pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

random test

Browse source
This commit is contained in:
= 2025-01-19 15:11:59 +01:00
parent 03def204c7
commit 700bca41c3
8 changed files with 254 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/caddy/default.nix
View file

@ -25,6 +25,10 @@ in
owner = config.services.caddy.user; owner = config.services.caddy.user;
group = config.services.caddy.group; group = config.services.caddy.group;
}; };
ddclient = {
file = ../../secrets/ddclient.age;
mode = "400";
};
}; };
my = { my = {
@ -40,7 +44,7 @@ in
settings = import ./dashy-settings.nix; settings = import ./dashy-settings.nix;
proxy = { proxy = {
enable = true; enable = true;
domain = tsDomain; domain = publicDomain;
host = "caddy.internal"; host = "caddy.internal";
}; };
}; };
@ -110,6 +114,7 @@ in
caddy = { caddy = {
enable = true; enable = true;
configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
domainsList = [ domainsList = [
{ {
domain = tsDomain; domain = tsDomain;
@ -122,6 +127,17 @@ in
cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path; cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
} }
]; ];
dynamicdnsDomains = [
{
domain = publicDomain;
cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN";
}
];
};
ddclient = {
enable = false;
configFile = config.age.secrets.ddclient.path;
}; };
}; };

106
modules/networking/caddy.nix
View file

@ -28,29 +28,27 @@ in
]; ];
}; };
# claudflareApiKeyFile = lib.mkOption { dynamicdnsDomains = lib.mkOption {
# default = ""; type = lib.types.listOf (lib.types.attrsOf lib.types.str);
# type = lib.types.str; description = ''
# description = '' A list of domains to update with the dynamicdns plugin.
# Cloudflare API key file '';
# ''; default = [
# }; {
domain = "example.com";
cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN_MY_DOMAIN";
}
];
};
# domain = lib.mkOption { configEnvFile = lib.mkOption {
# default = "example.com"; type = lib.types.path;
# type = lib.types.str; description = ''
# description = '' Path to the environment file that contains the secrets like Cloudflare API key.
# The domain where Caddy is reachable In order to use the dynamicdns plugin, you need to set "cloudflareApiEnvName" for each domain in the dynamicdnsDomains list.
# ''; '';
# }; default = "";
};
# email = lib.mkOption {
# default = "user@domain.com";
# type = lib.types.str;
# description = ''
# Email for Certbot
# '';
# };
}; };
@ -79,26 +77,46 @@ in
}) cfg.domainsList }) cfg.domainsList
); );
# certs."${cfg.domain}" = {
# group = config.services.caddy.group;
# domain = "${cfg.domain}";
# extraDomainNames = [ "*.${cfg.domain}" ];
# dnsProvider = "cloudflare";
# dnsResolver = "1.1.1.1:53";
# dnsPropagationCheck = true;
# environmentFile = cfg.claudflareApiKeyFile;
# };
}; };
services.caddy = { services.caddy = {
enable = true; enable = true;
globalConfig = ''
admin :2024 # Waiting for https://github.com/NixOS/nixpkgs/issues/14671 to be released
servers { package = pkgs.callPackage ../../packages/caddy.nix {
metrics externalPlugins = [
} {
''; name = "cloudflare";
repo = "github.com/caddy-dns/cloudflare";
version = "master";
}
{
name = "dynamicdns";
repo = "github.com/mholt/caddy-dynamicdns";
version = "7c818ab3fc3485a72a346f85c77810725f19f9cf";
}
];
vendorHash = "sha256-AWKokxGG2iCouhet5cPiKTuL9g9RQihkBRReU1nw9jc=";
};
globalConfig =
''
admin :2024
servers {
metrics
}
''
+ lib.concatStringsSep "\n" (
map (dynamicdnsDomain: ''
dynamic_dns {
provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}}
domains {
${dynamicdnsDomain.domain} @
}
dynamic_domains
}
'') cfg.dynamicdnsDomains
);
extraConfig = lib.concatStringsSep "\n" ( extraConfig = lib.concatStringsSep "\n" (
map ( map (
@ -116,21 +134,11 @@ in
) cfg.domainsList ) cfg.domainsList
); );
# extraConfig =
# let
# certPath = config.security.acme.certs."${cfg.domain}".directory;
# in
# ''
# (cloudflare) {
# tls ${certPath}/cert.pem ${certPath}/key.pem {
# protocols tls1.3
# }
# }
# '';
}; };
systemd.services.caddy.serviceConfig = { systemd.services.caddy.serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
EnvironmentFile = cfg.configEnvFile;
}; };
# By default, the module create a custom user but it lacks permission to read caddy files # By default, the module create a custom user but it lacks permission to read caddy files

