caddy: moved reverse proxy config to secrets

2024-06-13 14:04:10 +07:00 · 2024-06-13 14:04:10 +07:00 · 0713245e6e
parent 507b91bc52
commit 0713245e6e
8 changed files with 20 additions and 36 deletions
--- a/options/default.nix
+++ b/options/default.nix
@ -5,6 +5,7 @@
    ./hyprland.nix
    ./docker.nix
    ./podman.nix
+    ./services.nix
  ];
  options.profile = {

--- a/options/services.nix
+++ b/options/services.nix
@ -0,0 +1,10 @@
+{ lib, ... }:
+let
+  inherit (lib) mkEnableOption;
+in
+{
+  options.profile.services = {
+    caddy.enable = mkEnableOption "caddy";
+    cockpit.enable = mkEnableOption "cockpit";
+  };
+}
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -32,5 +32,10 @@
      caddy.enable = false;
      kavita.enable = true;
    };
+
+    services = {
+      caddy.enable = true;
+      cockpit.enable = true;
+    };
  };
 }
--- a/system/modules/cockpit.nix
+++ b/system/modules/cockpit.nix
@ -1,29 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  cfg = config.profile.cockpit;
-in
-{
-  config = lib.mkIf cfg.enable {
-    environment.systemPackages = lib.mkIf config.profile.podman.enable [
-      (pkgs.callPackage ../packages/cockpit-podman.nix { })
-    ];
-    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
-      reverse_proxy 0.0.0.0:9090
-    '';
-    services.udisks2.enable = true;
-    services.cockpit = {
-      enable = true;
-      openFirewall = true;
-      settings = {
-        WebService = {
-          AllowUnencrypted = true;
-          ProtocolHeader = "X-Forwarded-Proto";
-          ForwardedForHeader = "X-Forwarded-For";
-        };
-        Session = {
-          IdleTimeout = 120; # 2 hours.
-        };
-      };
-    };
-  };
-}
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@ -7,7 +7,6 @@
    ./bluetooth.nix
    ./boot_loader.nix
    ./brightnessctl.nix
-    ./cockpit.nix
    ./flatpak.nix
    ./font.nix
    ./gnome.nix
--- a/system/podman/default.nix
+++ b/system/podman/default.nix
@ -4,7 +4,7 @@ let
 in
 {
  config = lib.mkIf cfg.enable {
-    services.caddy.enable = true;
+    # services.caddy.enable = true;
    environment.systemPackages = with pkgs; [
      dive # look into docker image layers
      podman-tui # status of containers in the terminal
--- a/system/services/caddy.nix
+++ b/system/services/caddy.nix
@ -1,11 +1,9 @@
 { config, lib, ... }:
 let
  cfg = config.profile.services.caddy;
-  inherit (lib) mkIf mkEnableOption;
+  inherit (lib) mkIf;
 in
 {
-  options.profile.services.caddy.enable = mkEnableOption "Caddy";
-
  config = mkIf cfg.enable {
    services.caddy = {
      enable = true;
--- a/system/services/cockpit.nix
+++ b/system/services/cockpit.nix
@ -1,10 +1,9 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.profile.services.cockpit;
-  inherit (lib) mkIf mkEnableOption;
+  inherit (lib) mkIf;
 in
 {
-  options.profile.services.cockpit.enable = mkEnableOption "cockpit";
  config = mkIf cfg.enable {
    environment.systemPackages = mkIf config.profile.podman.enable [
      (pkgs.callPackage ../packages/cockpit-podman.nix { })
@ -12,6 +11,7 @@ in
    sops.secrets."cockpit" = {
      sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
      path = "/etc/caddy/sites-enabled/cockpit";
+      mode = "0440";
    };
    services.cockpit = {
      enable = true;