From 7f5cab32e1d9f73def292a129ccf50c8eeb17b51 Mon Sep 17 00:00:00 2001 From: pazpi Date: Fri, 22 Aug 2025 18:14:29 +0200 Subject: [PATCH] Single domain for public and tailscale --- hosts/caddy/dashy-settings.nix | 8 +++--- hosts/caddy/default.nix | 41 ++++--------------------------- hosts/parameters.nix | 5 ++-- modules/monitoring/prometheus.nix | 2 +- modules/networking/caddy.nix | 8 +++--- modules/services/media-mgr.nix | 14 +++++------ 6 files changed, 24 insertions(+), 54 deletions(-) diff --git a/hosts/caddy/dashy-settings.nix b/hosts/caddy/dashy-settings.nix index f86edbc..6bd12df 100644 --- a/hosts/caddy/dashy-settings.nix +++ b/hosts/caddy/dashy-settings.nix @@ -16,7 +16,7 @@ in }; webSearch = { searchEngine = "custom"; - customSearchEngine = "https://search.${p.domains.ts}/search?q="; + customSearchEngine = "https://search.${p.domains.public}/search?q="; }; }; @@ -101,7 +101,7 @@ in items = [ { title = "Searx"; - url = "https://search.${p.domains.ts}"; + url = "https://search.${p.domains.public}"; icon = "hl-searxng"; } { @@ -139,12 +139,12 @@ in items = [ { title = "Grafana"; - url = "https://grafana.${p.domains.ts}"; + url = "https://grafana.${p.domains.public}"; icon = "hl-grafana"; } { title = "Prometheus"; - url = "https://prometheus.${p.domains.ts}"; + url = "https://prometheus.ts.${p.domains.public}"; icon = "hl-prometheus"; } ]; diff --git a/hosts/caddy/default.nix b/hosts/caddy/default.nix index 80b441a..dea75b5 100644 --- a/hosts/caddy/default.nix +++ b/hosts/caddy/default.nix @@ -6,7 +6,6 @@ ... }: let - email = "pasettodavide@gmail.com"; p = import ../parameters.nix; in { @@ -14,20 +13,11 @@ in age.secrets = { searx-secret.file = ../../secrets/searx-secret.age; tailscale-authKey.file = ../../secrets/tailscale-authKey.age; - cloudflare-tegola-apiKey = { - file = ../../secrets/cloudflare-tegola-apiKey.age; - owner = config.services.caddy.user; - group = config.services.caddy.group; - }; cloudflare-pasetto-apiKey = { file = ../../secrets/cloudflare-pasetto-apiKey.age; owner = config.services.caddy.user; group = config.services.caddy.group; }; - ddclient = { - file = ../../secrets/ddclient.age; - mode = "400"; - }; }; my = { @@ -69,7 +59,7 @@ in media-mgr = { proxy = { enable = true; - domain = p.domains.ts; + domain = p.domains.public; host = p.hosts.arr; }; }; @@ -116,7 +106,7 @@ in prometheus = { proxy = { enable = true; - domain = p.domains.ts; + domain = p.domains.public; host = p.hosts.metrics; }; }; @@ -141,14 +131,9 @@ in enable = true; configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path; domainsList = [ - { - domain = p.domains.ts; - email = email; - cloudflareApiKeyFile = config.age.secrets.cloudflare-tegola-apiKey.path; - } { domain = p.domains.public; - email = email; + email = p.email; cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path; } ]; @@ -167,8 +152,8 @@ in } { subdomain = "torrent"; - host = "http://qbittorrent.${p.domains.tsDns}:8090"; - domain = p.domains.ts; + host = "http://qbittorrent.ts.