nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom

blep

nekomimi.pet 30fc5a37 1023e50f

options
unified split
Changed files
+30 -13
hosts
morax
default.nix
hardware.nix
modules
caddy
default.nix
+11
hosts/morax/default.nix 
···

       
11

       
 

       
    ../../host-secrets.nix


     

       
12

       
 

       
  ];


     

       
13

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
14

       
 

       
  system.stateVersion = "25.05";


     

       
15

       
 

       



     

       
16

       
 

       
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";


     
···

       
11

       
 

       
    ../../host-secrets.nix


     

       
12

       
 

       
  ];


     

       
13

       
 

       



     

       
14

       
+

       
  # Enable modules


     

       
15

       
+

       
  modules.caddy.enable = true;


     

       
16

       
+

       
  modules.garage.enable = true;


     

       
17

       
+

       



     

       
18

       
+

       
  modules.caddy = {


     

       
19

       
+

       
    email = "ana@nekomimi.pet";


     

       
20

       
+

       
    reverseProxies = {


     

       
21

       
+

       
      "s3.nkp.pet" = ["valefar:3900" "morax:3900"];


     

       
22

       
+

       
    };


     

       
23

       
+

       
  };


     

       
24

       
+

       



     

       
25

       
 

       
  system.stateVersion = "25.05";


     

       
26

       
 

       



     

       
27

       
 

       
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+5
hosts/morax/hardware.nix 
···

       
18

       
 

       
      fsType = "ext4";


     

       
19

       
 

       
    };


     

       
20

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
21

       
 

       
  swapDevices = [ ];


     

       
22

       
 

       



     

       
23

       
 

       
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking


     
···

       
18

       
 

       
      fsType = "ext4";


     

       
19

       
 

       
    };


     

       
20

       
 

       



     

       
21

       
+

       
  fileSystems."/garage" = {


     

       
22

       
+

       
  device = "/dev/sda1";


     

       
23

       
+

       
    fsType = "ext4";


     

       
24

       
+

       
  };


     

       
25

       
+

       



     

       
26

       
 

       
  swapDevices = [ ];


     

       
27

       
 

       



     

       
28

       
 

       
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+14 -13
modules/caddy/default.nix 
···

       
12

       
 

       
  # Generate Caddyfile content from the proxy configuration


     

       
13

       
 

       
  generateCaddyfile = proxies: 


     

       
14

       
 

       
    let


     

       
15

       
-

       
      proxyEntries = mapAttrsToList (domain: upstream: ''


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
16

       
 

       
        ${domain} {


     

       
17

       
-

       
          reverse_proxy ${upstream}


     

       
18

       
 

       
          


     

       
19

       
 

       
          # Optional: Add some common headers for better proxying


     

       
20

       
 

       
          header_up Host {upstream_hostport}


     
···

       
33

       
 

       
      caddy = { 


     

       
34

       
 

       
        enable = mkEnableOption "Deploy Caddy";


     

       
35

       
 

       
        


     

       
36

       
-

       
        # New option for reverse proxy configuration


     

       
37

       
 

       
        reverseProxies = mkOption {


     

       
38

       
-

       
          type = types.attrsOf types.str;


     

       
39

       
 

       
          default = {};


     

       
40

       
-

       
          description = "Attribute set of domain to upstream mappings for reverse proxying";


     

       
41

       
 

       
          example = {


     

       
42

       
 

       
            "notes.nekomimi.pet" = "valefar:3009";


     

       
43

       
-

       
            "git.nekomimi.pet" = "morax:3000";


     

       

       

       
     

       
44

       
 

       
          };


     

       
45

       
 

       
        };


     

       
46

       
 

       
        


     

       
47

       
-

       
        # Optional: Allow custom Caddyfile content to be appended


     

       
48

       
 

       
        extraConfig = mkOption {


     

       
49

       
 

       
          type = types.lines;


     

       
50

       
 

       
          default = "";


     

       
51

       
 

       
          description = "Extra Caddyfile configuration to append";


     

       
52

       
 

       
        };


     

       
53

       
 

       
        


     

       
54

       
-

       
        # Optional: Email for ACME/Let's Encrypt


     

       
55

       
 

       
        email = mkOption {


     

       
56

       
 

       
          type = types.nullOr types.str;


     

       
57

       
 

       
          default = null;


     
···

       
64

       
 

       
  config = mkIf cfg.enable {


     

       
65

       
 

       
    # Allow network access when building


     

       
66

       
 

       
    # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy


     

       
67

       
-

       
    nix.settings.sandbox = false;


     

       
68

       
 

       



     

       
69

       
 

       
    networking.firewall.allowedTCPPorts = [


     

       
70

       
 

       
      80


     
···

       
74

       
 

       



     

       
75

       
 

       
    services.caddy = {


     

       
76

       
 

       
      enable = true;


     

       
77

       
-

       
      package = pkgs.caddy.withPlugins {


     

       
78

       
-

       
        plugins = [ "github.com/caddy-dns/cloudflare"];


     

       
79

       
 

       
        hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";


     

       
80

       
-

       
      };


     

       
81

       
 

       
      


     

       
82

       
-

       
      # Generate the Caddyfile from our configuration


     

       
83

       
 

       
      extraConfig = ''


     

       
84

       
 

       
        ${optionalString (cfg.email != null) ''


     

       
85

       
 

       
          {


     
···

       
12

       
 

       
  # Generate Caddyfile content from the proxy configuration


     

       
13

       
 

       
  generateCaddyfile = proxies: 


     

       
14

       
 

       
    let


     

       
15

       
+

       
      proxyEntries = mapAttrsToList (domain: upstreams: 


     

       
16

       
+

       
        let


     

       
17

       
+

       
          upstreamList = if isList upstreams then upstreams else [upstreams];


     

       
18

       
+

       
          upstreamStr = concatStringsSep " " upstreamList;


     

       
19

       
+

       
        in ''


     

       
20

       
 

       
        ${domain} {


     

       
21

       
+

       
          reverse_proxy ${upstreamStr}


     

       
22

       
 

       
          


     

       
23

       
 

       
          # Optional: Add some common headers for better proxying


     

       
24

       
 

       
          header_up Host {upstream_hostport}


     
···

       
37

       
 

       
      caddy = { 


     

       
38

       
 

       
        enable = mkEnableOption "Deploy Caddy";


     

       
39

       
 

       
        


     

       

       

       
     

       
40

       
 

       
        reverseProxies = mkOption {


     

       
41

       
+

       
          type = types.attrsOf (types.either types.str (types.listOf types.str));


     

       
42

       
 

       
          default = {};


     

       
43

       
+

       
          description = "Attribute set of domain to upstream mappings for reverse proxying. Upstreams can be a single string or a list of strings for load balancing.";


     

       
44

       
 

       
          example = {


     

       
45

       
 

       
            "notes.nekomimi.pet" = "valefar:3009";


     

       
46

       
+

       
            "git.nekomimi.pet" = ["morax:3000" "valefar:3000"];  # Load balance between multiple upstreams


     

       
47

       
+

       
            "api.nekomimi.pet" = ["server1:8080" "server2:8080" "server3:8080"];


     

       
48

       
 

       
          };


     

       
49

       
 

       
        };


     

       
50

       
 

       
        


     

       

       

       
     

       
51

       
 

       
        extraConfig = mkOption {


     

       
52

       
 

       
          type = types.lines;


     

       
53

       
 

       
          default = "";


     

       
54

       
 

       
          description = "Extra Caddyfile configuration to append";


     

       
55

       
 

       
        };


     

       
56

       
 

       
        


     

       

       

       
     

       
57

       
 

       
        email = mkOption {


     

       
58

       
 

       
          type = types.nullOr types.str;


     

       
59

       
 

       
          default = null;


     
···

       
66

       
 

       
  config = mkIf cfg.enable {


     

       
67

       
 

       
    # Allow network access when building


     

       
68

       
 

       
    # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy


     

       
69

       
+

       
    #nix.settings.sandbox = false;


     

       
70

       
 

       



     

       
71

       
 

       
    networking.firewall.allowedTCPPorts = [


     

       
72

       
 

       
      80


     
···

       
76

       
 

       



     

       
77

       
 

       
    services.caddy = {


     

       
78

       
 

       
      enable = true;


     

       
79

       
+

       
      /*package = pkgs.caddy.withPlugins {


     

       
80

       
+

       
        plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1"];


     

       
81

       
 

       
        hash = "sha256-1niaf801sijvjrqvw998y8x7b43a0g162h3ry530qwl8lrgkapii";


     

       
82

       
+

       
      };*/


     

       
83

       
 

       
      


     

       

       

       
     

       
84

       
 

       
      extraConfig = ''


     

       
85

       
 

       
        ${optionalString (cfg.email != null) ''


     

       
86

       
 

       
          {