commit 6b2455fffc9f1efb4a1067f3c7cf315c75d6fc20 · wiro.world/dotfiles

+1

.ignore

···

       1
       1
       +
       *.age

+1 -1

hosts/weird-row-server/authelia.nix

···

       8
       8
        
       

     

       9
       9
        
         authelia-metrics-port = 9004;

     

       10
       10
        
         headscale-hostname = "headscale.wiro.world";

     

       11
       11
       -
         grafana-hostname = "console.wiro.world";

     

       11
       11
       +
         grafana-hostname = "console.net.wiro.world";

     

       12
       12
        
         miniflux-hostname = "news.wiro.world";

     

       13
       13
        
       in

     

       14
       14
        
       {

+8 -2

hosts/weird-row-server/default.nix

···

       101
       101
        
             jails = { };

     

       102
       102
        
           };

     

       103
       103
        
       

     

       104
       104
       +
           age.secrets.caddy-env.file = secrets/caddy-env.age;

     

       104
       105
        
           services.caddy = {

     

       105
       106
        
             enable = true;

     

       106
       107
        
             package = pkgs.caddy.withPlugins {

     

       107
       107
       -
               doInstallCheck = false;

     

       108
       108
        
               plugins = [

     

       109
       109
       +
                 "github.com/caddy-dns/hetzner/v2@v2.0.0-preview-1"

     

       109
       110
        
                 "github.com/tailscale/caddy-tailscale@v0.0.0-20251016213337-01d084e119cb"

     

       110
       110
       -
                 "github.com/caddy-dns/hetzner@v2.0.0-preview-1"

     

       111
       111
        
               ];

     

       112
       112
        
               hash = "sha256-muKwDYs5Jp4ib/psZxpp1Kyfsqz6wPz/lpHFGtx67uY=";

     

       113
       113
        
             };

     

       114
       114
        
       

     

       115
       115
       +
             environmentFile = config.age.secrets.caddy-env.path;

     

       116
       116
       +
       

     

       115
       117
        
             globalConfig = ''

     

       116
       118
        
               tailscale {

     

       119
       119
       +
                 # this caddy instance already proxies headscale but needs to access headscale to start

     

       120
       120
       +
                 # control_url https://headscale.wiro.world

     

       121
       121
       +
                 control_url http://localhost:3006

     

       122
       122
       +
       

     

       117
       123
        
                 ephemeral

     

       118
       124
        
               }

     

       119
       125
        
             '';

+1 -1

hosts/weird-row-server/goatcounter.nix

···

       18
       18
        
       

     

       19
       19
        
           services.caddy = {

     

       20
       20
        
             virtualHosts.${goatcounter-hostname}.extraConfig = ''

     

       21
       21
       -
               reverse_proxy http://localhost:${toString goatcounter-port}

     

       21
       21
       +
               reverse_proxy http://localhost:${toString config.services.goatcounter.port}

     

       22
       22
        
             '';

     

       23
       23
        
           };

     

       24
       24
        
         };

+3 -2

hosts/weird-row-server/grafana.nix

···

       4
       4
        
       

     

       5
       5
        
       let

     

       6
       6
        
         grafana-port = 3002;

     

       7
       7
       -
         grafana-hostname = "console.wiro.world";

     

       7
       7
       +
         grafana-hostname = "console.net.wiro.world";

     

       8
       8
        
       

     

       9
       9
        
         prometheus-port = 9001;

     

       10
       10
        
         prometheus-node-exporter-port = 9002;

     
···

       76
       76
        
             globalConfig = ''

     

       77
       77
        
               metrics { per_host }

     

       78
       78
        
             '';

     

       79
       79
       -
             virtualHosts.${grafana-hostname}.extraConfig = ''

     

       79
       79
       +
             virtualHosts."http://${grafana-hostname}".extraConfig = ''

     

       80
       80
       +
               bind tailscale/console

     

       80
       81
        
               reverse_proxy http://localhost:${toString grafana-port}

     

       81
       82
        
             '';

     

       82
       83
        
           };

+4 -3

hosts/weird-row-server/lldap.nix

···

       4
       4
        
       

     

       5
       5
        
       let

     

       6
       6
        
         lldap-port = 3007;

     

       7
       7
       -
         lldap-hostname = "ldap.wiro.world";

     

       7
       7
       +
         lldap-hostname = "ldap.net.wiro.world";

     

       8
       8
        
       in

     

       9
       9
        
       {

     

       10
       10
        
         config = {

     
···

       30
       30
        
           };

     

       31
       31
        
       

     

       32
       32
        
           services.caddy = {

     

       33
       33
       -
             virtualHosts.${lldap-hostname}.extraConfig = ''

