caddy: moved reverse proxy config to secrets

This commit is contained in:
Tigor Hutasuhut 2024-06-13 14:04:10 +07:00
parent 507b91bc52
commit 0713245e6e
8 changed files with 20 additions and 36 deletions

View file

@ -5,6 +5,7 @@
./hyprland.nix ./hyprland.nix
./docker.nix ./docker.nix
./podman.nix ./podman.nix
./services.nix
]; ];
options.profile = { options.profile = {

10
options/services.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.profile.services = {
caddy.enable = mkEnableOption "caddy";
cockpit.enable = mkEnableOption "cockpit";
};
}

View file

@ -32,5 +32,10 @@
caddy.enable = false; caddy.enable = false;
kavita.enable = true; kavita.enable = true;
}; };
services = {
caddy.enable = true;
cockpit.enable = true;
};
}; };
} }

View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.cockpit;
in
{
config = lib.mkIf cfg.enable {
environment.systemPackages = lib.mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { })
];
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:9090
'';
services.udisks2.enable = true;
services.cockpit = {
enable = true;
openFirewall = true;
settings = {
WebService = {
AllowUnencrypted = true;
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
};
Session = {
IdleTimeout = 120; # 2 hours.
};
};
};
};
}

View file

@ -7,7 +7,6 @@
./bluetooth.nix ./bluetooth.nix
./boot_loader.nix ./boot_loader.nix
./brightnessctl.nix ./brightnessctl.nix
./cockpit.nix
./flatpak.nix ./flatpak.nix
./font.nix ./font.nix
./gnome.nix ./gnome.nix

View file

@ -4,7 +4,7 @@ let
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.caddy.enable = true; # services.caddy.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
dive # look into docker image layers dive # look into docker image layers
podman-tui # status of containers in the terminal podman-tui # status of containers in the terminal

View file

@ -1,11 +1,9 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.profile.services.caddy; cfg = config.profile.services.caddy;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf;
in in
{ {
options.profile.services.caddy.enable = mkEnableOption "Caddy";
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.caddy = { services.caddy = {
enable = true; enable = true;

View file

@ -1,10 +1,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.profile.services.cockpit; cfg = config.profile.services.cockpit;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf;
in in
{ {
options.profile.services.cockpit.enable = mkEnableOption "cockpit";
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = mkIf config.profile.podman.enable [ environment.systemPackages = mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { }) (pkgs.callPackage ../packages/cockpit-podman.nix { })
@ -12,6 +11,7 @@ in
sops.secrets."cockpit" = { sops.secrets."cockpit" = {
sopsFile = ../../secrets/caddy_reverse_proxy.yaml; sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
path = "/etc/caddy/sites-enabled/cockpit"; path = "/etc/caddy/sites-enabled/cockpit";
mode = "0440";
}; };
services.cockpit = { services.cockpit = {
enable = true; enable = true;