dunkirk.sh / dots
Kieran's opinionated (and probably slightly dumb) nix config
fork atom

feat: add caddy and uptime kuma on prattle

dunkirk.sh dce1beb8 71651f66

verified
options
unified split
Changed files
+39 -1
machines
prattle
default.nix
secrets
cloudflare.age
secrets.nix
+36 -1
machines/prattle/default.nix 
···

       
99

       
99

       
 

       
      path = "/home/kierank/.wakatime.cfg";


     

       
100

       
100

       
 

       
      owner = "kierank";


     

       
101

       
101

       
 

       
    };


     

       

       
102

       
+

       
    cloudflare = {


     

       

       
103

       
+

       
      file = ../../secrets/cloudflare.age;


     

       

       
104

       
+

       
      owner = "caddy";


     

       

       
105

       
+

       
    };


     

       
102

       
106

       
 

       
  };


     

       
103

       
107

       
 

       



     

       
104

       
108

       
 

       
  environment.sessionVariables = {


     
···

       
152

       
156

       
 

       



     

       
153

       
157

       
 

       
  networking.firewall = {


     

       
154

       
158

       
 

       
    enable = true;


     

       
155

       

       
-

       
    allowedTCPPorts = [ 22 ];


     

       

       
159

       
+

       
    allowedTCPPorts = [ 22 80 443 ];


     

       
156

       
160

       
 

       
    logRefusedConnections = false;


     

       
157

       
161

       
 

       
    rejectPackets = true;


     

       
158

       
162

       
 

       
  };


     
···

       
160

       
164

       
 

       
  services.tailscale = {


     

       
161

       
165

       
 

       
    enable = true;


     

       
162

       
166

       
 

       
    useRoutingFeatures = "client";


     

       

       
167

       
+

       
  };


     

       

       
168

       
+

       



     

       

       
169

       
+

       
  services.caddy = {


     

       

       
170

       
+

       
    enable = true;


     

       

       
171

       
+

       
    package = pkgs.caddy.withPlugins {


     

       

       
172

       
+

       
      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.2" ];


     

       

       
173

       
+

       
      hash = "sha256-Z8nPh4OI3/R1nn667ZC5VgE+Q9vDenaQ3QPKxmqPNkc=";


     

       

       
174

       
+

       
    };


     

       

       
175

       
+

       
    email = "me@dunkirk.sh";


     

       

       
176

       
+

       
    globalConfig = ''


     

       

       
177

       
+

       
      acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}


     

       

       
178

       
+

       
    '';


     

       

       
179

       
+

       
    virtualHosts."status.dunkirk.sh" = {


     

       

       
180

       
+

       
      extraConfig = ''


     

       

       
181

       
+

       
        tls {


     

       

       
182

       
+

       
          dns cloudflare {env.CLOUDFLARE_API_TOKEN}


     

       

       
183

       
+

       
        }


     

       

       
184

       
+

       
        reverse_proxy localhost:3001


     

       

       
185

       
+

       
      '';


     

       

       
186

       
+

       
    };


     

       

       
187

       
+

       
  };


     

       

       
188

       
+

       



     

       

       
189

       
+

       
  systemd.services.caddy.serviceConfig = {


     

       

       
190

       
+

       
    EnvironmentFile = config.age.secrets.cloudflare.path;


     

       

       
191

       
+

       
  };


     

       

       
192

       
+

       



     

       

       
193

       
+

       
  services.uptime-kuma = {


     

       

       
194

       
+

       
    enable = true;


     

       

       
195

       
+

       
    settings = {


     

       

       
196

       
+

       
      PORT = "3001";


     

       

       
197

       
+

       
    };


     

       
163

       
198

       
 

       
  };


     

       
164

       
199

       
 

       



     

       
165

       
200

       
 

       
  boot.loader.systemd-boot.enable = true;
secrets/cloudflare.age

This is a binary file and will not be displayed.

+3
secrets/secrets.nix 
···

       
23

       
23

       
 

       
  "context7.age".publicKeys = [


     

       
24

       
24

       
 

       
    kierank


     

       
25

       
25

       
 

       
  ];


     

       

       
26

       
+

       
  "cloudflare.age".publicKeys = [


     

       

       
27

       
+

       
    kierank


     

       

       
28

       
+

       
  ];


     

       
26

       
29

       
 

       
}