diff --git a/flake.nix b/flake.nix index 78dcf7d..073dcf4 100644 --- a/flake.nix +++ b/flake.nix @@ -147,7 +147,7 @@ # Deploy "deploy@p-th-rpi-01" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; + pkgs = nixpkgs.legacyPackages.aarch64-linux; extraSpecialArgs = { inherit inputs outputs; }; modules = [ ./hosts/p-th-rpi-01/home.nix diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix index 48774f7..6a0570b 100644 --- a/modules/home/containers/caddy.nix +++ b/modules/home/containers/caddy.nix @@ -4,6 +4,29 @@ with lib; let cfg = config.settings.containers.caddy; + + generateRoutes = entries: lib.concatMapStrings (route: '' + @${route.name} host ${route.host} + handle @${route.name} { + reverse_proxy ${route.url} + } + '') entries; + + routesOption = lib.mkOption { + type = types.listOf (types.submodule { + options = { + name = mkOption { + type = types.str; + }; + url = mkOption { + type = types.str; + }; + host = mkOption { + type = types.str; + }; + }; + }); + }; in { options = { settings.containers.caddy.enable = lib.mkOption { @@ -13,6 +36,9 @@ in { Enable caddy container ''; }; + + settings.containers.caddy.routes.tbmrs = routesOption; + settings.containers.caddy.routes.tbmrs-local = routesOption; }; config = mkIf cfg.enable { @@ -33,6 +59,49 @@ in { ]; }; + settings.containers.caddy.routes.tbmrs = [ + { + name = "kanidm"; + host = "auth"; + url = "https://auth.tbmrs.nl"; + } + { + name = "forgejo"; + host = "git"; + url = "forgejo:3000"; + } + { + name = "immich"; + host = "photos"; + url = "immich-server:2283"; + } + { + name = "homepage"; + host = "home"; + url = "homepage:3000"; + } + { + name = "uptime-kuma"; + host = "uptime"; + url = "uptime-kuma:3001"; + } + { + name = "pingvin-share"; + host = "share"; + url = "pingvin-share:3000"; + } + { + name = "dufs"; + host = "files"; + url = "dufs:5000"; + } + { + name = "stalwart"; + host = "mail"; + url = "stalwart:8000"; + } + ]; + home.file."containers/caddy/Caddyfile".text = '' *.tbmrs.nl, tbmrs.nl { tls { @@ -40,50 +109,7 @@ in { resolvers 1.1.1.1 } - @root host tbmrs.nl - handle @root { - respond "Hello there" - } - - @kanidm host auth.tbmrs.nl - handle @kanidm { - reverse_proxy https://auth.tbmrs.nl - } - - @forgejo host git.tbmrs.nl - handle @forgejo { - reverse_proxy forgejo:3000 - } - - @immich host photos.tbmrs.nl - handle @immich { - reverse_proxy immich-server:2283 - } - - @homepage host home.tbmrs.nl - handle @homepage { - reverse_proxy homepage:3000 - } - - @uptime-kuma host uptime.tbmrs.nl - handle @uptime-kuma { - reverse_proxy uptime-kuma:3001 - } - - @pingvin-share host share.tbmrs.nl - handle @pingvin-share { - reverse_proxy pingvin-share:3000 - } - - @dufs host files.tbmrs.nl - handle @dufs { - reverse_proxy dufs:5000 - } - - @stalwart host mail.tbmrs.nl - handle @stalwart { - reverse_proxy stalwart:8080 - } + ${generateRoutes cfg.routes.tbmrs} } *.local.tbmrs.nl { diff --git a/modules/home/containers/network.nix b/modules/home/containers/network.nix index b26d751..914ef58 100644 --- a/modules/home/containers/network.nix +++ b/modules/home/containers/network.nix @@ -3,7 +3,7 @@ with lib; let - cfg = config.settings.containers.nginx; + cfg = config.settings.containers.network; in { options = { settings.containers.network.enable = lib.mkOption { @@ -18,6 +18,7 @@ in { config = mkIf cfg.enable { services.podman.networks.proxy = { description = "Container network for the proxy"; + driver = "bridge"; autoStart = true; }; }; diff --git a/modules/home/containers/static.nix b/modules/home/containers/static.nix index b02f5a0..c1700b2 100644 --- a/modules/home/containers/static.nix +++ b/modules/home/containers/static.nix @@ -19,7 +19,7 @@ in { settings.services.sops.enable = true; services.podman.containers.wrbapp = { - image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest"; + image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest-arm"; network = "proxy"; environmentFile = [ "${config.sops.templates."container-wrbapp.env".path}" @@ -27,17 +27,17 @@ in { }; services.podman.containers.hunshin = { - image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest"; + image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest-arm"; network = "proxy"; }; services.podman.containers.bijlobke = { - image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest"; + image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest-arm"; network = "proxy"; }; services.podman.containers.ardsite = { - image = "gitea.xeovalyte.dev/ardsite/ardsite:latest"; + image = "gitea.xeovalyte.dev/ardsite/ardsite:latest-arm"; network = "proxy"; }; diff --git a/secrets/deploy.yaml b/secrets/deploy.yaml index bd08155..932c38c 100644 --- a/secrets/deploy.yaml +++ b/secrets/deploy.yaml @@ -9,6 +9,10 @@ containers: karakeep: nextauth-secret: ENC[AES256_GCM,data:Izp5kO9dhD28mUzHOS4TqBINbbQ03spP865nrfUWbhqpx2dgW/rbExFZDXmgp1tX,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:gyzJA6dsKy6YWkE8r5JXqg==,type:str] meili-key: ENC[AES256_GCM,data:47t3gk/189dmtriOb37MT4XC2pwBdwr2n+22t3K7q8Hf6tX2iHaq6zg1EV6W51F/,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:v4acQvlJPK64l0yCVpBqCQ==,type:str] + wrbapp: + private-key-id: ENC[AES256_GCM,data:VEPNv774ZI+5IAM43BSKJr7LoGYquUpLTk3iE4xObSscDtr/pVTnZQ==,iv:HVZHRU3v/REhrb9DTsKLyfryROU2WkPzg6tM0wz8Myc=,tag:rfjNGz5B526nvLw4Pj8hQw==,type:str] + private-key: ENC[AES256_GCM,data:vZIoRJH6bc/RBeZxr+g5mLWdBYWERetRHuoqntE5Ah1FnDmmShpSwBS8wYNaAEbq2FSDSe0RSbJ5OArmnhMnp8sm/VgVjY+AYm0IqRKkLCyf4sReCZ3duHcFnO9PjYULM2ABqAUofQqFqDD3BV44eFLeTudqY3fE8lCsDT0kdzKyyNVy3esQfbmTOTBcWVc54tI8hXcKsYGPMmzaxpnYqB9pc52KI7iOeSDoXxi7cjvHKPsYBLiK71oYi8T4JtwbR/uaT02kwY9cBNWThdaUpotYFO0D71pbLjQZ6gqEcWLSeUpUROwtmWoPPmR89cwUBuSbce9ovhsYlbqAE/AjwoJFUxuhZHa6wAdsjswR9wWXs9TZFsIzQVq6uGP3S80N1z2QPQnbT4Zha29V78iQXN8/Aq27/MjCtebgnVC9+mFY0zM4/5DpTT0D9HsNYixoUmDq5CIU1VS4JB2jgC5CublSCgs2ciXEwXTA/7nfctdIrE8g1UGPPw4wk34EAIvXz+tMdar3u+fQB9b+J6BuCW4TFVAUe9Nb6SHdIeLxgCDYbtGWSDY7laLNBSWrN0JY5t4ZMXlKVYHgGCdPcmJRrS4KE7LWjLrrVOzUiIslrBRYmNNrO5LJrpBQ8UDGUVVbGMH8UCFpPlytXskhjG5msioCOQ2ctVvoTrvvA1T7zVqaMZLdP1Lzxmw8brhHX34hu5q8z+lO/whrZxgqPbZ1WZrgoBGgAwp7+tn8Ddsq/8