27
modules/networking/ddclient.nix Normal file
View file

@ -0,0 +1,27 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.my.networking.ddclient;
in
{
options.my.networking.ddclient = {
enable = lib.mkEnableOption "Enable DDClient dynamic DNS client";
configFile = lib.mkOption {
type = lib.types.path;
default = "/etc/ddclient/ddclient.conf";
description = "Path to the ddclient configuration file (use agenix path)";
};
};
config = lib.mkIf cfg.enable {
services.ddclient = {
enable = true;
configFile = cfg.configFile;
};
};
}

1
modules/networking/default.nix
View file

@ -2,6 +2,7 @@
imports = [ imports = [
./avahi.nix ./avahi.nix
./caddy.nix ./caddy.nix
./ddclient.nix
./nas-samba-share.nix ./nas-samba-share.nix
./tailscale.nix ./tailscale.nix
]; ];

5
modules/services/nextcloud.nix
View file

@ -74,7 +74,10 @@ in
overwriteProtocol = "https"; overwriteProtocol = "https";
defaultPhoneRegion = "IT"; defaultPhoneRegion = "IT";
trusted_proxies = [ "192.168.1.150" ]; trusted_proxies = [ "192.168.1.150" ];
trusted_domains = [ "cloud.${cfg.proxy.domain}" ]; trusted_domains = [
"cloud.${cfg.proxy.domain}"
"nextcloud.internal"
];
maintenance_window_start = 1; maintenance_window_start = 1;
enabledPreviewProviders = [ enabledPreviewProviders = [
"OC\\Preview\\BMP" "OC\\Preview\\BMP"

133
packages/caddy.nix Normal file
View file

@ -0,0 +1,133 @@
{
lib,
buildGoModule,
fetchFromGitHub,
gnused,
nixosTests,
caddy,
testers,
installShellFiles,
externalPlugins ? [ ],
vendorHash ? "sha256-G7danupoc7BRyJJWzzyRP6CSOShA+oCLcUWMCnrLF2c=",
}:
let
attrsToModules =
attrs:
builtins.map (
{
name,
repo,
version,
}:
"${repo}"
) attrs;
attrsToSources =
attrs:
builtins.map (
{
name,
repo,
version,
}:
"${repo}@${version}"
) attrs;
in
buildGoModule rec {
pname = "caddy";
version = "2.8.4";
dist = fetchFromGitHub {
owner = "caddyserver";
repo = "dist";
rev = "v${version}";
hash = "sha256-O4s7PhSUTXoNEIi+zYASx8AgClMC5rs7se863G6w+l0=";
};
src = fetchFromGitHub {
owner = "caddyserver";
repo = "caddy";
rev = "v${version}";
hash = "sha256-th0R3Q1nGT0q5PGOygtD1/CpJmrT5TYagrwQR4t/Fvg=";
};
inherit vendorHash;
subPackages = [ "cmd/caddy" ];
ldflags = [
"-s"
"-w"
"-X github.com/caddyserver/caddy/v2.CustomVersion=${version}"
];
nativeBuildInputs = [
gnused
installShellFiles
];
modBuildPhase = ''
export GOPROXY=https://proxy.golang.org,direct
for module in ${builtins.toString (attrsToModules externalPlugins)}; do
sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
done
for plugin in ${builtins.toString (attrsToSources externalPlugins)}; do
go get $plugin
done
go mod tidy
go mod vendor
'';
modInstallPhase = ''
mv -t vendor go.mod go.sum
cp -r --reflink=auto vendor "$out"
'';
preBuild = ''
export GOPROXY=https://proxy.golang.org,direct
chmod -R u+w vendor
[ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum}
go mod tidy
go mod vendor
for module in ${builtins.toString (attrsToModules externalPlugins)}; do
sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
done
'';
postInstall = ''
install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system
substituteInPlace $out/lib/systemd/system/caddy.service --replace "/usr/bin/caddy" "$out/bin/caddy"
substituteInPlace $out/lib/systemd/system/caddy-api.service --replace "/usr/bin/caddy" "$out/bin/caddy"
$out/bin/caddy manpage --directory manpages
installManPage manpages/*
installShellCompletion --cmd caddy \
--bash <($out/bin/caddy completion bash) \
--fish <($out/bin/caddy completion fish) \
--zsh <($out/bin/caddy completion zsh)
'';
passthru.tests = {
inherit (nixosTests) caddy;
version = testers.testVersion {
command = "${caddy}/bin/caddy version";
package = caddy;
};
};
meta = with lib; {
homepage = "https://caddyserver.com";
description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS";
license = licenses.asl20;
mainProgram = "caddy";
maintainers = with maintainers; [
Br1ght0ne
emilylange
techknowlogick
];
};
}

