From 94b5cb628613c87ab2a01508b030dabf03fb8637 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Wed, 22 Jan 2025 18:38:44 -0600 Subject: [PATCH] caddy nonsense --- flake.nix | 6 +++++- nixos/hosts/shadowfax/config/Caddyfile | 14 ++++++++++++++ nixos/hosts/shadowfax/default.nix | 23 ++++++++++++++++++++++- nixos/hosts/telperion/config/Caddyfile | 12 ++++++++++-- 4 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 nixos/hosts/shadowfax/config/Caddyfile diff --git a/flake.nix b/flake.nix index 8c5b735..9ad22b8 100644 --- a/flake.nix +++ b/flake.nix @@ -188,7 +188,10 @@ # Workloads server hostname = "shadowfax"; system = "x86_64-linux"; - disabledModules = [ "services/web-servers/minio.nix" ]; + disabledModules = [ + "services/web-servers/minio.nix" + "services/web-servers/caddy/default.nix" + ]; hardwareModules = [ lix-module.nixosModules.default ./nixos/profiles/hw-threadripperpro.nix @@ -196,6 +199,7 @@ profileModules = [ vscode-server.nixosModules.default "${nixpkgs-unstable}/nixos/modules/services/web-servers/minio.nix" + "${nixpkgs-unstable}/nixos/modules/services/web-servers/caddy/default.nix" ./nixos/profiles/role-dev.nix ./nixos/profiles/role-server.nix { home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; } diff --git a/nixos/hosts/shadowfax/config/Caddyfile b/nixos/hosts/shadowfax/config/Caddyfile new file mode 100644 index 0000000..7d423a4 --- /dev/null +++ b/nixos/hosts/shadowfax/config/Caddyfile @@ -0,0 +1,14 @@ +redeye.hsn.dev { + log { + output file /var/log/caddy/redeye.hsn.dev.log + } + tls { + dns cloudflare {env.CLOUDFLARE_API_TOKEN} + } + reverse_proxy { + transport http { + tls_insecure_skip_verify + } + to http://127.0.0.1:11080 + } +} diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index 6b41b33..966ac10 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -93,15 +93,30 @@ in }; }; - # Open minio ports for firewall + # Open ports in the firewall. networking.firewall = { allowedTCPPorts = [ + # Caddy + 80 # http + 443 # https + 2019 # caddy admin api + # Minio 9000 # console web interface 9001 # api interface + ]; }; services = { + # Caddy + # caddy = { + # enable = true; + # package = pkgs.unstable.caddy; + # extraConfig = builtins.readFile ./config/Caddyfile; + # logFormat = lib.mkForce "level INFO"; + # environmentFile = config.sops.secrets."caddy/env".path; + # }; + # Minio minio = { enable = true; @@ -168,6 +183,12 @@ in mode = "400"; restartUnits = [ "syncthing.service" ]; }; + # "caddy/env" = { + # sopsFile = ./secrets.sops.yaml; + # owner = "caddy"; + # mode = "400"; + # restartUnits = [ "caddy.service" ]; + # }; }; # System settings and services. diff --git a/nixos/hosts/telperion/config/Caddyfile b/nixos/hosts/telperion/config/Caddyfile index 35116f8..22d25b2 100644 --- a/nixos/hosts/telperion/config/Caddyfile +++ b/nixos/hosts/telperion/config/Caddyfile @@ -6,8 +6,16 @@ telperion.meerkat-dab.ts.net { transport http { tls_insecure_skip_verify } + fail_duration 10s + health_interval 5s + health_timeout 2s + health_uri / lb_policy client_ip_hash - to https://10.1.1.66:8006 - to https://10.1.1.67:8006 + lb_try_duration 5s + lb_try_interval 250ms + max_fails 1 + unhealthy_status 5xx + to https://legion.meerkat-dab.ts.net:8006 + to https://rosie.meerkat-dab.ts.net:8006 } }