Added caddyfile generation
This commit is contained in:
parent
bace54a43d
commit
f3bf8d650a
@ -147,7 +147,7 @@
|
||||
|
||||
# Deploy
|
||||
"deploy@p-th-rpi-01" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
pkgs = nixpkgs.legacyPackages.aarch64-linux;
|
||||
extraSpecialArgs = { inherit inputs outputs; };
|
||||
modules = [
|
||||
./hosts/p-th-rpi-01/home.nix
|
||||
|
||||
@ -4,6 +4,29 @@ with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.caddy;
|
||||
|
||||
generateRoutes = entries: lib.concatMapStrings (route: ''
|
||||
@${route.name} host ${route.host}
|
||||
handle @${route.name} {
|
||||
reverse_proxy ${route.url}
|
||||
}
|
||||
'') entries;
|
||||
|
||||
routesOption = lib.mkOption {
|
||||
type = types.listOf (types.submodule {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
url = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
in {
|
||||
options = {
|
||||
settings.containers.caddy.enable = lib.mkOption {
|
||||
@ -13,6 +36,9 @@ in {
|
||||
Enable caddy container
|
||||
'';
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs = routesOption;
|
||||
settings.containers.caddy.routes.tbmrs-local = routesOption;
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
@ -33,6 +59,49 @@ in {
|
||||
];
|
||||
};
|
||||
|
||||
settings.containers.caddy.routes.tbmrs = [
|
||||
{
|
||||
name = "kanidm";
|
||||
host = "auth";
|
||||
url = "https://auth.tbmrs.nl";
|
||||
}
|
||||
{
|
||||
name = "forgejo";
|
||||
host = "git";
|
||||
url = "forgejo:3000";
|
||||
}
|
||||
{
|
||||
name = "immich";
|
||||
host = "photos";
|
||||
url = "immich-server:2283";
|
||||
}
|
||||
{
|
||||
name = "homepage";
|
||||
host = "home";
|
||||
url = "homepage:3000";
|
||||
}
|
||||
{
|
||||
name = "uptime-kuma";
|
||||
host = "uptime";
|
||||
url = "uptime-kuma:3001";
|
||||
}
|
||||
{
|
||||
name = "pingvin-share";
|
||||
host = "share";
|
||||
url = "pingvin-share:3000";
|
||||
}
|
||||
{
|
||||
name = "dufs";
|
||||
host = "files";
|
||||
url = "dufs:5000";
|
||||
}
|
||||
{
|
||||
name = "stalwart";
|
||||
host = "mail";
|
||||
url = "stalwart:8000";
|
||||
}
|
||||
];
|
||||
|
||||
home.file."containers/caddy/Caddyfile".text = ''
|
||||
*.tbmrs.nl, tbmrs.nl {
|
||||
tls {
|
||||
@ -40,50 +109,7 @@ in {
|
||||
resolvers 1.1.1.1
|
||||
}
|
||||
|
||||
@root host tbmrs.nl
|
||||
handle @root {
|
||||
respond "Hello there"
|
||||
}
|
