Added caddyfile generation

2025-05-22 08:01:31 +02:00 · 2025-05-22 08:01:31 +02:00 · f3bf8d650a
commit f3bf8d650a
parent bace54a43d
5 changed files with 83 additions and 52 deletions
--- a/flake.nix
+++ b/flake.nix
@ -147,7 +147,7 @@
      # Deploy
      "deploy@p-th-rpi-01" = home-manager.lib.homeManagerConfiguration {
-        pkgs = nixpkgs.legacyPackages.x86_64-linux;
+        pkgs = nixpkgs.legacyPackages.aarch64-linux;
        extraSpecialArgs = { inherit inputs outputs; };
        modules = [
          ./hosts/p-th-rpi-01/home.nix
--- a/modules/home/containers/caddy.nix
+++ b/modules/home/containers/caddy.nix
@ -4,6 +4,29 @@ with lib;
 let
  cfg = config.settings.containers.caddy;
  generateRoutes = entries: lib.concatMapStrings (route: ''
    @${route.name} host ${route.host}
    handle @${route.name} {
      reverse_proxy ${route.url}
    }
  '') entries;
  routesOption = lib.mkOption {
    type = types.listOf (types.submodule {
      options = {
        name = mkOption {
          type = types.str;
        };
        url = mkOption {
          type = types.str;
        };
        host = mkOption {
          type = types.str;
        };
      };
    });
  };
 in {
  options = {
    settings.containers.caddy.enable = lib.mkOption {
@ -13,6 +36,9 @@ in {
        Enable caddy container
      '';
    };
    settings.containers.caddy.routes.tbmrs = routesOption;
    settings.containers.caddy.routes.tbmrs-local = routesOption;
  };
  config = mkIf cfg.enable {
@ -33,6 +59,49 @@ in {
      ];
    };
    settings.containers.caddy.routes.tbmrs = [
      {
        name = "kanidm";
        host = "auth";
        url = "https://auth.tbmrs.nl";
      }
      {
        name = "forgejo";
        host = "git";
        url = "forgejo:3000";
      }
      {
        name = "immich";
        host = "photos";
        url = "immich-server:2283";
      }
      {
        name = "homepage";
        host = "home";
        url = "homepage:3000";
      }
      {
        name = "uptime-kuma";
        host = "uptime";
        url = "uptime-kuma:3001";
      }
      {
        name = "pingvin-share";
        host = "share";
        url = "pingvin-share:3000";
      }
      {
        name = "dufs";
        host = "files";
        url = "dufs:5000";
      }
      {
        name = "stalwart";
        host = "mail";
        url = "stalwart:8000";
      }
    ];
    home.file."containers/caddy/Caddyfile".text = ''
      *.tbmrs.nl, tbmrs.nl {
