From c760e55c2457668cd64a55bdf78a3a2b7f195fba Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Sun, 24 Nov 2024 21:49:24 +0700 Subject: [PATCH] nginx: remove caddy configs --- system/podman/memos.nix | 4 -- system/podman/minecraft.nix | 23 ----------- system/podman/morphos.nix | 4 -- system/podman/openobserve.nix | 11 ++++-- system/podman/pihole.nix | 8 +--- system/podman/qbittorrent.nix | 4 -- system/podman/redmage-demo.nix | 4 -- system/podman/redmage.nix | 11 ------ system/podman/servarr/bazarr.nix | 5 +-- system/podman/servarr/prowlarr.nix | 5 +-- system/podman/servarr/qbittorrent.nix | 4 -- system/podman/servarr/radarr.nix | 4 -- system/podman/servarr/rdtclient.nix | 4 -- system/podman/servarr/real-debrid-manager.nix | 4 -- system/podman/servarr/sonarr.nix | 8 ---- system/podman/suwayomi.nix | 5 +-- system/podman/valheim.nix | 6 +-- system/podman/ytptube.nix | 9 ----- system/services/cockpit.nix | 13 +++---- system/services/couchdb.nix | 15 +------- system/services/jellyfin.nix | 38 ++++--------------- system/services/kavita.nix | 3 -- system/services/navidrome.nix | 4 -- system/services/photoprism.nix | 7 +--- system/services/syncthing.nix | 3 -- 25 files changed, 28 insertions(+), 178 deletions(-) diff --git a/system/podman/memos.nix b/system/podman/memos.nix index d89f56d..2d2e870 100644 --- a/system/podman/memos.nix +++ b/system/podman/memos.nix @@ -13,10 +13,6 @@ let in { config = mkIf (podman.enable && podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:5230 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/minecraft.nix b/system/podman/minecraft.nix index 4a570bc..d9149cf 100644 --- a/system/podman/minecraft.nix +++ b/system/podman/minecraft.nix @@ -29,29 +29,6 @@ let in { config = mkIf (podman.enable && podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = # html - '' - header Content-Type text/html - respond < - - - Minecraft Server - - -

Congrats! The minecraft server should be up!

-

- This server is invitation only. - Please contact the server owner for more info. -

