mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

reverse proxy

Browse Source
This commit is contained in:
mjallen18
2026-03-17 14:05:50 -05:00
parent 436cc7ccc9
commit cf40c72e7e
4 changed files with 25 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
lib/module/default.nix
View File

@@ -50,15 +50,19 @@ rec {
defaultConfig = { defaultConfig = {
# Caddy reverse proxy: when reverseProxy.enable = true, contribute this # Caddy reverse proxy: when reverseProxy.enable = true, contribute this
# service's virtual host block to the Caddy config. The TLS wildcard # service's named-matcher block into the shared wildcard virtual host.
# cert is handled via a (cloudflare_tls) snippet defined in globalConfig. # The TLS block stays in the caddy module itself; all services merge
# services.caddy.virtualHosts.${fqdn} = lib.mkIf cfg.reverseProxy.enable { # their handle blocks into the same "*.${domain}" extraConfig via the
# extraConfig = '' # lines type (which concatenates automatically).
# import cloudflare_tls services.caddy.virtualHosts."*.${cfg.reverseProxy.domain}" = lib.mkIf cfg.reverseProxy.enable {
# reverse_proxy ${upstreamUrl} extraConfig = ''
# ${cfg.reverseProxy.extraCaddyConfig} @${name} host ${fqdn}
# ''; handle @${name} {
# }; reverse_proxy ${upstreamUrl}
${cfg.reverseProxy.extraCaddyConfig}
}
'';
};
# Open firewall # Open firewall
networking.firewall = lib.mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
@@ -112,11 +116,19 @@ rec {
# # "d ${cfg.configDir}/server-files 0775 ${name} ${name} - -" # # "d ${cfg.configDir}/server-files 0775 ${name} ${name} - -"
# # "d ${cfg.configDir}/user-files 0775 ${name} ${name} - -" # # "d ${cfg.configDir}/user-files 0775 ${name} ${name} - -"
# ]; # ];
} };
// moduleConfig;
in in
{ lib, ... }: { lib, ... }:
{ {
imports = [
# defaultConfig and moduleConfig are kept as separate inline modules so
# the NixOS module system handles all merging (mkIf, mkForce, mkMerge,
# etc.) correctly, rather than merging raw attrsets with // or
# recursiveUpdate which can silently clobber mkIf wrappers.
{ config = lib.mkIf cfg.enable defaultConfig; }
{ config = lib.mkIf cfg.enable moduleConfig; }
];
options.${namespace}.${domain}.${name} = lib.mkOption { options.${namespace}.${domain}.${name} = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {
options = { options = {
@@ -167,8 +179,6 @@ rec {
}; };
default = { }; default = { };
}; };
config = lib.mkIf cfg.enable defaultConfig;
}; };
# container # container

72
modules/nixos/services/caddy/default.nix
View File

@@ -42,78 +42,6 @@ let
tls { tls {
dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN} dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
} }
@authentik host authentik.mjallen.dev
handle @authentik {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.authentik.port}
}
@cache host cache.mjallen.dev
handle @cache {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.attic.port}
}
@cloud host cloud.mjallen.dev
handle @cloud {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.nextcloud.port} {
header_up Host {upstream_hostport}
}
header {
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
X-Robots-Tag "noindex, nofollow"
}
}
@gitea host gitea.mjallen.dev
handle @gitea {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.gitea.port}
}
@homeassistant host hass.mjallen.dev
handle @homeassistant {
reverse_proxy http://nuc-nixos.local:8123
}
@immich host immich.mjallen.dev
handle @immich {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.immich.port}
}
@jellyfin host jellyfin.mjallen.dev
handle @jellyfin {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.jellyfin.port}
}
@jellyseerr host jellyseerr.mjallen.dev
handle @jellyseerr {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.jellyseerr.port}
}
@lubelogger host lubelogger.mjallen.dev
handle @lubelogger {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.lubelogger.port}
}
@matrix host matrix.mjallen.dev
handle @matrix {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.matrix.port}
}
@ntfy host ntfy.mjallen.dev
handle @ntfy {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.ntfy.port}
}
@office host office.mjallen.dev
handle @office {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.collabora.port}
}
@termix host termix.mjallen.dev
handle @termix {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.termix.port}
}
''; '';
}; };
}; };

1
modules/nixos/services/tunarr/default.nix
View File

@@ -21,6 +21,7 @@ let
extraOptions = [ "--device=/dev/dri" ]; extraOptions = [ "--device=/dev/dri" ];
volumes = [ volumes = [
"${cfg.configDir}/tunarr:/config/tunarr" "${cfg.configDir}/tunarr:/config/tunarr"
"${cfg.configDir}/tunarr:/root/.local/share/tunarr"
"${cfg.dataDir}/movies:/libraries/movies" "${cfg.dataDir}/movies:/libraries/movies"
"${cfg.dataDir}/tv:/libraries/tv" "${cfg.dataDir}/tv:/libraries/tv"
"${cfg.configDir}/transcode:/transcode" "${cfg.configDir}/transcode:/transcode"

1
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -162,6 +162,7 @@ in
3001 3001
3333 3333
5201 # iperf 5201 # iperf
5432 # postgresql
8400 8400
9200 # elasticsearch / attic 9200 # elasticsearch / attic
9233 9233