xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

make caddy work through new vps/vpn

Browse source
This commit is contained in:
xunuwu 2025-06-01 22:13:07 +02:00
parent 04eb8b5ff6
commit 323d53b591
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
4 changed files with 12 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

18
sys/machines/hopper/lab/caddy.nix
View file

@ -6,7 +6,6 @@
... ...
}: let }: let
inherit (vars) domain; inherit (vars) domain;
caddyPort = 8336;
bridge = config.vpnNamespaces."wg".bridgeAddress; bridge = config.vpnNamespaces."wg".bridgeAddress;
in { in {
systemd.services.caddy.vpnConfinement = { systemd.services.caddy.vpnConfinement = {
@ -29,11 +28,9 @@ in {
''; '';
mkPublicEntry = name: destination: { mkPublicEntry = name: destination: {
useACMEHost = domain; useACMEHost = domain;
hostName = "${name}.${domain}:${toString caddyPort}"; hostName = "${name}.${domain}";
extraConfig = '' extraConfig = ''
${blockNonCloudflare}
reverse_proxy { reverse_proxy {
header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
to ${destination} to ${destination}
} }
''; '';
@ -56,9 +53,8 @@ in {
base = { base = {
useACMEHost = domain; useACMEHost = domain;
hostName = "${domain}:${toString caddyPort}"; hostName = "${domain}";
extraConfig = '' extraConfig = ''
${blockNonCloudflare}
root * ${inputs.own-website.packages.${pkgs.system}.default} root * ${inputs.own-website.packages.${pkgs.system}.default}
file_server file_server
''; '';
@ -66,15 +62,7 @@ in {
other = { other = {
useACMEHost = domain; useACMEHost = domain;
hostName = ":${toString caddyPort}"; hostName = "*.${domain}";
extraConfig = ''
respond 404 {
body "uhh that doesnt exist, i hope this isnt my fault.."
}
'';
};
otherPriv = {
hostName = ":80";
extraConfig = '' extraConfig = ''
respond 404 { respond 404 {
body "uhh that doesnt exist, i hope this isnt my fault.." body "uhh that doesnt exist, i hope this isnt my fault.."

8
sys/machines/hopper/lab/vaultwarden.nix
View file

@ -1,8 +1,4 @@
{ {config, ...}: {
config,
mylib,
...
}: {
systemd.services.vaultwarden = { systemd.services.vaultwarden = {
serviceConfig.EnvironmentFile = config.sops.secrets.vaultwarden-env.path; serviceConfig.EnvironmentFile = config.sops.secrets.vaultwarden-env.path;
}; };
@ -10,7 +6,7 @@
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
config = { config = {
DOMAIN = mylib.stripPort "https://${config.services.caddy.virtualHosts.vaultwarden.hostName}"; DOMAIN = "https://${config.services.caddy.virtualHosts.vaultwarden.hostName}";
ROCKET_ADDRESS = "0.0.0.0"; ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 35381; ROCKET_PORT = 35381;
ROCKET_LOG = "critical"; ROCKET_LOG = "critical";

7
sys/machines/hopper/lab/vpn-namespace.nix
View file

@ -34,9 +34,14 @@
# Forwarded to my vpn, for making things accessible from outside # Forwarded to my vpn, for making things accessible from outside
openVPNPorts = [ openVPNPorts = [
{ {
port = 8336; port = 443; # caddy
protocol = "tcp"; protocol = "tcp";
} }
{
port = 80; # caddy
protocol = "tcp";
}
{ {
port = 24001; # slskd port = 24001; # slskd
protocol = "both"; protocol = "both";

2
sys/machines/rackserv/wireguard-server.nix
View file

@ -7,7 +7,7 @@
networking.firewall = let networking.firewall = let
forwardPorts = { forwardPorts = {
"10.0.0.2" = "10.0.0.2" =
[24001 24002 24003] [24001 24002 24003 443 80]
|> map (n: { |> map (n: {
protocols = ["tcp"]; protocols = ["tcp"];
port = n; port = n;