change domain

2025-04-21 21:31:29 +02:00 · 2025-04-21 21:31:29 +02:00 · 44f2ab69ba
commit 44f2ab69ba
parent d442e69f2f
11 changed files with 89 additions and 34 deletions
--- a/sys/machines/hopper/lab/acme.nix
+++ b/sys/machines/hopper/lab/acme.nix
@ -1,14 +1,23 @@
-{config, ...}: {
+{
+  config,
+  vars,
+  ...
+}: let
+  inherit (vars.common) domain;
+in {
  security.acme = {
    acceptTerms = true;
    defaults.email = "xunuwu@gmail.com";
    certs = {
-      "xunuwu.xyz" = {
-        domain = "*.xunuwu.xyz";
-        dnsProvider = "cloudflare";
+      "${domain}" = {
+        domain = "${domain}";
+        extraDomainNames = ["*.${domain}"];
+        dnsProvider = "porkbun";
        reloadServices = ["caddy.service"];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
-        extraDomainNames = ["xunuwu.xyz"];
+        credentialFiles = {
+          PORKBUN_API_KEY_FILE = config.sops.secrets.porkbun_api_key.path;
+          PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets.porkbun_secret_key.path;
+        };
      };
    };
  };
--- a/sys/machines/hopper/lab/caddy.nix
+++ b/sys/machines/hopper/lab/caddy.nix
@ -1,5 +1,9 @@
-{config, ...}: let
-  domain = "xunuwu.xyz";
+{
+  config,
+  vars,
+  ...
+}: let
+  inherit (vars.common) domain;
  caddyPort = 8336;
 in {
  systemd.services.caddy.vpnConfinement = {
@ -7,8 +11,14 @@ in {
    vpnNamespace = "wg";
  };

+  systemd.services.caddy = {
+    environment.CADDY_ADMIN = "0.0.0.0:2019";
+    serviceConfig.RuntimeDirectory = "caddy";
+  };
+
  services.caddy = {
    enable = true;
+    globalConfig = "metrics";
    virtualHosts = {
      jellyfin = {
        useACMEHost = domain;
--- a/sys/machines/hopper/lab/homepage.nix
+++ b/sys/machines/hopper/lab/homepage.nix
@ -1,4 +1,10 @@
-{config, ...}: {
+{
+  config,
+  vars,
+  ...
+}: let
+  inherit (vars.common) domain;
+in {
  systemd.services.homepage-dashboard.vpnConfinement = {
    enable = true;
    vpnNamespace = "wg";
@ -42,13 +48,13 @@
        "Services" = [
          {
            "jellyfin" = {
-              href = "https://jellyfin.xunuwu.xyz";
+              href = "https://jellyfin.${domain}";
              icon = "jellyfin";
            };
          }
          {
            "navidrome" = {
-              href = "https://navidrome.xunuwu.xyz";
+              href = "https://navidrome.${domain}";
              icon = "navidrome";
            };
          }
@ -66,7 +72,7 @@
          }
          {
            "vaultwarden" = {
-              href = "https://vw.xunuwu.xyz";
+              href = "https://vw.${domain}";
              icon = "vaultwarden";
            };
          }
--- a/sys/machines/hopper/lab/navidrome.nix
+++ b/sys/machines/hopper/lab/navidrome.nix
@ -8,7 +8,6 @@
      EnableSharing = true;
    };
  };
-  systemd.services.navidrome.unitConfig.After = ["caddy.service"];
  systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path;

  services.restic.backups.hopper = {
--- a/sys/machines/hopper/lab/prometheus.nix
+++ b/sys/machines/hopper/lab/prometheus.nix
@ -20,6 +20,12 @@
          targets = ["100.100.100.100"];
        };
      }
+      {
+        job_name = "caddy";
+        static_configs = lib.singleton {
+          targets = ["192.168.15.1:2019"];
+        };
+      }
    ];
  };

--- a/sys/machines/hopper/lab/vpn-namespace.nix
+++ b/sys/machines/hopper/lab/vpn-namespace.nix
@ -37,6 +37,7 @@
        8336 # caddy
        80 # caddy
        443 # caddy
+        2019 # caddy admin, for prometheus metrics
        1900 # jellyfin discovery
        7359 # jellyfin discovery
      ];