        tls {
@ -40,50 +109,7 @@ in {
          resolvers 1.1.1.1
        }
-        @root host tbmrs.nl
+        ${generateRoutes cfg.routes.tbmrs}
        handle @root {
          respond "Hello there"
        }
        @kanidm host auth.tbmrs.nl
        handle @kanidm {
          reverse_proxy https://auth.tbmrs.nl
        }
        @forgejo host git.tbmrs.nl
        handle @forgejo {
          reverse_proxy forgejo:3000
        }
        @immich host photos.tbmrs.nl
        handle @immich {
          reverse_proxy immich-server:2283
        }
        @homepage host home.tbmrs.nl
        handle @homepage {
          reverse_proxy homepage:3000
        }
        @uptime-kuma host uptime.tbmrs.nl
        handle @uptime-kuma {
          reverse_proxy uptime-kuma:3001
        }
        @pingvin-share host share.tbmrs.nl
        handle @pingvin-share {
          reverse_proxy pingvin-share:3000
        }
        @dufs host files.tbmrs.nl
        handle @dufs {
          reverse_proxy dufs:5000
        }
        @stalwart host mail.tbmrs.nl
        handle @stalwart {
          reverse_proxy stalwart:8080
        }
      }
      *.local.tbmrs.nl {
--- a/modules/home/containers/network.nix
+++ b/modules/home/containers/network.nix
@ -3,7 +3,7 @@
 with lib;
 let
-  cfg = config.settings.containers.nginx;
+  cfg = config.settings.containers.network;
 in {
  options = {
    settings.containers.network.enable = lib.mkOption {
@ -18,6 +18,7 @@ in {
  config = mkIf cfg.enable {
    services.podman.networks.proxy = {
      description = "Container network for the proxy";
      driver = "bridge";
      autoStart = true;
    };
  };
--- a/modules/home/containers/static.nix
+++ b/modules/home/containers/static.nix
@ -19,7 +19,7 @@ in {
    settings.services.sops.enable = true;
    services.podman.containers.wrbapp = {
-      image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest";
+      image = "gitea.xeovalyte.dev/xeovalyte/wrbapp:latest-arm";
      network = "proxy";
      environmentFile = [
        "${config.sops.templates."container-wrbapp.env".path}"
@ -27,17 +27,17 @@ in {
    };
    services.podman.containers.hunshin = {
-      image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest";
+      image = "gitea.xeovalyte.dev/xeovalyte/hunshin:latest-arm";
      network = "proxy";
    };
    services.podman.containers.bijlobke = {
-      image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest";
