tailscale --> caddy lb --> proxmox nodes

add caddy to global environment packages

caddy config and add Caddyfile to remove-tabs ignore

update name

proxymox

.pre-commit-config.yaml

@@ -25,7 +25,7 @@ repos:
     hooks:
       - id: remove-crlf
       - id: remove-tabs
-        exclude: (Makefile)
+        exclude: (Makefile|Caddyfile)
   - repo: https://github.com/zricethezav/gitleaks
     rev: v8.22.0
     hooks:

nixos/hosts/telperion/config/Caddyfile

@@ -0,0 +1,13 @@
+telperion.meerkat-dab.ts.net {
+	log {
+		output file /var/log/caddy/telperion.meerkat-dab.ts.net.log
+	}
+	reverse_proxy {
+		transport http {
+			tls_insecure_skip_verify
+		}
+		lb_policy client_ip_hash
+		to https://10.1.1.66:8006
+		to https://10.1.1.67:8006
+	}
+}

nixos/hosts/telperion/default.nix

@@ -5,6 +5,7 @@
   config,
   lib,
   modulesPath,
+  pkgs,
   ...
 }:
 
@@ -75,11 +76,26 @@
       };
     };
   };
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+    2019
+  ];
+  services = {
+    # Caddy
+    caddy = {
+      enable = true;
+      package = pkgs.unstable.caddy;
+      extraConfig = builtins.readFile ./config/Caddyfile;
+      logFormat = lib.mkForce "level INFO";
+    };
 
-  # Tailscale
-  services.tailscale = {
-    enable = true;
-    openFirewall = true;
+    # Tailscale
+    tailscale = {
+      enable = true;
+      openFirewall = true;
+      permitCertUid = builtins.toString config.users.users.caddy.uid;
+    };
   };
 
   # System settings and services.

nixos/profiles/global.nix

@@ -32,12 +32,13 @@ with lib;
 
     environment.systemPackages = with pkgs; [
       curl
-      wget
       dnsutils
       jq
-      yq-go
       nvme-cli
       smartmontools
+      unstable.caddy
+      wget
+      yq-go
     ];
 
     networking.domain = config.mySystem.domain;