mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

proxy testing

Browse Source
This commit is contained in:
mjallen18
2025-09-09 21:03:08 -05:00
parent f58006cf8a
commit fc4096d5d9
2 changed files with 99 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
modules/nixos/services/actual/default.nix
View File

@@ -13,32 +13,7 @@ let
actualUserId = config.users.users.nix-apps.uid; actualUserId = config.users.users.nix-apps.uid;
actualGroupId = config.users.groups.jallen-nas.gid; actualGroupId = config.users.groups.jallen-nas.gid;
# Create reverse proxy configuration using mkReverseProxy actualConfig =
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "actual";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
};
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.actual = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = cfg.localAddress;
bindMounts = {
${dataDir} = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
};
config =
{ lib, ... }: { lib, ... }:
{ {
services.actual = { services.actual = {
@@ -104,40 +79,36 @@ in
services.resolved.enable = true; services.resolved.enable = true;
system.stateVersion = "23.11"; system.stateVersion = "23.11";
}; };
bindMounts = {
${dataDir} = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
}; };
# services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable { # Create reverse proxy configuration using mkReverseProxy
# services.actual.loadBalancer.servers = [ reverseProxyConfig = lib.${namespace}.mkReverseProxy {
# { name = "actual";
# url = "http://${cfg.localAddress}:${toString cfg.port}"; subdomain = cfg.reverseProxy.subdomain;
# } url = "http://${cfg.localAddress}:${toString cfg.port}";
# ]; middlewares = cfg.reverseProxy.middlewares;
# routers.actual = { };
# entryPoints = [ "websecure" ];
# rule = "Host(`${cfg.reverseProxy.host}`)";
# service = "actual";
# middlewares = cfg.reverseProxy.middlewares;
# tls.certResolver = "letsencrypt";
# };
# };
actualContainer = (lib.${namespace}.mkContainer {
name = "actual";
localAddress = cfg.localAddress;
port = cfg.port;
bindMounts = bindMounts;
config = actualConfig;
}) { inherit lib; };
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable { ${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ]; reverseProxies = [ reverseProxyConfig ];
}; };
} // actualContainer;
networking = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.port}";
sourcePort = cfg.port;
}
];
};
firewall = {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
};
};
} }

30
modules/nixos/services/traefik/default.nix
View File

@@ -295,11 +295,11 @@ in
} }
]; ];
actual.loadBalancer.servers = [ # actual.loadBalancer.servers = [
{ # {
url = actualUrl; # url = actualUrl;
} # }
]; # ];
authentik.loadBalancer.servers = [ authentik.loadBalancer.servers = [
{ {
url = authentikUrl; url = authentikUrl;
@@ -375,16 +375,16 @@ in
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
actual = { # actual = {
entryPoints = [ "websecure" ]; # entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)"; # rule = "Host(`actual.${domain}`)";
service = "actual"; # service = "actual";
middlewares = [ # middlewares = [
"crowdsec" # "crowdsec"
"whitelist-geoblock" # "whitelist-geoblock"
]; # ];
tls.certResolver = "letsencrypt"; # tls.certResolver = "letsencrypt";
}; # };
authentik = { authentik = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)"; rule = "Host(`authentik.${domain}`)";