pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Single domain for public and tailscale

Browse source
This commit is contained in:
pazpi 2025-08-22 18:14:29 +02:00
parent 4bc15a5913
commit 7f5cab32e1
6 changed files with 24 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/caddy/dashy-settings.nix
View file

@ -16,7 +16,7 @@ in
}; };
webSearch = { webSearch = {
searchEngine = "custom"; searchEngine = "custom";
customSearchEngine = "https://search.${p.domains.ts}/search?q="; customSearchEngine = "https://search.${p.domains.public}/search?q=";
}; };
}; };
@ -101,7 +101,7 @@ in
items = [ items = [
{ {
title = "Searx"; title = "Searx";
url = "https://search.${p.domains.ts}"; url = "https://search.${p.domains.public}";
icon = "hl-searxng"; icon = "hl-searxng";
} }
{ {
@ -139,12 +139,12 @@ in
items = [ items = [
{ {
title = "Grafana"; title = "Grafana";
url = "https://grafana.${p.domains.ts}"; url = "https://grafana.${p.domains.public}";
icon = "hl-grafana"; icon = "hl-grafana";
} }
{ {
title = "Prometheus"; title = "Prometheus";
url = "https://prometheus.${p.domains.ts}"; url = "https://prometheus.ts.${p.domains.public}";
icon = "hl-prometheus"; icon = "hl-prometheus";
} }
]; ];

41
hosts/caddy/default.nix
View file

@ -6,7 +6,6 @@
... ...
}: }:
let let
email = "pasettodavide@gmail.com";
p = import ../parameters.nix; p = import ../parameters.nix;
in in
{ {
@ -14,20 +13,11 @@ in
age.secrets = { age.secrets = {
searx-secret.file = ../../secrets/searx-secret.age; searx-secret.file = ../../secrets/searx-secret.age;
tailscale-authKey.file = ../../secrets/tailscale-authKey.age; tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
cloudflare-tegola-apiKey = {
file = ../../secrets/cloudflare-tegola-apiKey.age;
owner = config.services.caddy.user;
group = config.services.caddy.group;
};
cloudflare-pasetto-apiKey = { cloudflare-pasetto-apiKey = {
file = ../../secrets/cloudflare-pasetto-apiKey.age; file = ../../secrets/cloudflare-pasetto-apiKey.age;
owner = config.services.caddy.user; owner = config.services.caddy.user;
group = config.services.caddy.group; group = config.services.caddy.group;
}; };
ddclient = {
file = ../../secrets/ddclient.age;
mode = "400";
};
}; };
my = { my = {
@ -69,7 +59,7 @@ in
media-mgr = { media-mgr = {
proxy = { proxy = {
enable = true; enable = true;
domain = p.domains.ts; domain = p.domains.public;
host = p.hosts.arr; host = p.hosts.arr;
}; };
}; };
@ -116,7 +106,7 @@ in
prometheus = { prometheus = {
proxy = { proxy = {
enable = true; enable = true;
domain = p.domains.ts; domain = p.domains.public;
host = p.hosts.metrics; host = p.hosts.metrics;
}; };
}; };
@ -141,14 +131,9 @@ in
enable = true; enable = true;
configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path; configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
domainsList = [ domainsList = [
{
domain = p.domains.ts;
email = email;
cloudflareApiKeyFile = config.age.secrets.cloudflare-tegola-apiKey.path;
}
{ {
domain = p.domains.public; domain = p.domains.public;
email = email; email = p.email;
cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path; cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
} }
]; ];
@ -167,8 +152,8 @@ in
} }
{ {
subdomain = "torrent"; subdomain = "torrent";
host = "http://qbittorrent.${p.domains.tsDns}:8090"; host = "http://qbittorrent.ts.${p.domains.tsDns}:8090";
domain = p.domains.ts; domain = p.domains.public;
} }
{ {
subdomain = "ai"; subdomain = "ai";
@ -184,11 +169,6 @@ in
}; };
ddclient = {
enable = false;
configFile = config.age.secrets.ddclient.path;
};
}; };
virtualisation = { virtualisation = {
@ -201,16 +181,5 @@ in
}; };
}; };
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
iperf3 = {
enable = true;
openFirewall = true;
};
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }

5
hosts/parameters.nix
View file

@ -19,12 +19,11 @@
immich = "immich.internal"; immich = "immich.internal";
firefly-iii = "firefly-iii.internal"; firefly-iii = "firefly-iii.internal";
paperless = "paperless.internal"; paperless = "paperless.internal";
zigbee2mqtt = "zigbee2mqtt.home"; zigbee2mqtt = "zigbee2mqtt.internal";
}; };
domains = { domains = {
public = "pasetto.me"; public = "pasetto.me";
ts = "tegola.pro";
tsDns = "bison-altair.ts.net"; tsDns = "bison-altair.ts.net";
internal = "internal";
}; };
email = "davide@pasetto.me";
} }

2
modules/monitoring/prometheus.nix
View file

@ -107,7 +107,7 @@ in
(lib.mkIf cfg.proxy.enable { (lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; { services.caddy = with cfg.proxy; {
virtualHosts."${subdomain}.${domain}".extraConfig = '' virtualHosts."${subdomain}.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:9090 reverse_proxy http://${host}:9090
import cloudflare_${domain} import cloudflare_${domain}
''; '';

8
modules/networking/caddy.nix
View file

@ -94,7 +94,10 @@ in
group = config.services.caddy.group; group = config.services.caddy.group;
email = domainConfig.email; email = domainConfig.email;
domain = domainConfig.domain; domain = domainConfig.domain;
extraDomainNames = [ "*.${domainConfig.domain}" ]; extraDomainNames = [
"*.${domainConfig.domain}"
"*.ts.${domainConfig.domain}"
];
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53"; dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true; dnsPropagationCheck = true;
@ -136,9 +139,8 @@ in
dynamic_dns { dynamic_dns {
provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}} provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}}
domains { domains {
${dynamicdnsDomain.domain} @ ${dynamicdnsDomain.domain} @ *
} }
dynamic_domains
} }
'') cfg.dynamicdnsDomains '') cfg.dynamicdnsDomains
); );

14
modules/services/media-mgr.nix
View file

@ -108,31 +108,31 @@ in
# Caddy for reverse proxy # Caddy for reverse proxy
(lib.mkIf cfg.proxy.enable { (lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; { services.caddy = with cfg.proxy; {
virtualHosts."prowlarr.${domain}".extraConfig = '' virtualHosts."prowlarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${prowlarrPort} reverse_proxy http://${host}:${prowlarrPort}
import cloudflare_${domain} import cloudflare_${domain}
''; '';
virtualHosts."radarr.${domain}".extraConfig = '' virtualHosts."radarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${radarrPort} reverse_proxy http://${host}:${radarrPort}
import cloudflare_${domain} import cloudflare_${domain}
''; '';
virtualHosts."sonarr.${domain}".extraConfig = '' virtualHosts."sonarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${sonarrPort} reverse_proxy http://${host}:${sonarrPort}
import cloudflare_${domain} import cloudflare_${domain}
''; '';
virtualHosts."lidarr.${domain}".extraConfig = '' virtualHosts."lidarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${lidarrPort} reverse_proxy http://${host}:${lidarrPort}
import cloudflare_${domain} import cloudflare_${domain}
''; '';
virtualHosts."readarr.${domain}".extraConfig = '' virtualHosts."readarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${readarrPort} reverse_proxy http://${host}:${readarrPort}
import cloudflare_${domain} import cloudflare_${domain}
''; '';
virtualHosts."bazarr.${domain}".extraConfig = '' virtualHosts."bazarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString config.services.bazarr.listenPort} reverse_proxy http://${host}:${toString config.services.bazarr.listenPort}
import cloudflare_${domain} import cloudflare_${domain}
''; '';
virtualHosts."jellyseerr.${domain}".extraConfig = '' virtualHosts."jellyseerr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString config.services.jellyseerr.port} reverse_proxy http://${host}:${toString config.services.jellyseerr.port}
import cloudflare_${domain} import cloudflare_${domain}
''; '';