-

Server Address: ${domain}

-

Bedrock Server Port: 19132

-

Java Server Port: 25565

- - - EOF 200 - ''; - # Minecraft only autoupdates at startup # # To keep up with the update, restart the server at 4am everyday. diff --git a/system/podman/morphos.nix b/system/podman/morphos.nix index 212cbe4..4cf27f3 100644 --- a/system/podman/morphos.nix +++ b/system/podman/morphos.nix @@ -12,10 +12,6 @@ let in { config = mkIf (podman.enable && podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:8080 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/openobserve.nix b/system/podman/openobserve.nix index 2ecd7e6..b0cab3d 100644 --- a/system/podman/openobserve.nix +++ b/system/podman/openobserve.nix @@ -13,9 +13,14 @@ let in { config = mkIf (podman.enable && podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:5080 - ''; + services.nginx.virtualHosts.${domain} = { + useACMEHost = "tigor.web.id"; + forceSSL = true; + locations."/" = { + proxyPass = "http://${ip}:5080"; + proxyWebsockets = true; + }; + }; system.activationScripts."podman-${name}" = '' mkdir -p ${rootVolume}/data diff --git a/system/podman/pihole.nix b/system/podman/pihole.nix index 5624f44..1beaf40 100644 --- a/system/podman/pihole.nix +++ b/system/podman/pihole.nix @@ -11,12 +11,6 @@ let in { config = mkIf (podman.enable && pihole.enable) { - services.caddy.virtualHosts."pihole.tigor.web.id".extraConfig = '' - @root path / - redir @root /admin - reverse_proxy ${ip}:80 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; @@ -56,7 +50,7 @@ in # 192.168.100.5 {domain_name_1} # 192.168.100.5 {domain_name_2} # - # For each domain defined in services.caddy.virtualHosts + # For each domain defined in services.nginx.virtualHosts text = let inherit (lib) strings attrsets; diff --git a/system/podman/qbittorrent.nix b/system/podman/qbittorrent.nix index 9b4f59a..5fa1ffe 100644 --- a/system/podman/qbittorrent.nix +++ b/system/podman/qbittorrent.nix @@ -20,10 +20,6 @@ let in lib.mkMerge [ (mkIf (podman.enable && qbittorrent.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:8080 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/redmage-demo.nix b/system/podman/redmage-demo.nix index 5b33850..666d4b0 100644 --- a/system/podman/redmage-demo.nix +++ b/system/podman/redmage-demo.nix @@ -13,10 +13,6 @@ let in { config = mkIf (podman.enable && podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:8080 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/redmage.nix b/system/podman/redmage.nix index bc86018..d35d65b 100644 --- a/system/podman/redmage.nix +++ b/system/podman/redmage.nix @@ -13,17 +13,6 @@ let in { config = mkIf (podman.enable && podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - @botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot" - - handle @botForbidden { - respond /* "Access Denied" 403 { - close - } - } - reverse_proxy ${ip}:8080 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/servarr/bazarr.nix b/system/podman/servarr/bazarr.nix index fdd2669..770f844 100644 --- a/system/podman/servarr/bazarr.nix +++ b/system/podman/servarr/bazarr.nix @@ -16,15 +16,12 @@ let in { config = mkIf (podman.enable && bazarr.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:6767 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; locations."/" = { proxyPass = "http://${ip}:6767"; + proxyWebsockets = true; }; }; diff --git a/system/podman/servarr/prowlarr.nix b/system/podman/servarr/prowlarr.nix index 073554e..2ffce5b 100644 --- a/system/podman/servarr/prowlarr.nix +++ b/system/podman/servarr/prowlarr.nix @@ -18,15 +18,12 @@ let in { config = mkIf (podman.enable && prowlarr.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:9696 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; locations."/" = { proxyPass = "http://${ip}:9696"; + proxyWebsockets = true; }; }; diff --git a/system/podman/servarr/qbittorrent.nix b/system/podman/servarr/qbittorrent.nix index b6ce655..9c535c7 100644 --- a/system/podman/servarr/qbittorrent.nix +++ b/system/podman/servarr/qbittorrent.nix @@ -16,10 +16,6 @@ let in { config = mkIf (podman.enable && qbittorrent.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:8080 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/servarr/radarr.nix b/system/podman/servarr/radarr.nix index 727be68..b36ebe0 100644 --- a/system/podman/servarr/radarr.nix +++ b/system/podman/servarr/radarr.nix @@ -16,10 +16,6 @@ let in { config = mkIf (podman.enable && radarr.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:7878 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/servarr/rdtclient.nix b/system/podman/servarr/rdtclient.nix index fc03386..7585e16 100644 --- a/system/podman/servarr/rdtclient.nix +++ b/system/podman/servarr/rdtclient.nix @@ -16,10 +16,6 @@ let in { config = mkIf (podman.enable && cfg.