     

       34
       34
       -
               reverse_proxy http://localhost:${toString lldap-port}

     

       33
       33
       +
             virtualHosts."http://${lldap-hostname}".extraConfig = ''

     

       34
       34
       +
               bind tailscale/ldap

     

       35
       35
       +
               reverse_proxy http://localhost:${toString config.services.lldap.settings.http_port}

     

       35
       36
        
             '';

     

       36
       37
        
           };

     

       37
       38
        
         };

+2 -2

hosts/weird-row-server/pds.nix

···

       34
       34
        
             virtualHosts.${pds-hostname} = {

     

       35
       35
        
               serverAliases = [ "*.${pds-hostname}" ];

     

       36
       36
        
               extraConfig = ''

     

       37
       37
       -
                 	tls { on_demand }

     

       38
       38
       -
                   reverse_proxy http://localhost:${toString pds-port}

     

       37
       37
       +
               	tls { on_demand }

     

       38
       38
       +
                 reverse_proxy http://localhost:${toString config.services.bluesky-pds.settings.PDS_HOSTNAME}

     

       39
       39
        
               '';

     

       40
       40
        
             };

     

       41
       41
        
           };

hosts/weird-row-server/secrets/caddy-env.age

This is a binary file and will not be displayed.

+1

hosts/weird-row-server/secrets/default.nix

···

       23
       23
        
         # Defines `HYPIXEL_API_KEY`, `PROFILE_UUID`

     

       24
       24
        
         "hypixel-bank-tracker-main.age".publicKeys = deploy;

     

       25
       25
        
         "hypixel-bank-tracker-banana.age".publicKeys = deploy;

     

       26
       26
       +
         "caddy-env.age".publicKeys = deploy;

     

       26
       27
        
       }

+4 -3

hosts/weird-row-server/thelounge.nix

···

       4
       4
        
       

     

       5
       5
        
       let

     

       6
       6
        
         thelounge-port = 3005;

     

       7
       7
       -
         thelounge-hostname = "lounge.wiro.world";

     

       7
       7
       +
         thelounge-hostname = "irc-lounge.net.wiro.world";

     

       8
       8
        
       in

     

       9
       9
        
       {

     

       10
       10
        
         config = {

     
···

       22
       22
        
           };

     

       23
       23
        
       

     

       24
       24
        
           services.caddy = {

     

       25
       25
       -
             virtualHosts.${thelounge-hostname}.extraConfig = ''

     

       26
       26
       -
               reverse_proxy http://localhost:${toString thelounge-port}

     

       25
       25
       +
             virtualHosts."http://${thelounge-hostname}".extraConfig = ''

     

       26
       26
       +
               bind tailscale/irc-lounge

     

       27
       27
       +
               reverse_proxy http://localhost:${toString config.services.thelounge.port}

     

       27
       28
        
             '';

     

       28
       29
        
           };

     

       29
       30
        
         };

+1 -1

hosts/weird-row-server/vaultwarden.nix

···

       31
       31
        
       

     

       32
       32
        
           services.caddy = {

     

       33
       33
        
             virtualHosts.${vaultwarden-hostname}.extraConfig = ''

     

       34
       34
       -
               reverse_proxy http://localhost:${toString vaultwarden-port}

     

       34
       34
       +
               reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}

     

       35
       35
        
             '';

     

       36
       36
        
           };

     

       37
       37
        
         };

+3 -7

hosts/weird-row-server/warrior.nix

···

       4
       4
        
       

     

       5
       5
        
       let

     

       6
       6
        
         warrior-port = 3015;

     

       7
       7
       -
         warrior-hostname = "warrior.wiro.world";

     

       8
       8
       -
       

     

       9
       9
       -
         authelia-port = 3008;

     

       7
       7
       +
         warrior-hostname = "warrior.net.wiro.world";

     

       10
       8
        
       in

     

       11
       9
        
       {

     

       12
       10
        
         config = {

     
···

       17
       15
        
           };

     

       18
       16
        
       

     

       19
       17
        
           services.caddy = {

     

       20
       20
       -
             virtualHosts.${warrior-hostname}.extraConfig = ''

     

       21
       21
       -
               forward_auth localhost:${toString authelia-port} {

     

       22
       22
       -
                   uri /api/authz/forward-auth

     

       23
       23
       -
               }

     

       18
       18
       +
             virtualHosts."http://${warrior-hostname}".extraConfig = ''

     

       19
       19
       +
               bind tailscale/warrior

     

       24
       20
        
               reverse_proxy http://localhost:${toString warrior-port}

     

       25
       21
        
             '';

     

       26
       22
        
           };