${p.domains.tsDns}:8090"; + domain = p.domains.public; } { subdomain = "ai"; @@ -184,11 +169,6 @@ in }; - ddclient = { - enable = false; - configFile = config.age.secrets.ddclient.path; - }; - }; virtualisation = { @@ -201,16 +181,5 @@ in }; }; - # Extra packages - environment.systemPackages = with pkgs; [ ]; - - services = { - iperf3 = { - enable = true; - openFirewall = true; - }; - - }; - system.stateVersion = "24.05"; } diff --git a/hosts/parameters.nix b/hosts/parameters.nix index e08f4e8..0858d2e 100644 --- a/hosts/parameters.nix +++ b/hosts/parameters.nix @@ -19,12 +19,11 @@ immich = "immich.internal"; firefly-iii = "firefly-iii.internal"; paperless = "paperless.internal"; - zigbee2mqtt = "zigbee2mqtt.home"; + zigbee2mqtt = "zigbee2mqtt.internal"; }; domains = { public = "pasetto.me"; - ts = "tegola.pro"; tsDns = "bison-altair.ts.net"; - internal = "internal"; }; + email = "davide@pasetto.me"; } diff --git a/modules/monitoring/prometheus.nix b/modules/monitoring/prometheus.nix index a514e05..7d3a45f 100644 --- a/modules/monitoring/prometheus.nix +++ b/modules/monitoring/prometheus.nix @@ -107,7 +107,7 @@ in (lib.mkIf cfg.proxy.enable { services.caddy = with cfg.proxy; { - virtualHosts."${subdomain}.${domain}".extraConfig = '' + virtualHosts."${subdomain}.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:9090 import cloudflare_${domain} ''; diff --git a/modules/networking/caddy.nix b/modules/networking/caddy.nix index 2af5fdd..ad51fda 100644 --- a/modules/networking/caddy.nix +++ b/modules/networking/caddy.nix @@ -94,7 +94,10 @@ in group = config.services.caddy.group; email = domainConfig.email; domain = domainConfig.domain; - extraDomainNames = [ "*.${domainConfig.domain}" ]; + extraDomainNames = [ + "*.${domainConfig.domain}" + "*.ts.${domainConfig.domain}" + ]; dnsProvider = "cloudflare"; dnsResolver = "1.1.1.1:53"; dnsPropagationCheck = true; @@ -136,9 +139,8 @@ in dynamic_dns { provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}} domains { - ${dynamicdnsDomain.domain} @ + ${dynamicdnsDomain.domain} @ * } - dynamic_domains } '') cfg.dynamicdnsDomains ); diff --git a/modules/services/media-mgr.nix b/modules/services/media-mgr.nix index 97e83a2..39d6fae 100644 --- a/modules/services/media-mgr.nix +++ b/modules/services/media-mgr.nix @@ -108,31 +108,31 @@ in # Caddy for reverse proxy (lib.mkIf cfg.proxy.enable { services.caddy = with cfg.proxy; { - virtualHosts."prowlarr.${domain}".extraConfig = '' + virtualHosts."prowlarr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${prowlarrPort} import cloudflare_${domain} ''; - virtualHosts."radarr.${domain}".extraConfig = '' + virtualHosts."radarr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${radarrPort} import cloudflare_${domain} ''; - virtualHosts."sonarr.${domain}".extraConfig = '' + virtualHosts."sonarr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${sonarrPort} import cloudflare_${domain} ''; - virtualHosts."lidarr.${domain}".extraConfig = '' + virtualHosts."lidarr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${lidarrPort} import cloudflare_${domain} ''; - virtualHosts."readarr.${domain}".extraConfig = '' + virtualHosts."readarr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${readarrPort} import cloudflare_${domain} ''; - virtualHosts."bazarr.${domain}".extraConfig = '' + virtualHosts."bazarr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${toString config.services.bazarr.listenPort} import cloudflare_${domain} ''; - virtualHosts."jellyseerr.${domain}".extraConfig = '' + virtualHosts."jellyseerr.ts.${domain}".extraConfig = '' reverse_proxy http://${host}:${toString config.services.jellyseerr.port} import cloudflare_${domain} '';