1
secrets.nix
View file

@ -5,6 +5,7 @@ let
tailscale-authKey = keys.tailscale-machine; tailscale-authKey = keys.tailscale-machine;
cloudflare-tegola-apiKey = [ machines.caddy ]; cloudflare-tegola-apiKey = [ machines.caddy ];
cloudflare-pasetto-apiKey = [ machines.caddy ]; cloudflare-pasetto-apiKey = [ machines.caddy ];
ddclient = [ machines.caddy ];
prowlarr-apiKey = [ machines.metrics ]; prowlarr-apiKey = [ machines.metrics ];
radarr-apiKey = [ machines.metrics ]; radarr-apiKey = [ machines.metrics ];
sonarr-apiKey = [ machines.metrics ]; sonarr-apiKey = [ machines.metrics ];

14
secrets/ddclient.age Normal file
View file

@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 BFt3Fg V592tfQs3NGe0RTfuhHMYS6+U+gG2RDlDVnGss74NwE
C6Y9G/1IH+sAvwhk1KqwEndk9FJsryACHxqIxuxZDSc
-> ssh-ed25519 Si3UKw h4D16GDdK9FdxGShnAdLGPg/goYI1KxY/fv2fR3+ZEw
gPrMQMbUVuxUo1Hepfp5v1VelbSq3Ifn1qevbRpyDzw
-> ssh-ed25519 3UG3uw c+M+7Kd543yfm3NepTB8E+bFTDDjnaTpewVWOHpA+G4
Fd5347c5T6sUPh9FcI8CfUAFuN9lDb3ECxSnY2dTOjM
-> ssh-ed25519 JEhtoQ NFc9817/+yC8kDjVK4pqe1GjVpR//ir1AEOYRdw7JQg
0kuRWYoYQdjMrFfZNwbv84drvhbO87cKR9qGS40Jziw
-> ssh-ed25519 uqg2jw VOVdPXHOr3mlj6G/0FDxhs9vsebyryGBBM8vnZnV5S0
fXJzimWwQsnfghP1qlKJsC7r7TKR8m1mS420v3H8btg
--- 0M9C1phUBuVyf75w2BKBmiQ77z+I6Jzgv1uoozOpAPI
Œ—GÀ7Æ­^Ø42.kì´ ®?£ÿožf¨¸MG{÷Â<>q<EFBFBD>ÂäŸöAÎ}ŽÂjk+ç1½|šËI 9<"вü{¨ƒaÀ$Yª¶­õœbhîùäç6‰öшo<68>
b¥D°Šâ¥­wKÑG¢÷ã•Õ¬ê˜¥åoä€!¤¥X|ö°Ÿ<C2B0>°ÄéÇ”‰zæM=Fø(0´ùú7u<75>9ñ5ªþ® ÂiÙÚhq/ø<>¢ªw” ƒÕ P]i1ñX»W5kÛÁº*L«™ vµ*üãB