mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix traefik stuff

Browse Source
This commit is contained in:
mjallen18
2026-02-04 20:02:32 -06:00
parent 1f99318fcd
commit 4d4808490b
4 changed files with 33 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
modules/nixos/services/caddy/default.nix
View File

@@ -84,8 +84,8 @@ let
services.caddy = { services.caddy = {
enable = true; enable = true;
# package = caddyPackage; package = caddyPackage;
# environmentFile = config.sops.templates."caddy.env".path; environmentFile = config.sops.templates."caddy.env".path;
email = "jalle008@proton.me"; email = "jalle008@proton.me";
enableReload = false; enableReload = false;
dataDir = "${cfg.configDir}/caddy"; dataDir = "${cfg.configDir}/caddy";
@@ -96,19 +96,26 @@ let
default_bind 0.0.0.0 default_bind 0.0.0.0
''; # b710da1b0182eadcb1e569408de778f9f3c50 ''; # b710da1b0182eadcb1e569408de778f9f3c50
virtualHosts = { virtualHosts = {
"gitea.mjallen.dev" = { "*.mjallen.dev" = {
extraConfig = '' extraConfig = ''
reverse_proxy http://10.0.1.3:3000 tls {
''; dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
}; }
"jellyfin.mjallen.dev" = {
extraConfig = '' @gitea host gitea.mjallen.dev
reverse_proxy http://10.0.1.3:8096 handle @gitea {
''; reverse_proxy http://10.0.1.3:3000
}; }
"hass.mjallen.dev" = {
extraConfig = '' @jellyfin host jellyfin.mjallen.dev
reverse_proxy http://10.0.1.4:8123 handle @jellyfin {
reverse_proxy http://10.0.1.3:8096
}
@homeassistant host hass.mjallen.dev
handle @homeassistant {
reverse_proxy http://10.0.1.4:8123
}
''; '';
}; };
}; };

197
modules/nixos/services/traefik/default.nix
View File

@@ -67,19 +67,9 @@ let
# Forward services # Forward services
authUrl = "http://${serverIp}:9000/outpost.goauthentik.io"; authUrl = "http://${serverIp}:9000/outpost.goauthentik.io";
authentikUrl = "http://${serverIp}:9000";
cacheUrl = "http://${serverIp}:9012"; cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http:/10.0.1.3:9200";
# cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
hassUrl = "http://10.0.1.4:8123"; hassUrl = "http://10.0.1.4:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://10.0.1.3:${toString config.services.jellyseerr.port}";
lubeloggerUrl = "http://${serverIp}:6754"; lubeloggerUrl = "http://${serverIp}:6754";
# onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}";
onlyofficeUrl = "http://10.0.1.3:9980";
openWebUIUrl = "http://${serverIp}:8888";
paperlessUrl = "http://${serverIp}:${toString config.services.paperless.port}";
# Plugins # Plugins
traefikPlugins = { traefikPlugins = {
@@ -267,17 +257,6 @@ in
# }; # };
http = { http = {
serversTransports = {
internal-https = {
insecureSkipVerify = true;
};
attich1 = {
serverName = "localhost";
disableHTTP2 = true;
};
};
middlewares = { middlewares = {
authentik = { authentik = {
forwardAuth = { forwardAuth = {
@@ -389,88 +368,18 @@ in
url = authUrl; url = authUrl;
} }
]; ];
gitea.loadBalancer.servers = [
{
url = "http://10.0.1.3:3000";
}
];
actual.loadBalancer.servers = [
{
url = "http://10.0.1.3:3333";
}
];
matrix.loadBalancer.servers = [
{
url = "http://10.0.1.3:8448";
}
];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
}
];
cache.loadBalancer = { cache.loadBalancer = {
servers = [ servers = [
{ {
url = cacheUrl; url = cacheUrl;
} }
]; ];
serversTransport = "attich1";
};
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
cloud.loadBalancer = {
servers = [
{
url = cloudUrl;
}
];
}; };
hass.loadBalancer.servers = [ hass.loadBalancer.servers = [
{ {
url = hassUrl; url = hassUrl;
} }
]; ];
immich.loadBalancer.servers = [
{
url = immichUrl;
}
];
jellyfin.loadBalancer.servers = [
{
url = jellyfinUrl;
}
];
jellyseerr.loadBalancer.servers = [
{
url = jellyseerrUrl;
}
];
lubelogger.loadBalancer.servers = [
{
url = lubeloggerUrl;
}
];
onlyoffice.loadBalancer = {
servers = [
{
url = onlyofficeUrl;
}
];
passHostHeader = true;
};
paperless.loadBalancer.servers = [
{
url = paperlessUrl;
}
];
} }
// extraServiceConfigs // extraServiceConfigs
// reverseProxyServiceConfigs; // reverseProxyServiceConfigs;
@@ -488,49 +397,6 @@ in
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
matrix = {
entryPoints = [ "websecure" ];
rule = "Host(`matrix.${domain}`)";
service = "matrix";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
cache = { cache = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)"; rule = "Host(`cache.${domain}`)";
@@ -539,16 +405,7 @@ in
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
cloud = {
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";
@@ -561,58 +418,6 @@ in
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
immich = {
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [
"crowdsec"
"whitelist-geoblock"
# "onlyoffice-headers"
"collabora-headers"
];
tls.certResolver = "letsencrypt";
};
} }
// extraRouterConfigs // extraRouterConfigs
// reverseProxyRouterConfigs; // reverseProxyRouterConfigs;

28
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -14,14 +14,7 @@ in
enable = true; enable = true;
port = 3333; port = 3333;
createUser = true; createUser = true;
reverseProxy = { reverseProxy = enabled;
enable = true;
subdomain = "actual";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
}; };
ai = enabled; ai = enabled;
arrs = { arrs = {
@@ -38,6 +31,7 @@ in
enable = false; enable = false;
configureDb = true; configureDb = true;
port = 9000; port = 9000;
reverseProxy = enabled;
environmentFile = "/run/secrets/jallen-nas/authentik-env"; environmentFile = "/run/secrets/jallen-nas/authentik-env";
redis = { redis = {
enable = true; enable = true;
@@ -49,6 +43,7 @@ in
port = 4822; port = 4822;
# environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO # environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO
}; };
caddy = disabled;
calibre = { calibre = {
enable = false; enable = false;
port = 8084; port = 8084;
@@ -88,6 +83,7 @@ in
gitea = { gitea = {
enable = true; enable = true;
port = 3000; port = 3000;
reverseProxy = enabled;
}; };
glance = { glance = {
enable = true; enable = true;
@@ -106,19 +102,23 @@ in
immich = { immich = {
enable = true; enable = true;
port = 2283; port = 2283;
reverseProxy = enabled;
}; };
jellyfin = { jellyfin = {
enable = true; enable = true;
port = 8096; port = 8096;
reverseProxy = enabled;
}; };
jellyseerr = { jellyseerr = {
enable = true; enable = true;
port = 5055; port = 5055;
createUser = true; createUser = true;
reverseProxy = enabled;
}; };
lubelogger = { lubelogger = {
enable = true; enable = true;
port = 6754; port = 6754;
reverseProxy = enabled;
}; };
manyfold = { manyfold = {
enable = true; enable = true;
@@ -127,7 +127,7 @@ in
matrix = { matrix = {
enable = false; enable = false;
port = 8448; port = 8448;
reverseProxy.enable = false; reverseProxy = enabled;
}; };
minecraft = disabled; minecraft = disabled;
mongodb = disabled; mongodb = disabled;
@@ -143,10 +143,7 @@ in
enable = true; enable = true;
port = 2586; port = 2586;
createUser = true; createUser = true;
reverseProxy = { reverseProxy = enabled;
enable = true;
subdomain = "ntfy";
};
}; };
ocis = disabled; ocis = disabled;
onlyoffice = { onlyoffice = {
@@ -190,11 +187,6 @@ in
serverPort = 8266; serverPort = 8266;
}; };
traefik = enabled; traefik = enabled;
caddy = disabled;
unmanic = { unmanic = {
enable = true; enable = true;
port = 8265; port = 8265;

1
systems/x86_64-linux/jallen-nas/vpn.nix
View File

@@ -110,6 +110,7 @@
openvpn = { openvpn = {
servers = { servers = {
"us.protonvpn.udp" = lib.mkForce { "us.protonvpn.udp" = lib.mkForce {
autoStart = false;
authUserPass = config.sops.templates."protonvpn".path; authUserPass = config.sops.templates."protonvpn".path;
updateResolvConf = lib.mkForce true; updateResolvConf = lib.mkForce true;
config = '' config = ''