mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

proxy testing

Browse Source
This commit is contained in:
mjallen18
2025-09-09 21:03:08 -05:00
parent f58006cf8a
commit fc4096d5d9
2 changed files with 99 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
modules/nixos/services/actual/default.nix
View File

@@ -13,32 +13,7 @@ let
actualUserId = config.users.users.nix-apps.uid;
actualGroupId = config.users.groups.jallen-nas.gid;
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "actual";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
};
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.actual = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = cfg.localAddress;
bindMounts = {
${dataDir} = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
};
config =
actualConfig =
{ lib, ... }:
{
services.actual = {
@@ -104,40 +79,36 @@ in
services.resolved.enable = true;
system.stateVersion = "23.11";
};
bindMounts = {
${dataDir} = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
};
# services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
# services.actual.loadBalancer.servers = [
# {
# url = "http://${cfg.localAddress}:${toString cfg.port}";
# }
# ];
# routers.actual = {
# entryPoints = [ "websecure" ];
# rule = "Host(`${cfg.reverseProxy.host}`)";
# service = "actual";
# middlewares = cfg.reverseProxy.middlewares;
# tls.certResolver = "letsencrypt";
# };
# };
# Create reverse proxy configuration using mkReverseProxy
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
name = "actual";
subdomain = cfg.reverseProxy.subdomain;
url = "http://${cfg.localAddress}:${toString cfg.port}";
middlewares = cfg.reverseProxy.middlewares;
};
actualContainer = (lib.${namespace}.mkContainer {
name = "actual";
localAddress = cfg.localAddress;
port = cfg.port;
bindMounts = bindMounts;
config = actualConfig;
}) { inherit lib; };
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
${namespace}.services.traefik = lib.mkIf cfg.reverseProxy.enable {
reverseProxies = [ reverseProxyConfig ];
};
networking = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.port}";
sourcePort = cfg.port;
}
];
};
firewall = {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
};
};
} // actualContainer;
}

30
modules/nixos/services/traefik/default.nix
View File

@@ -295,11 +295,11 @@ in
}
];
actual.loadBalancer.servers = [
{
url = actualUrl;
}
];
# actual.loadBalancer.servers = [
# {
# url = actualUrl;
# }
# ];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
@@ -375,16 +375,16 @@ in
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
# actual = {
# entryPoints = [ "websecure" ];
# rule = "Host(`actual.${domain}`)";
# service = "actual";
# middlewares = [
# "crowdsec"
# "whitelist-geoblock"
# ];
# tls.certResolver = "letsencrypt";
# };
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";