xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

change domain

Browse source
This commit is contained in:
xunuwu 2025-04-21 21:31:29 +02:00
parent d442e69f2f
commit 44f2ab69ba
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
11 changed files with 89 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

21
sys/machines/hopper/lab/acme.nix
View file

@ -1,14 +1,23 @@
{config, ...}: {
{
config,
vars,
...
}: let
inherit (vars.common) domain;
in {
security.acme = {
acceptTerms = true;
defaults.email = "xunuwu@gmail.com";
certs = {
"xunuwu.xyz" = {
domain = "*.xunuwu.xyz";
dnsProvider = "cloudflare";
"${domain}" = {
domain = "${domain}";
extraDomainNames = ["*.${domain}"];
dnsProvider = "porkbun";
reloadServices = ["caddy.service"];
credentialFiles.CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
extraDomainNames = ["xunuwu.xyz"];
credentialFiles = {
PORKBUN_API_KEY_FILE = config.sops.secrets.porkbun_api_key.path;
PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets.porkbun_secret_key.path;
};
};
};
};

14
sys/machines/hopper/lab/caddy.nix
View file

@ -1,5 +1,9 @@
{config, ...}: let
domain = "xunuwu.xyz";
{
config,
vars,
...
}: let
inherit (vars.common) domain;
caddyPort = 8336;
in {
systemd.services.caddy.vpnConfinement = {
@ -7,8 +11,14 @@ in {
vpnNamespace = "wg";
};
systemd.services.caddy = {
environment.CADDY_ADMIN = "0.0.0.0:2019";
serviceConfig.RuntimeDirectory = "caddy";
};
services.caddy = {
enable = true;
globalConfig = "metrics";
virtualHosts = {
jellyfin = {
useACMEHost = domain;

14
sys/machines/hopper/lab/homepage.nix
View file

@ -1,4 +1,10 @@
{config, ...}: {
{
config,
vars,
...
}: let
inherit (vars.common) domain;
in {
systemd.services.homepage-dashboard.vpnConfinement = {
enable = true;
vpnNamespace = "wg";
@ -42,13 +48,13 @@
"Services" = [
{
"jellyfin" = {
href = "https://jellyfin.xunuwu.xyz";
href = "https://jellyfin.${domain}";
icon = "jellyfin";
};
}
{
"navidrome" = {
href = "https://navidrome.xunuwu.xyz";
href = "https://navidrome.${domain}";
icon = "navidrome";
};
}
@ -66,7 +72,7 @@
}
{
"vaultwarden" = {
href = "https://vw.xunuwu.xyz";
href = "https://vw.${domain}";
icon = "vaultwarden";
};
}

1
sys/machines/hopper/lab/navidrome.nix
View file

@ -8,7 +8,6 @@
EnableSharing = true;
};
};
systemd.services.navidrome.unitConfig.After = ["caddy.service"];
systemd.services.navidrome.serviceConfig.EnvironmentFile = config.sops.secrets.navidrome.path;
services.restic.backups.hopper = {

6
sys/machines/hopper/lab/prometheus.nix
View file

@ -20,6 +20,12 @@
targets = ["100.100.100.100"];
};
}
{
job_name = "caddy";
static_configs = lib.singleton {
targets = ["192.168.15.1:2019"];
};
}
];
};

1
sys/machines/hopper/lab/vpn-namespace.nix
View file

@ -37,6 +37,7 @@
8336 # caddy
80 # caddy
443 # caddy
2019 # caddy admin, for prometheus metrics
1900 # jellyfin discovery
7359 # jellyfin discovery
];