system: added services config
This commit is contained in:
parent
906d35e44d
commit
507b91bc52
|
@ -1,5 +1,5 @@
|
||||||
#ENC[AES256_GCM,data:wyNRZzsDfae8R/ADyKc8w3Gx9mIQmx7yEEqWFCdhEtUTu5SPvQGwIB3zvV24Sk203jh4tA==,iv:mmPKoZVX241G6KvqbEMq/iqJDF7KVDOuF1kdanYgEgw=,tag:Uh8SxJHtESO+q97Xgp80Gg==,type:comment]
|
forgejo: ENC[AES256_GCM,data:w/qGCqEsbzhgCmGiy4pqvwjEbIWhOIPjQyQyNtbiBzadrFxG6+cxFQJ1gY/q9tENuogKoVdCtKdHYONM6gs+yd3+/Xk=,iv:u5P7so4J3OeHmnf33ss2X7f8GAA04I0/mw1/MUy6C3Y=,tag:nYhY/ecas7dPYP6FwEnOsg==,type:str]
|
||||||
forgejo: ENC[AES256_GCM,data:5XXkzc7U4/Fx9QtKPlB3BaF7STExgWz0RMpNxNEElF42Yh18pf6oV8O7cjhud4RiAi+y,iv:84F0WEzryK17RuAnix0EdXjfmA+ln9/ozPOlCRI65YA=,tag:ksRj3fXo3Bnd6zgd9vsSow==,type:str]
|
cockpit: ENC[AES256_GCM,data:5/ztOP1mJwKlcLS0RLqbre2nMOphIg59+/Dqz3njZW7jDJm37gMdgaPpY+eA5IWBMW7gZNCcVA==,iv:mmGsqA7U3rzhZ40BUReMlDaKxzKsDTw0mSZzcpu2QB4=,tag:jwmqiMGbENjX4B8GbPHcjw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -15,8 +15,8 @@ sops:
|
||||||
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
|
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
|
||||||
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
|
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-13T05:31:48Z"
|
lastmodified: "2024-06-13T06:44:09Z"
|
||||||
mac: ENC[AES256_GCM,data:J4oXHZeqH+h5Yq+wOzC0Bhx42/pS9hxeybeEtsWaymMgjKUbj4QpdF9mYXwRawp4juLrHIgGAypW0iFrgTkDpzY5AKrwN23CJQwxQtuCLkZXzm4QJ46fR60Rtf8Kx92wKpOaLknxa9k5L6nK0G7FU9m2afxPb5MsqH3o6WubVG8=,iv:49BL9vpS67SkhZbZlyjIl0Ip2MWwK5/tya/2O8mVXGE=,tag:9A08TsIP22nGNBMhmAGhrg==,type:str]
|
mac: ENC[AES256_GCM,data:S0/He8nAYp524SIteg1bd7aa4b7OJ2jshP/x+m9Grt+9fI8ZN42XpcW/u7JA6xV2eAJ7ZS4YBt965V6ttJu/Ric0xRzdG/evK9zrG0CFcoY8Di9eBU/KqBSyXxO7E/ZYamp9AQpkO9KzsSBYYStkZe4FjPy/5o4bSCjkLOIPO1w=,iv:OR42uFaNxMHAdaq1JZLz4B+cPZPJw5TP97W+rbHckK0=,tag:BXKF4WSHDZ63eyzNNBR2JA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
profile-path
|
profile-path
|
||||||
hardware-configuration
|
hardware-configuration
|
||||||
./modules
|
./modules
|
||||||
|
./services
|
||||||
./podman
|
./podman
|
||||||
./docker
|
./docker
|
||||||
./programs.nix
|
./programs.nix
|
||||||
|
|
17
system/services/caddy.nix
Normal file
17
system/services/caddy.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.caddy;
|
||||||
|
inherit (lib) mkIf mkEnableOption;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.profile.services.caddy.enable = mkEnableOption "Caddy";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.caddy = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
import /etc/caddy/sites-enabled/*
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
31
system/services/cockpit.nix
Normal file
31
system/services/cockpit.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.cockpit;
|
||||||
|
inherit (lib) mkIf mkEnableOption;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.profile.services.cockpit.enable = mkEnableOption "cockpit";
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
environment.systemPackages = mkIf config.profile.podman.enable [
|
||||||
|
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||||
|
];
|
||||||
|
sops.secrets."cockpit" = {
|
||||||
|
sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
|
||||||
|
path = "/etc/caddy/sites-enabled/cockpit";
|
||||||
|
};
|
||||||
|
services.cockpit = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
WebService = {
|
||||||
|
AllowUnencrypted = true;
|
||||||
|
ProtocolHeader = "X-Forwarded-Proto";
|
||||||
|
ForwardedForHeader = "X-Forwarded-For";
|
||||||
|
};
|
||||||
|
Session = {
|
||||||
|
IdleTimeout = 120; # 2 hours.
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
7
system/services/default.nix
Normal file
7
system/services/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./caddy.nix
|
||||||
|
./cockpit.nix
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in a new issue