Ui8i8g89lny45ttjGHyroh2qlt3kBTJdU71Qg8JiiWgS6Wk0AbtkGO08SGJmMgJ5CtXo0zmq6pfrDmgursM5ItuVtvutZDyD+vz1BFdrli6ZNTAXVVq5bbCGUuKAM4AgHCJ1yS75l336xUxsIiTaLD9VDHd+XWetHXQWXk8xv9y02puiQAp+fJFISGn8TZya2CigW7OsibYSc3bFaZjm72pgfFhDm0a1q9AYTuF49PuLKi/McuJctuOc/iF6mbLnotIOF6Cc64/Iie1MCjX/IJzCZWlXJE8+0n8FTR9t+d1f4EBMxL8Z+h8pp4r8B3u+8ZKIUiCTmc+PZ0Mmr+acTOjY+X04RcrVcwQz49172NHwI3/C2we0ZUaZTjxTm253ikif/xcxYjxlCCP6WERR1rI0OMFr5RvA0+2RkzIBmHQtDlHNk11Tfauz7jyWkh4RfG9PYFr40khyNSD9vX4ePWTeIEQxMcdHLlRztLc3lbxiKumivHvLYlJmZ0eodp0/RpWv1l3VyVEsvqB04lKYzm42uJe6NkWTF0l+7XCWem7IchWWxrKW0P9UqLjrN3FAif2NVu6HjAtexMLp82yRUJFiLZufssm3QB91MAUebZOIW4fURrJOQpRj2xo3p7BSe+0nb4Hd00W187Q3HHbwZXK3yPaGX/wRD3cYFMku9AMWXgewHXwynkBITk1eEiZpwy7eyCBtxaScmglEbxtTEAs7PXLeUD7iQ0eM3MV4qRL3Nu/LRUTjpKZDXs22FpHbT3jUw24JgzB7jeJiYtEa/zIlDGvY3tPuhCruvJA+W8f8TWzTYVZoJjBhwCukD7l8APeiBNT58ulUPUz8Fn2lrUmujM3pXAJUSYknmUo4urBh/zQq5DCIbAWvvrU/OHHQDu547UTjguLMbqkAVF4nlb9RPdaBaUWLPsYDNHFGuHLuNvA5b6ymMa3oDuLZZVWT3FyGXQui4sNRQceKasEH3reSOMPvNUQ0af604rzlGrJlMX8QDq2GZR/Os+jdJwWahDlwincdEaRikAF6PD0vHlKGkcvm/E278ClSRQ2l2raF54B1EZ7NZ/+t5HaztTrx85xnt1l5hA/Gms9z58PBKi69oIv389KLxhviQWUo0PsEpeFx8KIk6h6FdjJwvzKaYpmjNwt4kxK8fI73rcjaDer+FhNYsUzluKmk4KNnWSMZPTEIHRnF9RrXPbw5x+nKrJrMx3tBswBAvif5xK5jlrnIsyo3f+bc3eXpioccxidCMMmKwSzcRj8u7N9Tevsvm2NmgCgawTLubisWkOE75jJuHexWDzU6jg/ArBczKXci0L5vCKC+Aq+U9q13Hgl5hbunlKq7jVPwemj6Ko7yEZ5ohw4UhLAKgSk1uN3XXQ2f7vQvo0zArEU567uWfGp6Jw3JHGL0AxjKCPvyFqd/AhqEFj1rS7XAx4yR1Ws8cDg9Y+tA/ils8FF4m9Th9xShLFNl3zphoU8z7OB+qrqzFirbKJ0uas1j7z/7962DGhg4QOicdPvNda,iv:rMdIIc6MszxdOGX5rPQNqNrK7RbleEbKhFVcx4oWUZk=,tag:ti7O+u8PYNj2eKF7+jUfWQ==,type:str] + client-id: ENC[AES256_GCM,data:rVWPkR8RUhJL0vsUFNxBuqgfJBm4,iv:7WbzSt04QPcEf86eduT3R3K29tfVlQ6bWdBjSAHIf40=,tag:6OiHIR+7ncX4gMnH6ePj8w==,type:str] paperless-ngx: db-password: ENC[AES256_GCM,data:Trlr577CSZHBdaIya/UwAYGPq7Td+f7k7QeNWbpz41sIEEuBGtiOXaAi17292E2nhBCLMDsrugGVusugBo+Z7g==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:3LeYyRjgA/ZOIaFsrcEZGQ==,type:str] secret: ENC[AES256_GCM,data:eS/hG9A87fcop0Wey8HVLM8wwVQfzN9pmxhos9GkmtW0b9lsrjq/A2k2ngyJFNN+YKTqVIATD0VbQ28WvWRj1A==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:ZxHsyxJSfVVSaOTlDuByCw==,type:str] @@ -37,8 +41,8 @@ sops: SzhxRnVPMHg0VzJzZWhYdGZndHVIL0UKgloohouQu5rN48hy5FvouHlZO1RoIG9W DlMH50012l4kcQ3ggP0BwuWRUq4FQ/bEpSBZoIOQriPmPQQp1qXOdA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-20T15:20:26Z" - mac: ENC[AES256_GCM,data:CZoaWvIkxFL4U6DlZZRVPornDi6ikCwD7XH2Cyi38VA3bzz4m0tKHdn/Q1GbFiNtzm0DrKSKRL2GK6YrvALUElEnXn/EnFCai1Ka7N5RlfMZfMQLKvetcoFNxo7TEJr0STOaZFrYFrw9ZjKAEB0QT9xgeiu1l7O5DJFJHDLrBOs=,iv:D9Yu4NduErlKwIDqzTVCfZD82HlXMRnOlNyZ5lLmkvc=,tag:p/inbnjhkgAEKhziM/c8tg==,type:str] + lastmodified: "2025-05-20T15:30:19Z" + mac: ENC[AES256_GCM,data:LHel3MmVvQ/TwEYQePjCNRZxmipPyJtssltyAIjSqdxSN6s7Kp4rbnAWSM6D/k7fVtasCCmWcqlbnHBH+M06/dIGhhjjL7HRPBj0jKgDlct7FshHAI5m+ZjrWMyzKOlKUj+2Il1d7VCdMKvC10jXoylpiunaHksaQMvagWAXDFc=,iv:0y/VL/eUw7p+u/ifnzXbZIyEfZNTv0aV5w7A9FT9A4w=,tag:RLAPe1C3DXOHjhLWM8TfEA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4