||||
|
||||
@kanidm host auth.tbmrs.nl
|
||||
handle @kanidm {
|
||||
reverse_proxy https://auth.tbmrs.nl
|
||||
}
|
||||
|
||||
@forgejo host git.tbmrs.nl
|
||||
handle @forgejo {
|
||||
reverse_proxy forgejo:3000
|
||||
}
|
||||
|
||||
@immich host photos.tbmrs.nl
|
||||
handle @immich {
|
||||
reverse_proxy immich-server:2283
|
||||
}
|
||||
|
||||
@homepage host home.tbmrs.nl
|
||||
handle @homepage {
|
||||
reverse_proxy homepage:3000
|
||||
}
|
||||
|
||||
@uptime-kuma host uptime.tbmrs.nl
|
||||
handle @uptime-kuma {
|
||||
reverse_proxy uptime-kuma:3001
|
||||
}
|
||||
|
||||
@pingvin-share host share.tbmrs.nl
|
||||
handle @pingvin-share {
|
||||
reverse_proxy pingvin-share:3000
|
||||
}
|
||||
|
||||
@dufs host files.tbmrs.nl
|
||||
handle @dufs {
|
||||
reverse_proxy dufs:5000
|
||||
}
|
||||
|
||||
@stalwart host mail.tbmrs.nl
|
||||
handle @stalwart {
|
||||
reverse_proxy stalwart:8080
|
||||
}
|
||||
${generateRoutes cfg.routes.tbmrs}
|
||||
}
|
||||
|
||||
*.local.tbmrs.nl {
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.settings.containers.nginx;
|
||||
cfg = config.settings.containers.network;
|
||||
in {
|
||||
options = {
|
||||
settings.containers.network.enable = lib.mkOption {
|
||||
@ -18,6 +18,7 @@ in {
|
||||
config = mkIf cfg.enable {
|
||||
services.podman.networks.proxy = {
|
||||
description = "Container network for the proxy";
|
||||
driver = "bridge";
|
||||
autoStart = true;
|
||||
};
|
||||
};
|
||||
|
||||
@ -19,7 +19,7 @@ in {
|
||||
settings.services.sops.enable = true;
|
||||
|
||||
services.podman.containers.wrbapp = {
|
||||
image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest";
|
||||
image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest-arm";
|
||||
network = "proxy";
|
||||
environmentFile = [
|
||||
"${config.sops.templates."container-wrbapp.env".path}"
|
||||
@ -27,17 +27,17 @@ in {
|
||||
};
|
||||
|
||||
services.podman.containers.hunshin = {
|
||||
image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest";
|
||||
image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest-arm";
|
||||
network = "proxy";
|
||||
};
|
||||
|
||||
services.podman.containers.bijlobke = {
|
||||
image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest";
|
||||
image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest-arm";
|
||||
network = "proxy";
|
||||
};
|
||||
|
||||
