "lubelogger"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - tls.certResolver = "letsencrypt"; - }; - onlyoffice = { - entryPoints = [ "websecure" ]; - rule = "Host(`office.${domain}`)"; - service = "onlyoffice"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - # "onlyoffice-headers" - "collabora-headers" - ]; - tls.certResolver = "letsencrypt"; - }; } // extraRouterConfigs // reverseProxyRouterConfigs; diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 8425e61..6b364ba 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -14,14 +14,7 @@ in enable = true; port = 3333; createUser = true; - reverseProxy = { - enable = true; - subdomain = "actual"; - middlewares = [ - "crowdsec" - "whitelist-geoblock" - ]; - }; + reverseProxy = enabled; }; ai = enabled; arrs = { @@ -38,6 +31,7 @@ in enable = false; configureDb = true; port = 9000; + reverseProxy = enabled; environmentFile = "/run/secrets/jallen-nas/authentik-env"; redis = { enable = true; @@ -49,6 +43,7 @@ in port = 4822; # environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO }; + caddy = disabled; calibre = { enable = false; port = 8084; @@ -88,6 +83,7 @@ in gitea = { enable = true; port = 3000; + reverseProxy = enabled; }; glance = { enable = true; @@ -106,19 +102,23 @@ in immich = { enable = true; port = 2283; + reverseProxy = enabled; }; jellyfin = { enable = true; port = 8096; + reverseProxy = enabled; }; jellyseerr = { enable = true; port = 5055; createUser = true; + reverseProxy = enabled; }; lubelogger = { enable = true; port = 6754; + reverseProxy = enabled; }; manyfold = { enable = true; @@ -127,7 +127,7 @@ in matrix = { enable = false; port = 8448; - reverseProxy.enable = false; + reverseProxy = enabled; }; minecraft = disabled; mongodb = disabled; @@ -143,10 +143,7 @@ in enable = true; port = 2586; createUser = true; - reverseProxy = { - enable = true; - subdomain = "ntfy"; - }; + reverseProxy = enabled; }; ocis = disabled; onlyoffice = { @@ -190,11 +187,6 @@ in serverPort = 8266; }; traefik = enabled; - - - caddy = disabled; - - unmanic = { enable = true; port = 8265; diff --git a/systems/x86_64-linux/jallen-nas/vpn.nix b/systems/x86_64-linux/jallen-nas/vpn.nix index d591020..3b62632 100644 --- a/systems/x86_64-linux/jallen-nas/vpn.nix +++ b/systems/x86_64-linux/jallen-nas/vpn.nix @@ -110,6 +110,7 @@ openvpn = { servers = { "us.protonvpn.udp" = lib.mkForce { + autoStart = false; authUserPass = config.sops.templates."protonvpn".path; updateResolvConf = lib.mkForce true; config = ''