system: added services config

This commit is contained in:
Tigor Hutasuhut 2024-06-13 13:52:45 +07:00
parent 906d35e44d
commit 507b91bc52
5 changed files with 60 additions and 4 deletions

View file

@ -1,5 +1,5 @@
#ENC[AES256_GCM,data:wyNRZzsDfae8R/ADyKc8w3Gx9mIQmx7yEEqWFCdhEtUTu5SPvQGwIB3zvV24Sk203jh4tA==,iv:mmPKoZVX241G6KvqbEMq/iqJDF7KVDOuF1kdanYgEgw=,tag:Uh8SxJHtESO+q97Xgp80Gg==,type:comment]
forgejo: ENC[AES256_GCM,data:5XXkzc7U4/Fx9QtKPlB3BaF7STExgWz0RMpNxNEElF42Yh18pf6oV8O7cjhud4RiAi+y,iv:84F0WEzryK17RuAnix0EdXjfmA+ln9/ozPOlCRI65YA=,tag:ksRj3fXo3Bnd6zgd9vsSow==,type:str]
forgejo: ENC[AES256_GCM,data:w/qGCqEsbzhgCmGiy4pqvwjEbIWhOIPjQyQyNtbiBzadrFxG6+cxFQJ1gY/q9tENuogKoVdCtKdHYONM6gs+yd3+/Xk=,iv:u5P7so4J3OeHmnf33ss2X7f8GAA04I0/mw1/MUy6C3Y=,tag:nYhY/ecas7dPYP6FwEnOsg==,type:str]
cockpit: ENC[AES256_GCM,data:5/ztOP1mJwKlcLS0RLqbre2nMOphIg59+/Dqz3njZW7jDJm37gMdgaPpY+eA5IWBMW7gZNCcVA==,iv:mmGsqA7U3rzhZ40BUReMlDaKxzKsDTw0mSZzcpu2QB4=,tag:jwmqiMGbENjX4B8GbPHcjw==,type:str]
sops:
kms: []
gcp_kms: []
@ -15,8 +15,8 @@ sops:
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T05:31:48Z"
mac: ENC[AES256_GCM,data:J4oXHZeqH+h5Yq+wOzC0Bhx42/pS9hxeybeEtsWaymMgjKUbj4QpdF9mYXwRawp4juLrHIgGAypW0iFrgTkDpzY5AKrwN23CJQwxQtuCLkZXzm4QJ46fR60Rtf8Kx92wKpOaLknxa9k5L6nK0G7FU9m2afxPb5MsqH3o6WubVG8=,iv:49BL9vpS67SkhZbZlyjIl0Ip2MWwK5/tya/2O8mVXGE=,tag:9A08TsIP22nGNBMhmAGhrg==,type:str]
lastmodified: "2024-06-13T06:44:09Z"
mac: ENC[AES256_GCM,data:S0/He8nAYp524SIteg1bd7aa4b7OJ2jshP/x+m9Grt+9fI8ZN42XpcW/u7JA6xV2eAJ7ZS4YBt965V6ttJu/Ric0xRzdG/evK9zrG0CFcoY8Di9eBU/KqBSyXxO7E/ZYamp9AQpkO9KzsSBYYStkZe4FjPy/5o4bSCjkLOIPO1w=,iv:OR42uFaNxMHAdaq1JZLz4B+cPZPJw5TP97W+rbHckK0=,tag:BXKF4WSHDZ63eyzNNBR2JA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -4,6 +4,7 @@
profile-path
hardware-configuration
./modules
./services
./podman
./docker
./programs.nix

17
system/services/caddy.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
let
cfg = config.profile.services.caddy;
inherit (lib) mkIf mkEnableOption;
in
{
options.profile.services.caddy.enable = mkEnableOption "Caddy";
config = mkIf cfg.enable {
services.caddy = {
enable = true;
extraConfig = ''
import /etc/caddy/sites-enabled/*
'';
};
};
}

View file

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.cockpit;
inherit (lib) mkIf mkEnableOption;
in
{
options.profile.services.cockpit.enable = mkEnableOption "cockpit";
config = mkIf cfg.enable {
environment.systemPackages = mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { })
];
sops.secrets."cockpit" = {
sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
path = "/etc/caddy/sites-enabled/cockpit";
};
services.cockpit = {
enable = true;
openFirewall = true;
settings = {
WebService = {
AllowUnencrypted = true;
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
};
Session = {
IdleTimeout = 120; # 2 hours.
};
};
};
};
}

View file

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./caddy.nix
./cockpit.nix
];
}