services.podman.containers.ardsite = {
|
||||
image = "gitea.xeovalyte.dev/ardsite/ardsite:latest";
|
||||
image = "gitea.xeovalyte.dev/ardsite/ardsite:latest-arm";
|
||||
network = "proxy";
|
||||
};
|
||||
|
||||
|
||||
@ -9,6 +9,10 @@ containers:
|
||||
karakeep:
|
||||
nextauth-secret: ENC[AES256_GCM,data:Izp5kO9dhD28mUzHOS4TqBINbbQ03spP865nrfUWbhqpx2dgW/rbExFZDXmgp1tX,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:gyzJA6dsKy6YWkE8r5JXqg==,type:str]
|
||||
meili-key: ENC[AES256_GCM,data:47t3gk/189dmtriOb37MT4XC2pwBdwr2n+22t3K7q8Hf6tX2iHaq6zg1EV6W51F/,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:v4acQvlJPK64l0yCVpBqCQ==,type:str]
|
||||
wrbapp:
|
||||
private-key-id: ENC[AES256_GCM,data:VEPNv774ZI+5IAM43BSKJr7LoGYquUpLTk3iE4xObSscDtr/pVTnZQ==,iv:HVZHRU3v/REhrb9DTsKLyfryROU2WkPzg6tM0wz8Myc=,tag:rfjNGz5B526nvLw4Pj8hQw==,type:str]
|
||||
private-key: ENC[AES256_GCM,data:vZIoRJH6bc/RBeZxr+g5mLWdBYWERetRHuoqntE5Ah1FnDmmShpSwBS8wYNaAEbq2FSDSe0RSbJ5OArmnhMnp8sm/VgVjY+AYm0IqRKkLCyf4sReCZ3duHcFnO9PjYULM2ABqAUofQqFqDD3BV44eFLeTudqY3fE8lCsDT0kdzKyyNVy3esQfbmTOTBcWVc54tI8hXcKsYGPMmzaxpnYqB9pc52KI7iOeSDoXxi7cjvHKPsYBLiK71oYi8T4JtwbR/uaT02kwY9cBNWThdaUpotYFO0D71pbLjQZ6gqEcWLSeUpUROwtmWoPPmR89cwUBuSbce9ovhsYlbqAE/AjwoJFUxuhZHa6wAdsjswR9wWXs9TZFsIzQVq6uGP3S80N1z2QPQnbT4Zha29V78iQXN8/Aq27/MjCtebgnVC9+mFY0zM4/5DpTT0D9HsNYixoUmDq5CIU1VS4JB2jgC5CublSCgs2ciXEwXTA/7nfctdIrE8g1UGPPw4wk34EAIvXz+tMdar3u+fQB9b+J6BuCW4TFVAUe9Nb6SHdIeLxgCDYbtGWSDY7laLNBSWrN0JY5t4ZMXlKVYHgGCdPcmJRrS4KE7LWjLrrVOzUiIslrBRYmNNrO5LJrpBQ8UDGUVVbGMH8UCFpPlytXskhjG5msioCOQ2ctVvoTrvvA1T7zVqaMZLdP1Lzxmw8brhHX34hu5q8z+lO/whrZxgqPbZ1WZrgoBGgAwp7+tn8Ddsq/8Ui8i8g89lny45ttjGHyroh2qlt3kBTJdU71Qg8JiiWgS6Wk0AbtkGO08SGJmMgJ5CtXo0zmq6pfrDmgursM5ItuVtvutZDyD+vz1BFdrli6ZNTAXVVq5bbCGUuKAM4AgHCJ1yS75l336xUxsIiTaLD9VDHd+XWetHXQWXk8xv9y02puiQAp+fJFISGn8TZya2CigW7OsibYSc3bFaZjm72pgfFhDm0a1q9AYTuF49PuLKi/McuJctuOc/iF6mbLnotIOF6Cc64/Iie1MCjX/IJzCZWlXJE8+0n8FTR9t+d1f4EBMxL8Z+h8pp4r8B3u+8ZKIUiCTmc+PZ0Mmr+acTOjY+X04RcrVcwQz49172NHwI3/C2we0ZUaZTjxTm253ikif/xcxYjxlCCP6WERR1rI0OMFr5RvA0+2RkzIBmHQtDlHNk11Tfauz7jyWkh4RfG9PYFr40khyNSD9vX4ePWTeIEQxMcdHLlRztLc3lbxiKumivHvLYlJmZ0eodp0/RpWv1l3VyVEsvqB04lKYzm42uJe6NkWTF0l+7XCWem7IchWWxrKW0P9UqLjrN3FAif2NVu6HjAtexMLp82yRUJFiLZufssm3QB91MAUebZOIW4fURrJOQpRj2xo3p7BSe+0nb4Hd00W187Q3HHbwZXK3yPaGX/wRD3cYFMku9AMWXgewHXwynkBITk1eEiZpwy7eyCBtxaScmglEbxtTEAs7PXLeUD7iQ0eM3MV