caddy nonsense
This commit is contained in:
parent
b7ca959d3e
commit
94b5cb6286
4 changed files with 51 additions and 4 deletions
|
|
@ -188,7 +188,10 @@
|
|||
# Workloads server
|
||||
hostname = "shadowfax";
|
||||
system = "x86_64-linux";
|
||||
disabledModules = [ "services/web-servers/minio.nix" ];
|
||||
disabledModules = [
|
||||
"services/web-servers/minio.nix"
|
||||
"services/web-servers/caddy/default.nix"
|
||||
];
|
||||
hardwareModules = [
|
||||
lix-module.nixosModules.default
|
||||
./nixos/profiles/hw-threadripperpro.nix
|
||||
|
|
@ -196,6 +199,7 @@
|
|||
profileModules = [
|
||||
vscode-server.nixosModules.default
|
||||
"${nixpkgs-unstable}/nixos/modules/services/web-servers/minio.nix"
|
||||
"${nixpkgs-unstable}/nixos/modules/services/web-servers/caddy/default.nix"
|
||||
./nixos/profiles/role-dev.nix
|
||||
./nixos/profiles/role-server.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
|
||||
|
|
|
|||
14
nixos/hosts/shadowfax/config/Caddyfile
Normal file
14
nixos/hosts/shadowfax/config/Caddyfile
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
redeye.hsn.dev {
|
||||
log {
|
||||
output file /var/log/caddy/redeye.hsn.dev.log
|
||||
}
|
||||
tls {
|
||||
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
|
||||
}
|
||||
reverse_proxy {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
to http://127.0.0.1:11080
|
||||
}
|
||||
}
|
||||
|
|
@ -93,15 +93,30 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# Open minio ports for firewall
|
||||
# Open ports in the firewall.
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
# Caddy
|
||||
80 # http
|
||||
443 # https
|
||||
2019 # caddy admin api
|
||||
# Minio
|
||||
9000 # console web interface
|
||||
9001 # api interface
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
services = {
|
||||
# Caddy
|
||||
# caddy = {
|
||||
# enable = true;
|
||||
# package = pkgs.unstable.caddy;
|
||||
# extraConfig = builtins.readFile ./config/Caddyfile;
|
||||
# logFormat = lib.mkForce "level INFO";
|
||||
# environmentFile = config.sops.secrets."caddy/env".path;
|
||||
# };
|
||||
|
||||
# Minio
|
||||
minio = {
|
||||
enable = true;
|
||||
|
|
@ -168,6 +183,12 @@ in
|
|||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
# "caddy/env" = {
|
||||
# sopsFile = ./secrets.sops.yaml;
|
||||
# owner = "caddy";
|
||||
# mode = "400";
|
||||
# restartUnits = [ "caddy.service" ];
|
||||
# };
|
||||
};
|
||||
|
||||
# System settings and services.
|
||||
|
|
|
|||
|
|
@ -6,8 +6,16 @@ telperion.meerkat-dab.ts.net {
|
|||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
fail_duration 10s
|
||||
health_interval 5s
|
||||
health_timeout 2s
|
||||
health_uri /
|
||||
lb_policy client_ip_hash
|
||||
to https://10.1.1.66:8006
|
||||
to https://10.1.1.67:8006
|
||||
lb_try_duration 5s
|
||||
lb_try_interval 250ms
|
||||
max_fails 1
|
||||
unhealthy_status 5xx
|
||||
to https://legion.meerkat-dab.ts.net:8006
|
||||
to https://rosie.meerkat-dab.ts.net:8006
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue