pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Build Caddy with cloudflare as overlay

Browse source
This commit is contained in:
pazpi 2024-10-07 22:03:39 +02:00
parent abfd06a50d
commit 7d2ce03dc3
5 changed files with 95 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

19
flake.lock generated
View file

@ -241,6 +241,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1726463316,
"narHash": "sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "99dc8785f6a0adac95f5e2ab05cc2e1bf666d172",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -248,7 +264,8 @@
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"lix-module": "lix-module", "lix-module": "lix-module",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
} }
}, },
"stable": { "stable": {

2
flake.nix
View file

@ -11,6 +11,7 @@
# NixOS related inputs # NixOS related inputs
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
@ -40,6 +41,7 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-unstable,
nixos-hardware, nixos-hardware,
lix-module, lix-module,
agenix, agenix,

11
hosts/caddy/default.nix
View file

@ -31,6 +31,12 @@ in
host = "metrics.internal"; host = "metrics.internal";
}; };
}; };
grafana = {
proxy = {
domain = "tegola.pro";
host = "metrics.internal";
};
};
}; };
networking = { networking = {
@ -64,7 +70,10 @@ in
}; };
}; };
networking.nameservers = [ "192.168.1.2" ]; networking = {
firewall.allowedTCPPorts = [ 9100 ];
nameservers = [ "192.168.1.2" ];
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

9
hosts/default.nix
View file

@ -1,5 +1,6 @@
{ {
nixpkgs, nixpkgs,
nixpkgs-unstable,
nixos-hardware, nixos-hardware,
agenix, agenix,
home-manager, home-manager,
@ -9,7 +10,13 @@
let let
agenixOverlay = final: prev: { agenix = agenix.packages.${prev.system}.default; }; agenixOverlay = final: prev: { agenix = agenix.packages.${prev.system}.default; };
customOverlays = import ../overlay; # customOverlays = import ../overlay;
customOverlays = (
final: prev: {
caddy-custom = prev.callPackage ../overlay/caddy-custom.nix { };
jellyseerr = nixpkgs-unstable.legacyPackages."x86_64-linux".jellyseerr;
}
);
pkgs = pkgs =
system: system:

57
modules/networking/caddy.nix
View file

@ -29,6 +29,12 @@ in
enable = true; enable = true;
package = pkgs.caddy-custom; package = pkgs.caddy-custom;
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; # ONLY FOR DEVELOPMENT! # acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory"; # ONLY FOR DEVELOPMENT!
globalConfig = ''
admin :2024
servers {
metrics
}
'';
extraConfig = '' extraConfig = ''
(cloudflare) { (cloudflare) {
tls { tls {
@ -44,9 +50,60 @@ in
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
}; };
# By default, the module create a custom user but it lacks permission to read caddy files
systemd.services.promtail.serviceConfig = {
Group = lib.mkForce config.services.caddy.group;
User = lib.mkForce config.services.caddy.user;
};
services.promtail = {
enable = true;
configuration = {
server.http_listen_port = 9080;
server.grpc_listen_port = 0;
clients = [ { url = "http://metrics.internal:3100/loki/api/v1/push"; } ];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
regex = "(.*)\\.service";
target_label = "service";
}
{
source_labels = [ "__journal__hostname" ];
target_label = "hostname";
}
];
}
{
job_name = "caddy";
static_configs = [
{
targets = [ "localhost" ];
labels = {
job = "caddylogs";
__path__ = "${config.services.caddy.logDir}/*.log";
};
}
];
}
];
};
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443
2024
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [