pyrox.dev / nix
My Nix Configuration
fork atom

[prefect.caddy] Add pocket-id and block adding mail config

pyrox.dev 2d6cb810 0e521d60

verified
options
unified split
Changed files
+47 -33
systems
x86_64-linux
prefect
services
caddy.nix
+47 -33
systems/x86_64-linux/prefect/services/caddy.nix 
···

       
63

       
63

       
 

       
        '';


     

       
64

       
64

       
 

       
      };


     

       
65

       
65

       
 

       



     

       
66

       

       
-

       
      # Authentik


     

       

       
66

       
+

       
      # Authentication


     

       
67

       
67

       
 

       
      ${pns.pocket-id.extUrl} = {


     

       
68

       
68

       
 

       
        extraConfig = ''


     

       
69

       
69

       
 

       
          reverse_proxy /api/* ${marvin}:${toString pns.pocket-id.be-port} {


     
···

       
235

       
235

       
 

       
        '';


     

       
236

       
236

       
 

       
      };


     

       
237

       
237

       
 

       



     

       

       
238

       
+

       
      # Pingvin Share


     

       

       
239

       
+

       
      ${pns.pingvin-share.extUrl} = {


     

       

       
240

       
+

       
        extraConfig = ''


     

       

       
241

       
+

       
          reverse_proxy /api/* ${marvin}:${toString pns.pingvin-share.be-anubis} {


     

       

       
242

       
+

       
            header_up X-Real-IP {remote_host}


     

       

       
243

       
+

       
            header_up X-Http-Version {http.request.proto}


     

       

       
244

       
+

       
          }


     

       

       
245

       
+

       
          reverse_proxy /* ${marvin}:${toString pns.pingvin-share.anubis} {


     

       

       
246

       
+

       
            header_up X-Real-IP {remote_host}


     

       

       
247

       
+

       
            header_up X-Http-Version {http.request.proto}


     

       

       
248

       
+

       
          }


     

       

       
249

       
+

       
        '';


     

       

       
250

       
+

       
      };


     

       

       
251

       
+

       



     

       
238

       
252

       
 

       
      # Simple Tailscale Hosts


     

       
239

       
253

       
 

       



     

       
240

       
254

       
 

       
      # Deemix


     
···

       
253

       
267

       
 

       
          reverse_proxy ${marvin}:${toString pns.pinchflat.port}


     

       
254

       
268

       
 

       
        '';


     

       
255

       
269

       
 

       
      };


     

       
256

       

       
-

       
      "mail.pyrox.dev:80" = {


     

       
257

       

       
-

       
        extraConfig = ''


     

       
258

       

       
-

       
          reverse_proxy ${marvin}:${mail.intHTTP}


     

       
259

       

       
-

       
        '';


     

       
260

       

       
-

       
      };


     

       

       
270

       
+

       
      # "mail.pyrox.dev:80" = {


     

       

       
271

       
+

       
      #   extraConfig = ''


     

       

       
272

       
+

       
      #     reverse_proxy ${marvin}:${mail.intHTTP}


     

       

       
273

       
+

       
      #   '';


     

       

       
274

       
+

       
      # };


     

       
261

       
275

       
 

       
    };


     

       
262

       
276

       
 

       
    # Mail Config


     

       
263

       
277

       
 

       
    extraConfig = ''


     

       
264

       

       
-

       
      filesystem blog-repo git ${marvin}:${pns.git.port}/pyrox/new-blog {


     

       

       
278

       
+

       
      filesystem blog-repo git ${marvin}:${toString pns.git.port}/pyrox/new-blog {


     

       
265

       
279

       
 

       
        ref pages


     

       
266

       
280

       
 

       
        refresh_period 10m


     

       
267

       
281

       
 

       
      }


     

       
268

       

       
-

       
      layer4 {


     

       
269

       

       
-

       
        0.0.0.0:465 {


     

       
270

       

       
-

       
          route {


     

       
271

       

       
-

       
            proxy {


     

       
272

       

       
-

       
              proxy_protocol v2


     

       
273

       

       
-

       
              upstream ${marvinIP}:${mail.intSMTPS}


     

       
274

       

       
-

       
            }


     

       
275

       

       
-

       
          }


     

       
276

       

       
-

       
        }


     

       
277

       

       
-

       
        0.0.0.0:993 {


     

       
278

       

       
-

       
          route {


     

       
279

       

       
-

       
            proxy {


     

       
280

       

       
-

       
              proxy_protocol v2


     

       
281

       

       
-

       
              upstream ${marvinIP}:${mail.intIMAPS}


     

       
282

       

       
-

       
            }


     

       
283

       

       
-

       
          }


     

       
284

       

       
-

       
        }


     

       
285

       

       
-

       
        0.0.0.0:4190 {


     

       
286

       

       
-

       
          route {


     

       
287

       

       
-

       
            proxy {


     

       
288

       

       
-

       
              proxy_protocol v2


     

       
289

       

       
-

       
              upstream ${marvinIP}:${mail.intManageSieve}


     

       
290

       

       
-

       
            }


     

       
291

       

       
-

       
          }


     

       
292

       

       
-

       
        }


     

       
293

       

       
-

       
      }


     

       
294

       
282

       
 

       
    '';


     

       

       
283

       
+

       
    # layer4 {


     

       

       
284

       
+

       
    #   0.0.0.0:465 {


     

       

       
285

       
+

       
    #     route {


     

       

       
286

       
+

       
    #       proxy {


     

       

       
287

       
+

       
    #         proxy_protocol v2


     

       

       
288

       
+

       
    #         upstream ${marvinIP}:${mail.intSMTPS}


     

       

       
289

       
+

       
    #       }


     

       

       
290

       
+

       
    #     }


     

       

       
291

       
+

       
    #   }


     

       

       
292

       
+

       
    #   0.0.0.0:993 {


     

       

       
293

       
+

       
    #     route {


     

       

       
294

       
+

       
    #       proxy {


     

       

       
295

       
+

       
    #         proxy_protocol v2


     

       

       
296

       
+

       
    #         upstream ${marvinIP}:${mail.intIMAPS}


     

       

       
297

       
+

       
    #       }


     

       

       
298

       
+

       
    #     }


     

       

       
299

       
+

       
    #   }


     

       

       
300

       
+

       
    #   0.0.0.0:4190 {


     

       

       
301

       
+

       
    #     route {


     

       

       
302

       
+

       
    #       proxy {


     

       

       
303

       
+

       
    #         proxy_protocol v2


     

       

       
304

       
+

       
    #         upstream ${marvinIP}:${mail.intManageSieve}


     

       

       
305

       
+

       
    #       }


     

       

       
306

       
+

       
    #     }


     

       

       
307

       
+

       
    #   }


     

       

       
308

       
+

       
    # }


     

       
295

       
309

       
 

       
  };


     

       
296

       
310

       
 

       
  systemd.services.caddy.serviceConfig.CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";


     

       
297

       
311

       
 

       
  systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";