pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Single domain for public and tailscale

Browse source
This commit is contained in:
pazpi 2025-08-22 18:14:29 +02:00
parent 4bc15a5913
commit 7f5cab32e1
6 changed files with 24 additions and 54 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hosts/caddy/dashy-settings.nix
View file

@ -16,7 +16,7 @@ in
};
webSearch = {
searchEngine = "custom";
customSearchEngine = "https://search.${p.domains.ts}/search?q=";
customSearchEngine = "https://search.${p.domains.public}/search?q=";
};
};
@ -101,7 +101,7 @@ in
items = [
{
title = "Searx";
url = "https://search.${p.domains.ts}";
url = "https://search.${p.domains.public}";
icon = "hl-searxng";
}
{
@ -139,12 +139,12 @@ in
items = [
{
title = "Grafana";
url = "https://grafana.${p.domains.ts}";
url = "https://grafana.${p.domains.public}";
icon = "hl-grafana";
}
{
title = "Prometheus";
url = "https://prometheus.${p.domains.ts}";
url = "https://prometheus.ts.${p.domains.public}";
icon = "hl-prometheus";
}
];

41
hosts/caddy/default.nix
View file

@ -6,7 +6,6 @@
...
}:
let
email = "pasettodavide@gmail.com";
p = import ../parameters.nix;
in
{
@ -14,20 +13,11 @@ in
age.secrets = {
searx-secret.file = ../../secrets/searx-secret.age;
tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
cloudflare-tegola-apiKey = {
file = ../../secrets/cloudflare-tegola-apiKey.age;
owner = config.services.caddy.user;
group = config.services.caddy.group;
};
cloudflare-pasetto-apiKey = {
file = ../../secrets/cloudflare-pasetto-apiKey.age;
owner = config.services.caddy.user;
group = config.services.caddy.group;
};
ddclient = {
file = ../../secrets/ddclient.age;
mode = "400";
};
};
my = {
@ -69,7 +59,7 @@ in
media-mgr = {
proxy = {
enable = true;
domain = p.domains.ts;
domain = p.domains.public;
host = p.hosts.arr;
};
};
@ -116,7 +106,7 @@ in
prometheus = {
proxy = {
enable = true;
domain = p.domains.ts;
domain = p.domains.public;
host = p.hosts.metrics;
};
};
@ -141,14 +131,9 @@ in
enable = true;
configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
domainsList = [
{
domain = p.domains.ts;
email = email;
cloudflareApiKeyFile = config.age.secrets.cloudflare-tegola-apiKey.path;
}
{
domain = p.domains.public;
email = email;
email = p.email;
cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
}
];
@ -167,8 +152,8 @@ in
}
{
subdomain = "torrent";
host = "http://qbittorrent.${p.domains.tsDns}:8090";
domain = p.domains.ts;
host = "http://qbittorrent.ts.${p.domains.tsDns}:8090";
domain = p.domains.public;
}
{
subdomain = "ai";
@ -184,11 +169,6 @@ in
};
ddclient = {
enable = false;
configFile = config.age.secrets.ddclient.path;
};
};
virtualisation = {
@ -201,16 +181,5 @@ in
};
};
# Extra packages
environment.systemPackages = with pkgs; [ ];
services = {
iperf3 = {
enable = true;
openFirewall = true;
};
};
system.stateVersion = "24.05";
}

5
hosts/parameters.nix
View file

@ -19,12 +19,11 @@
immich = "immich.internal";
firefly-iii = "firefly-iii.internal";
paperless = "paperless.internal";
zigbee2mqtt = "zigbee2mqtt.home";
zigbee2mqtt = "zigbee2mqtt.internal";
};
domains = {
public = "pasetto.me";
ts = "tegola.pro";
tsDns = "bison-altair.ts.net";
internal = "internal";
};
email = "davide@pasetto.me";
}

2
modules/monitoring/prometheus.nix
View file

@ -107,7 +107,7 @@ in
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."${subdomain}.${domain}".extraConfig = ''
virtualHosts."${subdomain}.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:9090
import cloudflare_${domain}
'';

8
modules/networking/caddy.nix
View file

@ -94,7 +94,10 @@ in
group = config.services.caddy.group;
email = domainConfig.email;
domain = domainConfig.domain;
extraDomainNames = [ "*.${domainConfig.domain}" ];
extraDomainNames = [
"*.${domainConfig.domain}"
"*.ts.${domainConfig.domain}"
];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
@ -136,9 +139,8 @@ in
dynamic_dns {
provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}}
domains {
${dynamicdnsDomain.domain} @
${dynamicdnsDomain.domain} @ *
}
dynamic_domains
}
'') cfg.dynamicdnsDomains
);

14
modules/services/media-mgr.nix
View file

@ -108,31 +108,31 @@ in
# Caddy for reverse proxy
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."prowlarr.${domain}".extraConfig = ''
virtualHosts."prowlarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${prowlarrPort}
import cloudflare_${domain}
'';
virtualHosts."radarr.${domain}".extraConfig = ''
virtualHosts."radarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${radarrPort}
import cloudflare_${domain}
'';
virtualHosts."sonarr.${domain}".extraConfig = ''
virtualHosts."sonarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${sonarrPort}
import cloudflare_${domain}
'';
virtualHosts."lidarr.${domain}".extraConfig = ''
virtualHosts."lidarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${lidarrPort}
import cloudflare_${domain}
'';
virtualHosts."readarr.${domain}".extraConfig = ''
virtualHosts."readarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${readarrPort}
import cloudflare_${domain}
'';
virtualHosts."bazarr.${domain}".extraConfig = ''
virtualHosts."bazarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString config.services.bazarr.listenPort}
import cloudflare_${domain}
'';
virtualHosts."jellyseerr.${domain}".extraConfig = ''
virtualHosts."jellyseerr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString config.services.jellyseerr.port}
import cloudflare_${domain}
'';