pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

caddy support multi domain

Browse source
This commit is contained in:
pazpi 2025-01-06 18:24:12 +01:00
parent f15e521895
commit fdcc829acf
13 changed files with 344 additions and 141 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/services/media-mgr.nix
View file

@ -135,31 +135,31 @@ in
services.caddy = with cfg.proxy; {
virtualHosts."prowlarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:9696
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."radarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:7878
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."sonarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:8989
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."lidarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:8686
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."readarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:8787
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."bazarr.${domain}".extraConfig = ''
reverse_proxy http://${host}:6767
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."jellyseerr.${domain}".extraConfig = ''
reverse_proxy http://${host}:5055
import cloudflare
import cloudflare_${domain}
'';
};
})

43
modules/services/nextcloud.nix
View file

@ -12,6 +12,14 @@ in
options.my.services.nextcloud = {
enable = lib.mkEnableOption "Enable Nextcloud module";
adminPasswordFile = lib.mkOption {
default = "";
type = lib.types.str;
description = ''
Path to the file containing the admin password for Nextcloud
'';
};
proxy = {
enable = lib.mkEnableOption "Set the proxy entry for this service";
@ -23,6 +31,22 @@ in
'';
};
subdomain = lib.mkOption {
default = "nextcloud";
type = lib.types.str;
description = ''
The subdomain where Nextcloud is reachable
'';
};
officeSubdomain = lib.mkOption {
default = "office";
type = lib.types.str;
description = ''
The subdomain where Collabora Online is reachable
'';
};
host = lib.mkOption {
default = "localhost";
type = lib.types.str;
@ -37,15 +61,6 @@ in
config = lib.mkMerge [
(lib.mkIf cfg.enable {
age.secrets = {
nextcloud-admin-pwd = {
file = ../../secrets/nextcloud-admin-pwd.age;
owner = "nextcloud";
group = "nextcloud";
mode = "770";
};
};
services = {
nextcloud = {
@ -90,7 +105,7 @@ in
config = {
dbtype = "pgsql";
adminuser = "admin";
adminpassFile = config.age.secrets.nextcloud-admin-pwd.path;
adminpassFile = cfg.adminPasswordFile;
};
# Let NixOS install and configure the database automatically.
@ -160,12 +175,12 @@ in
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."cloud.${domain}".extraConfig = ''
virtualHosts."${subdomain}.${domain}".extraConfig = ''
reverse_proxy http://${host}:80
import cloudflare
import cloudflare_${domain}
'';
virtualHosts."office.${domain}".extraConfig = ''
import cloudflare
virtualHosts."${officeSubdomain}.${domain}".extraConfig = ''
import cloudflare_${domain}
reverse_proxy http://${host}:${toString config.services.collabora-online.port} {
# Required to circumvent bug of Onlyoffice loading mixed non-https content
header_up X-Forwarded-Proto https

16
modules/services/searx.nix
View file

@ -12,6 +12,14 @@ in
options.my.services.searx = {
enable = lib.mkEnableOption "Enable searXNG module";
secretFile = lib.mkOption {
default = "";
type = lib.types.str;
description = ''
Path to the file containing the secret for searXNG
'';
};
proxy = {
enable = lib.mkEnableOption "Set the proxy entry for this service";
@ -37,12 +45,10 @@ in
config = lib.mkMerge [
(lib.mkIf cfg.enable {
age.secrets.searx-secret.file = ../../secrets/searx-secret.age;
services.searcx = {
services.searx = {
enable = true;
redisCreateLocally = true;
environmentFile = config.age.secrets.searx-secret.path;
environmentFile = cfg.secretFile;
settings = {
general = {
open_metrics = "@METRICS_SECRET@";
@ -63,7 +69,7 @@ in
services.caddy = with cfg.proxy; {
virtualHosts."search.${domain}".extraConfig = ''
reverse_proxy http://${host}:8080
import cloudflare
import cloudflare_${domain}
'';
};
})

24
modules/services/vaultwarden.nix
View file

@ -13,6 +13,14 @@ in
options.my.services.vaultwarden = {
enable = lib.mkEnableOption "Enable Vaultwarden module";
adminPasswordFile = lib.mkOption {
default = "";
type = lib.types.str;
description = ''
Path to the file containing the admin password for Vaultwarden
'';
};
proxy = {
enable = lib.mkEnableOption "Set the proxy entry for this service";
@ -24,6 +32,14 @@ in
'';
};
subdomain = lib.mkOption {
default = "vault";
type = lib.types.str;
description = ''
The subdomain where Vaultwarden is reachable
'';
};
host = lib.mkOption {
default = "localhost";
type = lib.types.str;
@ -38,8 +54,6 @@ in
config = lib.mkMerge [
(lib.mkIf cfg.enable {
age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age;
my.services.postgresql = {
enable = true;
ensures = [
@ -53,7 +67,7 @@ in
services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
environmentFile = config.age.secrets.vaultwarden-admin-pwd.path;
environmentFile = cfg.adminPasswordFile;
config = {
DOMAIN = "https://vault.${cfg.proxy.domain}";
SENDS_ALLOWED = true;
@ -75,9 +89,9 @@ in
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."vault.${domain}".extraConfig = ''
virtualHosts."${subdomain}.${domain}".extraConfig = ''
reverse_proxy http://${host}:${toString rocketPort}
import cloudflare
import cloudflare_${domain}
'';
};
})