+      image = "gitea.xeovalyte.dev/xeovalyte/bijlobke:latest-arm";
      network = "proxy";
    };
    services.podman.containers.ardsite = {
-      image = "gitea.xeovalyte.dev/ardsite/ardsite:latest";
+      image = "gitea.xeovalyte.dev/ardsite/ardsite:latest-arm";
      network = "proxy";
    };
--- a/secrets/deploy.yaml
+++ b/secrets/deploy.yaml
@ -9,6 +9,10 @@ containers:
    karakeep:
        nextauth-secret: ENC[AES256_GCM,data:Izp5kO9dhD28mUzHOS4TqBINbbQ03spP865nrfUWbhqpx2dgW/rbExFZDXmgp1tX,iv:98su3bR8jMLr1jF5XBiNePMZ7qz4pMDQ6B4i8rMxIQQ=,tag:gyzJA6dsKy6YWkE8r5JXqg==,type:str]
        meili-key: ENC[AES256_GCM,data:47t3gk/189dmtriOb37MT4XC2pwBdwr2n+22t3K7q8Hf6tX2iHaq6zg1EV6W51F/,iv:OjAmWJWmGtIsSeIFWNlqT8hv8H8LLz+WQtvlvyu9Lx0=,tag:v4acQvlJPK64l0yCVpBqCQ==,type:str]
    wrbapp:
        private-key-id: ENC[AES256_GCM,data:VEPNv774ZI+5IAM43BSKJr7LoGYquUpLTk3iE4xObSscDtr/pVTnZQ==,iv:HVZHRU3v/REhrb9DTsKLyfryROU2WkPzg6tM0wz8Myc=,tag:rfjNGz5B526nvLw4Pj8hQw==,type:str]
        private-key: ENC[AES256_GCM,data:vZIoRJH6bc/RBeZxr+g5mLWdBYWERetRHuoqntE5Ah1FnDmmShpSwBS8wYNaAEbq2FSDSe0RSbJ5OArmnhMnp8sm/VgVjY+AYm0IqRKkLCyf4sReCZ3duHcFnO9PjYULM2ABqAUofQqFqDD3BV44eFLeTudqY3fE8lCsDT0kdzKyyNVy3esQfbmTOTBcWVc54tI8hXcKsYGPMmzaxpnYqB9pc52KI7iOeSDoXxi7cjvHKPsYBLiK71oYi8T4JtwbR/uaT02kwY9cBNWThdaUpotYFO0D71pbLjQZ6gqEcWLSeUpUROwtmWoPPmR89cwUBuSbce9ovhsYlbqAE/AjwoJFUxuhZHa6wAdsjswR9wWXs9TZFsIzQVq6uGP3S80N1z2QPQnbT4Zha29V78iQXN8/Aq27/MjCtebgnVC9+mFY0zM4/5DpTT0D9HsNYixoUmDq5CIU1VS4JB2jgC5CublSCgs2ciXEwXTA/7nfctdIrE8g1UGPPw4wk34EAIvXz+tMdar3u+fQB9b+J6BuCW4TFVAUe9Nb6SHdIeLxgCDYbtGWSDY7laLNBSWrN0JY5t4ZMXlKVYHgGCdPcmJRrS4KE7LWjLrrVOzUiIslrBRYmNNrO5LJrpBQ8UDGUVVbGMH8UCFpPlytXskhjG5msioCOQ2ctVvoTrvvA1T7zVqaMZLdP1Lzxmw8brhHX34hu5q8z+lO/whrZxgqPbZ1WZrgoBGgAwp7+tn8Ddsq/8Ui8i8g89lny45ttjGHyroh2qlt3kBTJdU71Qg8JiiWgS6Wk0AbtkGO08SGJmMgJ5CtXo0zmq6pfrDmgursM5ItuVtvutZDyD+vz1BFdrli6ZNTAXVVq5bbCGUuKAM4AgHCJ1yS75l336xUxsIiTaLD9VDHd+XWetHXQWXk8xv9y02puiQAp+fJFISGn8TZya2CigW7OsibYSc3bFaZjm72pgfFhDm0a1q9AYTuF49PuLKi/McuJctuOc/iF6mbLnotIOF6Cc64/Iie1MCjX/IJzCZWlXJE8+0n8FTR9t+d1f4EBMxL8Z+h8pp4r8B3u+8ZKIUiCTmc+PZ0Mmr+acTOjY+X04RcrVcwQz49172NHwI3/C2we0ZUaZTjxTm253ikif/xcxYjxlCCP6WERR1rI0OMFr5RvA0+2RkzIBmHQtDlHNk11Tfauz7jyWkh4RfG9PYFr40khyNSD9vX4ePWTeIEQxMcdHLlRztLc3lbxiKumivHvLYlJmZ0eodp0/RpWv1l3VyVEsvqB04lKYzm42uJe6NkWTF0l+7XCWem7IchWWxrKW0P9UqLjrN3FAif2NVu6HjAtexMLp82yRUJFiLZufssm3QB91MAUebZOIW4fURrJOQpRj2xo3p7BSe+0nb4Hd00W187Q3HHbwZXK3yPaGX/wRD3cYFMku9AMWXgewHXwynkBITk1eEiZpwy7eyCBtxaScmglEbxtTEAs7PXLeUD7iQ0eM3MV4qRL3Nu/LRUTjpKZDXs22FpHbT3jUw24JgzB7jeJiYtEa/zIlDGvY3tPuhCruvJA+W8f8TWzTYVZoJjBhwCukD7l8APeiBNT58ulUPUz8Fn2lrUmujM3pXAJUSYknmUo4urBh/zQq5DCIbAWvvrU/OHHQDu547UTjguLMbqkAVF4nlb9RPdaBaUWLPsYDNHFGuHLuNvA5b6ymMa3oDuLZZVWT3FyGXQui4sNRQceKasEH3reSOMPvNUQ0af604rzlGrJlMX8QDq2GZR/Os+jdJwWahDlwincdEaRikAF6PD0vHlKGkcvm/E278ClSRQ2l2raF54B1EZ7NZ/+t5HaztTrx85xnt1l5hA/Gms9z58PBKi69oIv389KLxhviQWUo0PsEpeFx8KIk6h6FdjJwvzKaYpmjNwt4kxK8fI73rcjaDer+FhNYsUzluKmk4KNnWSMZPTEIHRnF9RrXPbw5x+nKrJrMx3tBswBAvif5xK5jlrnIsyo3f+bc3eXpioccxidCMMmKwSzcRj8u7N9Tevsvm2NmgCgawTLubisWkOE75jJuHexWDzU6jg/ArBczKXci0L5vCKC+Aq+U9q13Hgl5hbunlKq7jVPwemj6Ko7yEZ5ohw4UhLAKgSk1uN3XXQ2f7vQvo0zArEU567uWfGp6Jw3JHGL0AxjKCPvyFqd/AhqEFj1rS7XAx4yR1Ws8cDg9Y+tA/ils8FF4m9Th9xShLFNl3zphoU8z7OB+qrqzFirbKJ0uas1j7z/7962DGhg4QOicdPvNda,iv:rMdIIc6MszxdOGX5rPQNqNrK7RbleEbKhFVcx4oWUZk=,tag:ti7O+u8PYNj2eKF7+jUfWQ==,type:str]
        client-id: ENC[AES256_GCM,data:rVWPkR8RUhJL0vsUFNxBuqgfJBm4,iv:7WbzSt04QPcEf86eduT3R3K29tfVlQ6bWdBjSAHIf40=,tag:6OiHIR+7ncX4gMnH6ePj8w==,type:str]
    paperless-ngx:
        db-password: ENC[AES256_GCM,data:Trlr577CSZHBdaIya/UwAYGPq7Td+f7k7QeNWbpz41sIEEuBGtiOXaAi17292E2nhBCLMDsrugGVusugBo+Z7g==,iv:tDIRfThBOfHr+gGRqywlHAk/x4MkhHRFsJEp5nnlGPA=,tag:3LeYyRjgA/ZOIaFsrcEZGQ==,type:str]
        secret: ENC[AES256_GCM,data:eS/hG9A87fcop0Wey8HVLM8wwVQfzN9pmxhos9GkmtW0b9lsrjq/A2k2ngyJFNN+YKTqVIATD0VbQ28WvWRj1A==,iv:zzhFaoLnskspp1S291KABLZITgcof63cjShnsZrlAmw=,tag:ZxHsyxJSfVVSaOTlDuByCw==,type:str]
@ -37,8 +41,8 @@ sops:
            SzhxRnVPMHg0VzJzZWhYdGZndHVIL0UKgloohouQu5rN48hy5FvouHlZO1RoIG9W
            DlMH50012l4kcQ3ggP0BwuWRUq4FQ/bEpSBZoIOQriPmPQQp1qXOdA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-20T15:20:26Z"
+    lastmodified: "2025-05-20T15:30:19Z"
-    mac: ENC[AES256_GCM,data:CZoaWvIkxFL4U6DlZZRVPornDi6ikCwD7XH2Cyi38VA3bzz4m0tKHdn/Q1GbFiNtzm0DrKSKRL2GK6YrvALUElEnXn/EnFCai1Ka7N5RlfMZfMQLKvetcoFNxo7TEJr0STOaZFrYFrw9ZjKAEB0QT9xgeiu1l7O5DJFJHDLrBOs=,iv:D9Yu4NduErlKwIDqzTVCfZD82HlXMRnOlNyZ5lLmkvc=,tag:p/inbnjhkgAEKhziM/c8tg==,type:str]
+    mac: ENC[AES256_GCM,data:LHel3MmVvQ/TwEYQePjCNRZxmipPyJtssltyAIjSqdxSN6s7Kp4rbnAWSM6D/k7fVtasCCmWcqlbnHBH+M06/dIGhhjjL7HRPBj0jKgDlct7FshHAI5m+ZjrWMyzKOlKUj+2Il1d7VCdMKvC10jXoylpiunaHksaQMvagWAXDFc=,iv:0y/VL/eUw7p+u/ifnzXbZIyEfZNTv0aV5w7A9FT9A4w=,tag:RLAPe1C3DXOHjhLWM8TfEA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.4