commit 588c4d583671f45977a125cbf2d2ef872d2ab419 · pyrox.dev/nix

+37 -11
systems/x86_64-linux/prefect/services/caddy.nix
···

       15
       15
        
           enable = true;

     

       16
       16
        
           package = pkgs.caddy.withPlugins {

     

       17
       17
        
             plugins = [

     

       18
       18
       -
               "github.com/caddy-dns/desec@v0.0.0-20240526070323-822a6a2014b2"

     

       18
       18
       +
               "github.com/caddy-dns/desec@v1.0.1"

     

       19
       19
        
               "github.com/greenpau/caddy-security@v1.1.31"

     

       20
       20
        
               "github.com/tailscale/caddy-tailscale@v0.0.0-20250207163903-69a970c84556"

     

       21
       21
        
             ];

     

       22
       22
       -
             hash = "sha256-rvPZ/Lomx40tvlqqhUBIG9wCHJorN2FGus7gtO7ob/0=";

     

       22
       22
       +
             hash = "sha256-lsceZXoTPJCDjl84OQTZUTBRuVAxo8KMWjTXzCFwA6U=";

     

       23
       23
        
           };

     

       24
       24
        
           email = "pyrox@pyrox.dev";

     

       25
       25
        
           virtualHosts = {

     
···

       68
       68
        
             };

     

       69
       69
        
       

     

       70
       70
        
             # Authentik

     

       71
       71
       -
             "${pns.authentik.extUrl}:443" = reverseProxyToMarvin pns.authentik.port false;

     

       72
       72
       -
             "${pns.authentik.extUrl}:80" = reverseProxyToMarvin pns.authentik.port false;

     

       71
       71
       +
             "${pns.authentik.extUrl}:443" = {

     

       72
       72
       +
               serverAliases = [ "${pns.authentik.extUrl}:80" ];

     

       73
       73
       +
               extraConfig = ''

     

       74
       74
       +
                   reverse_proxy http://${marvin}:${toString pns.authentik.anubis} {

     

       75
       75
       +
                 		header_up X-Real-Ip {remote_host}

     

       76
       76
       +
                     header_up X-Http-Version {http.request.proto}

     

       77
       77
       +
                   }

     

       78
       78
       +
               '';

     

       79
       79
       +
             };

     

       73
       80
        
             "http://${pns.authentik.extUrl}:389" = reverseProxyToMarvin 389 false;

     

       74
       81
        
             "${pns.authentik.extUrl}:636" = reverseProxyToMarvin 636 false;

     

       75
       82
        
       

     
···

       86
       93
        
                   -X-Powered-By

     

       87
       94
        
                   -Last-Modified

     

       88
       95
        
                 }

     

       89
       89
       -
                 reverse_proxy ${marvin}:${toString pns.vaultwarden.port} {

     

       96
       96
       +
                 reverse_proxy ${marvin}:${toString pns.vaultwarden.anubis} {

     

       90
       97
        
                   header_up X-Real-IP {remote_host}

     

       98
       98
       +
                   header_up X-Http-Version {http.request.proto}

     

       91
       99
        
                 }

     

       92
       100
        
               '';

     

       93
       101
        
             };

     
···

       169
       177
        
             # Forgejo

     

       170
       178
        
             ${pns.git.extUrl} = {

     

       171
       179
        
               extraConfig = ''

     

       172
       172
       -
                 reverse_proxy http://${marvin}:${toString pns.git.port}

     

       180
       180
       +
                 reverse_proxy http://${marvin}:${toString pns.git.anubis} {

     

       181
       181
       +
                   header_up X-Real-Ip {remote_host}

     

       182
       182
       +
                   header_up X-Http-Version {http.request.proto}

     

       183
       183
       +
                 }

     

       173
       184
        
               '';

     

       174
       185
        
             };

     

       175
       186
        
       

     

       176
       187
        
             # Grafana

     

       177
       188
        
             ${pns.grafana.extUrl} = {

     

       178
       189
        
               extraConfig = ''

     

       179
       179
       -
                 reverse_proxy http://${marvin}:${toString pns.grafana.port}

     

       190
       190
       +
                 reverse_proxy http://${marvin}:${toString pns.grafana.anubis} {

     

       191
       191
       +
                   header_up X-Real-Ip {remote_host}

     

       192
       192
       +
                   header_up X-Http-Version {http.request.proto}

     

       193
       193
       +
                 }

     

       180
       194
        
               '';

     

       181
       195
        
             };

     

       182
       196
        
       

     

       183
       197
        
             # Miniflux

     

       184
       198
        
             ${pns.miniflux.extUrl} = {

     

       185
       199
        
               extraConfig = ''

     

       186
       186
       -
                 reverse_proxy http://${marvin}:${toString pns.miniflux.port}

     

       200
       200
       +
                 reverse_proxy http://${marvin}:${toString pns.miniflux.anubis} {

     

       201
       201
       +
                   header_up X-Real-Ip {remote_host}

     

       202
       202
       +
                   header_up X-Http-Version {http.request.proto}

     

       203
       203
       +
                 }

     

       187
       204
        
               '';

     

       188
       205
        
             };

     

       189
       206
        
       

     

       190
       207
        
             # Nextcloud

     

       191
       208
        
             ${pns.nextcloud.extUrl} = {

     

       192
       209
        
               extraConfig = ''

     

       193
       193
       -
                 reverse_proxy http://${marvin}:${toString pns.nextcloud.port}

     

       210
       210
       +
                 reverse_proxy http://${marvin}:${toString pns.nextcloud.anubis} {

     

       211
       211
       +
                   header_up X-Real-Ip {remote_host}

     

       212
       212
       +
                   header_up X-Http-Version {http.request.proto}

     

       213
       213
       +
                 }

     

       194
       214
        
               '';

     

       195
       215
        
             };

     

       196
       216
        
       

     

       197
       217
        
             # Nextcloud-Office(Collabora)

     

       198
       218
        
             ${pns.nextcloud-office.extUrl} = {

     

       199
       219
        
               extraConfig = ''

     

       200
       200
       -
                 reverse_proxy http://${marvin}:${toString pns.nextcloud-office.port}

     

       220
       220
       +
                 reverse_proxy http://${marvin}:${toString pns.nextcloud-office.anubis} {

     

       221
       221
       +
                   header_up X-Real-Ip {remote_host}

     

       222
       222
       +
                   header_up X-Http-Version {http.request.proto}

     

       223
       223
       +
                 }

     

       201
       224
        
               '';

     

       202
       225
        
             };

     

       203
       226
        
       

     

       204
       227
        
             # Planka

     

       205
       228
        
             ${pns.planka.extUrl} = {

     

       206
       229
        
               extraConfig = ''

     

       207
       207
       -
                 reverse_proxy http://${marvin}:${toString pns.planka.port}

     

       230
       230
       +
                 reverse_proxy http://${marvin}:${toString pns.planka.anubis} {

     

       231
       231
       +
                   header_up X-Real-Ip {remote_host}

     

       232
       232
       +
                   header_up X-Http-Version {http.request.proto}

     

       233
       233
       +
                 }

     

       208
       234
        
               '';

     

       209
       235
        
             };

     

       210
       236