From 0713245e6e1c39e953359b908ce4cedfdde3febd Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Thu, 13 Jun 2024 14:04:10 +0700 Subject: [PATCH] caddy: moved reverse proxy config to secrets --- options/default.nix | 1 + options/services.nix | 10 ++++++++++ profiles/homeserver.nix | 5 +++++ system/modules/cockpit.nix | 29 ----------------------------- system/modules/default.nix | 1 - system/podman/default.nix | 2 +- system/services/caddy.nix | 4 +--- system/services/cockpit.nix | 4 ++-- 8 files changed, 20 insertions(+), 36 deletions(-) create mode 100644 options/services.nix delete mode 100644 system/modules/cockpit.nix diff --git a/options/default.nix b/options/default.nix index 1486c43..799b016 100644 --- a/options/default.nix +++ b/options/default.nix @@ -5,6 +5,7 @@ ./hyprland.nix ./docker.nix ./podman.nix + ./services.nix ]; options.profile = { diff --git a/options/services.nix b/options/services.nix new file mode 100644 index 0000000..779243d --- /dev/null +++ b/options/services.nix @@ -0,0 +1,10 @@ +{ lib, ... }: +let + inherit (lib) mkEnableOption; +in +{ + options.profile.services = { + caddy.enable = mkEnableOption "caddy"; + cockpit.enable = mkEnableOption "cockpit"; + }; +} diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index 0f0c529..ffa97df 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -32,5 +32,10 @@ caddy.enable = false; kavita.enable = true; }; + + services = { + caddy.enable = true; + cockpit.enable = true; + }; }; } diff --git a/system/modules/cockpit.nix b/system/modules/cockpit.nix deleted file mode 100644 index c3e8e93..0000000 --- a/system/modules/cockpit.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: -let - cfg = config.profile.cockpit; -in -{ - config = lib.mkIf cfg.enable { - environment.systemPackages = lib.mkIf config.profile.podman.enable [ - (pkgs.callPackage ../packages/cockpit-podman.nix { }) - ]; - services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = '' - reverse_proxy 0.0.0.0:9090 - ''; - services.udisks2.enable = true; - services.cockpit = { - enable = true; - openFirewall = true; - settings = { - WebService = { - AllowUnencrypted = true; - ProtocolHeader = "X-Forwarded-Proto"; - ForwardedForHeader = "X-Forwarded-For"; - }; - Session = { - IdleTimeout = 120; # 2 hours. - }; - }; - }; - }; -} diff --git a/system/modules/default.nix b/system/modules/default.nix index 31f8bfa..d7d28d7 100644 --- a/system/modules/default.nix +++ b/system/modules/default.nix @@ -7,7 +7,6 @@ ./bluetooth.nix ./boot_loader.nix ./brightnessctl.nix - ./cockpit.nix ./flatpak.nix ./font.nix ./gnome.nix diff --git a/system/podman/default.nix b/system/podman/default.nix index 4a13c1d..34c206b 100644 --- a/system/podman/default.nix +++ b/system/podman/default.nix @@ -4,7 +4,7 @@ let in { config = lib.mkIf cfg.enable { - services.caddy.enable = true; + # services.caddy.enable = true; environment.systemPackages = with pkgs; [ dive # look into docker image layers podman-tui # status of containers in the terminal diff --git a/system/services/caddy.nix b/system/services/caddy.nix index 17cc8a1..da2bb71 100644 --- a/system/services/caddy.nix +++ b/system/services/caddy.nix @@ -1,11 +1,9 @@ { config, lib, ... }: let cfg = config.profile.services.caddy; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf; in { - options.profile.services.caddy.enable = mkEnableOption "Caddy"; - config = mkIf cfg.enable { services.caddy = { enable = true; diff --git a/system/services/cockpit.nix b/system/services/cockpit.nix index 08328ac..3f7a4e0 100644 --- a/system/services/cockpit.nix +++ b/system/services/cockpit.nix @@ -1,10 +1,9 @@ { config, lib, pkgs, ... }: let cfg = config.profile.services.cockpit; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf; in { - options.profile.services.cockpit.enable = mkEnableOption "cockpit"; config = mkIf cfg.enable { environment.systemPackages = mkIf config.profile.podman.enable [ (pkgs.callPackage ../packages/cockpit-podman.nix { }) @@ -12,6 +11,7 @@ in sops.secrets."cockpit" = { sopsFile = ../../secrets/caddy_reverse_proxy.yaml; path = "/etc/caddy/sites-enabled/cockpit"; + mode = "0440"; }; services.cockpit = { enable = true;