caddy: moved reverse proxy config to secrets
This commit is contained in:
parent
507b91bc52
commit
0713245e6e
|
@ -5,6 +5,7 @@
|
||||||
./hyprland.nix
|
./hyprland.nix
|
||||||
./docker.nix
|
./docker.nix
|
||||||
./podman.nix
|
./podman.nix
|
||||||
|
./services.nix
|
||||||
];
|
];
|
||||||
options.profile = {
|
options.profile = {
|
||||||
|
|
||||||
|
|
10
options/services.nix
Normal file
10
options/services.nix
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.profile.services = {
|
||||||
|
caddy.enable = mkEnableOption "caddy";
|
||||||
|
cockpit.enable = mkEnableOption "cockpit";
|
||||||
|
};
|
||||||
|
}
|
|
@ -32,5 +32,10 @@
|
||||||
caddy.enable = false;
|
caddy.enable = false;
|
||||||
kavita.enable = true;
|
kavita.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
caddy.enable = true;
|
||||||
|
cockpit.enable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.profile.cockpit;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
environment.systemPackages = lib.mkIf config.profile.podman.enable [
|
|
||||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
|
||||||
];
|
|
||||||
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
|
|
||||||
reverse_proxy 0.0.0.0:9090
|
|
||||||
'';
|
|
||||||
services.udisks2.enable = true;
|
|
||||||
services.cockpit = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
settings = {
|
|
||||||
WebService = {
|
|
||||||
AllowUnencrypted = true;
|
|
||||||
ProtocolHeader = "X-Forwarded-Proto";
|
|
||||||
ForwardedForHeader = "X-Forwarded-For";
|
|
||||||
};
|
|
||||||
Session = {
|
|
||||||
IdleTimeout = 120; # 2 hours.
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -7,7 +7,6 @@
|
||||||
./bluetooth.nix
|
./bluetooth.nix
|
||||||
./boot_loader.nix
|
./boot_loader.nix
|
||||||
./brightnessctl.nix
|
./brightnessctl.nix
|
||||||
./cockpit.nix
|
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./font.nix
|
./font.nix
|
||||||
./gnome.nix
|
./gnome.nix
|
||||||
|
|
|
@ -4,7 +4,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.caddy.enable = true;
|
# services.caddy.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
dive # look into docker image layers
|
dive # look into docker image layers
|
||||||
podman-tui # status of containers in the terminal
|
podman-tui # status of containers in the terminal
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.services.caddy;
|
cfg = config.profile.services.caddy;
|
||||||
inherit (lib) mkIf mkEnableOption;
|
inherit (lib) mkIf;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.profile.services.caddy.enable = mkEnableOption "Caddy";
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.services.cockpit;
|
cfg = config.profile.services.cockpit;
|
||||||
inherit (lib) mkIf mkEnableOption;
|
inherit (lib) mkIf;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.profile.services.cockpit.enable = mkEnableOption "cockpit";
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = mkIf config.profile.podman.enable [
|
environment.systemPackages = mkIf config.profile.podman.enable [
|
||||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||||
|
@ -12,6 +11,7 @@ in
|
||||||
sops.secrets."cockpit" = {
|
sops.secrets."cockpit" = {
|
||||||
sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
|
sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
|
||||||
path = "/etc/caddy/sites-enabled/cockpit";
|
path = "/etc/caddy/sites-enabled/cockpit";
|
||||||
|
mode = "0440";
|
||||||
};
|
};
|
||||||
services.cockpit = {
|
services.cockpit = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in a new issue