4qRL3Nu/LRUTjpKZDXs22FpHbT3jUw24JgzB7jeJiYtEa/zIlDGvY3tPuhCruvJA+W8f8TWzTYVZoJjBhwCukD7l8APeiBNT58ulUPUz8Fn2lrUmujM3pXAJUSYknmUo4urBh/zQq5DCIbAWvvrU/OHHQDu547UTjguLMbqkAVF4nlb9RPdaBaUWLPsYDNHFGuHLuNvA5b6ymMa3oDuLZZVWT3FyGXQui4sNRQceKasEH3reSOMPvNUQ0af604rzlGrJlMX8QDq2GZR/Os+jdJwWahDlwincdEaRikAF6PD0vHlKGkcvm/E278ClSRQ2l2raF54B1EZ7NZ/+t5HaztTrx85xnt1l5hA/Gms9z58PBKi69oIv389KLxhviQWUo0PsEpeFx8KIk6h6FdjJwvzKaYpmjNwt4kxK8fI73rcjaDer+FhNYsUzluKmk4KNnWSMZPTEIHRnF9RrXPbw5x+nKrJrMx3tBswBAvif5xK5jlrnIsyo3f+bc3eXpioccxidCMMmKwSzcRj8u7N9Tevsvm2NmgCgawTLubisWkOE75jJuHexWDzU6jg/ArBczKXci0L5vCKC+Aq+U9q13Hgl5hbunlKq7jVPwemj6Ko7yEZ5ohw4UhLAKgSk1uN3XXQ2f7vQvo0zArEU567uWfGp6Jw3JHGL0AxjKCPvyFqd/AhqEFj1rS7XAx4yR1Ws8cDg9Y+tA/ils8FF4m9Th9xShLFNl3zphoU8z7OB+qrqzFirbKJ0uas1j7z/7962DGhg4QOicdPvNda,iv:rMdIIc6MszxdOGX5rPQNqNrK7RbleEbKhFVcx4oWUZk=,tag:ti7O+u8PYNj2eKF7+jUfWQ==,type:str]
|
||||
client-id: ENC[AES256_GCM,data:rVWPkR8RUhJL0vsUFNxBuqgfJBm4,iv:7WbzSt04QPcEf86eduT3R3K29tfVlQ6bWdBjSAHIf40=,tag:6OiHIR+7ncX4gMnH6ePj8w==,type:str]
|
||||
paperless-ngx:
|
||||
db-password: ENC[AES256_GCM,data:Trlr577CSZHBdaIya/UwAYGPq7Td+f7k7QeNWbpz41sIEEuBGtiOXaAi17292E2nhBCLMDsrugGVusugBo+Z7g==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:3LeYyRjgA/ZOIaFsrcEZGQ==,type:str]
|
||||
secret: ENC[AES256_GCM,data:eS/hG9A87fcop0Wey8HVLM8wwVQfzN9pmxhos9GkmtW0b9lsrjq/A2k2ngyJFNN+YKTqVIATD0VbQ28WvWRj1A==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:ZxHsyxJSfVVSaOTlDuByCw==,type:str]
|
||||
@ -37,8 +41,8 @@ sops:
|
||||
SzhxRnVPMHg0VzJzZWhYdGZndHVIL0UKgloohouQu5rN48hy5FvouHlZO1RoIG9W
|
||||
DlMH50012l4kcQ3ggP0BwuWRUq4FQ/bEpSBZoIOQriPmPQQp1qXOdA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-05-20T15:20:26Z"
|
||||
mac: ENC[AES256_GCM,data:CZoaWvIkxFL4U6DlZZRVPornDi6ikCwD7XH2Cyi38VA3bzz4m0tKHdn/Q1GbFiNtzm0DrKSKRL2GK6YrvALUElEnXn/EnFCai1Ka7N5RlfMZfMQLKvetcoFNxo7TEJr0STOaZFrYFrw9ZjKAEB0QT9xgeiu1l7O5DJFJHDLrBOs=,iv:D9Yu4NduErlKwIDqzTVCfZD82HlXMRnOlNyZ5lLmkvc=,tag:p/inbnjhkgAEKhziM/c8tg==,type:str]
|
||||
lastmodified: "2025-05-20T15:30:19Z"
|
||||
mac: ENC[AES256_GCM,data:LHel3MmVvQ/TwEYQePjCNRZxmipPyJtssltyAIjSqdxSN6s7Kp4rbnAWSM6D/k7fVtasCCmWcqlbnHBH+M06/dIGhhjjL7HRPBj0jKgDlct7FshHAI5m+ZjrWMyzKOlKUj+2Il1d7VCdMKvC10jXoylpiunaHksaQMvagWAXDFc=,iv:0y/VL/eUw7p+u/ifnzXbZIyEfZNTv0aV5w7A9FT9A4w=,tag:RLAPe1C3DXOHjhLWM8TfEA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user