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:6500 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/servarr/real-debrid-manager.nix b/system/podman/servarr/real-debrid-manager.nix index d71a9c7..dab3b96 100644 --- a/system/podman/servarr/real-debrid-manager.nix +++ b/system/podman/servarr/real-debrid-manager.nix @@ -17,10 +17,6 @@ let in { config = mkIf (podman.enable && real-debrid-manager.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:5000 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/servarr/sonarr.nix b/system/podman/servarr/sonarr.nix index ddf5f72..f75be62 100644 --- a/system/podman/servarr/sonarr.nix +++ b/system/podman/servarr/sonarr.nix @@ -20,10 +20,6 @@ let in { config = mkIf (podman.enable && sonarr.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:8989 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; @@ -38,10 +34,6 @@ in domain-anime ]; - services.caddy.virtualHosts.${domain-anime}.extraConfig = '' - reverse_proxy ${ip-anime}:8989 - ''; - services.nginx.virtualHosts.${domain-anime} = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/podman/suwayomi.nix b/system/podman/suwayomi.nix index 948dfb5..6080674 100644 --- a/system/podman/suwayomi.nix +++ b/system/podman/suwayomi.nix @@ -17,15 +17,12 @@ let in { config = mkIf (podman.enable && suwayomi.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:4567 - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; locations."/" = { proxyPass = "http://${ip}:4567"; + proxyWebsockets = true; }; }; diff --git a/system/podman/valheim.nix b/system/podman/valheim.nix index e53c37a..0638c70 100644 --- a/system/podman/valheim.nix +++ b/system/podman/valheim.nix @@ -15,10 +15,6 @@ let in lib.mkMerge [ (mkIf (podman.${name}.enable) { - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy ${ip}:80 - ''; - sops = let opts = { @@ -117,6 +113,6 @@ lib.mkMerge [ # }; # }; }) - { profile.services.ntfy-sh.client.settings.subscribe = [{ topic = "valheim"; }]; } + { profile.services.ntfy-sh.client.settings.subscribe = [ { topic = "valheim"; } ]; } # { profile.services.ntfy-sh.client.settings.subscribe = [{ topic = "valheim-hutasuhut"; }]; } ] diff --git a/system/podman/ytptube.nix b/system/podman/ytptube.nix index 2565cfb..989239c 100644 --- a/system/podman/ytptube.nix +++ b/system/podman/ytptube.nix @@ -76,15 +76,6 @@ lib.mkMerge [ domain ]; - services.caddy.virtualHosts.${domain}.extraConfig = '' - @require_auth not remote_ip private_ranges - - basic_auth @require_auth { - {$AUTH_USERNAME} {$AUTH_PASSWORD} - } - - reverse_proxy ${ip}:8081 - ''; system.activationScripts."podman-${name}" = '' mkdir -p ${volume} chown -R ${uid}:${gid} ${volume} /etc/podman/${name} diff --git a/system/services/cockpit.nix b/system/services/cockpit.nix index b16e588..2162ba9 100644 --- a/system/services/cockpit.nix +++ b/system/services/cockpit.nix @@ -20,19 +20,16 @@ in locations."/" = { proxyPass = "http://0.0.0.0:9090"; proxyWebsockets = true; + extraConfig = '' + if ($auth_ip != off) { + return 403; + } + ''; }; }; security.acme.certs."tigor.web.id".extraDomainNames = [ "cockpit.tigor.web.id" ]; - services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = # caddyfile - '' - @denied not remote_ip private_ranges - - respond @denied "Access denied" 403 - - reverse_proxy 0.0.0.0:9090 - ''; services.udisks2.enable = true; services.cockpit = { enable = true; diff --git a/system/services/couchdb.nix b/system/services/couchdb.nix index 615a8b9..0feb9d2 100644 --- a/system/services/couchdb.nix +++ b/system/services/couchdb.nix @@ -52,20 +52,7 @@ in }; }; - services.caddy.virtualHosts."couchdb.tigor.web.id".extraConfig = '' - @obsidian header Origin "app://obsidian.md" - header @obsidian { - Access-Control-Allow-Origin "app://obsidian.md" - Access-Control-Allow-Methods "OPTIONS,HEAD,GET,POST,PUT,PATCH,DELETE" - Access-Control-Allow-Credentials "true" - Access-Control-Allow-Headers "Authorization,Content-Type" - defer - } - @options method OPTIONS - respond @options 204 - - reverse_proxy localhost:5984 - ''; + # Have to NGINX module if this gets re-enabled services.couchdb = { enable = true; diff --git a/system/services/jellyfin.nix b/system/services/jellyfin.nix index 80976ec..71aeb63 100644 --- a/system/services/jellyfin.nix +++ b/system/services/jellyfin.nix @@ -21,7 +21,14 @@ in forceSSL = true; locations = { "= /metrics" = { - return = "403"; + proxyPass = "http://0.0.0.0:8096"; + extraConfig = + #nginx + '' + if ($auth_ip != off) { + return 403; + } + ''; }; "/" = { proxyPass = "http://0.0.0.0:8096"; @@ -35,35 +42,6 @@ in domain-jellyseerr ]; - services.caddy.virtualHosts."${domain}".extraConfig = '' - @public not remote_ip private_ranges - - handle_path /metrics { - header @public Content-Type text/html - respond @public < - - - Access Denied - - -

Access Denied

- - - HTML 403 - reverse_proxy 0.0.0.0:8096 - } - - handle { - reverse_proxy 0.0.0.0:8096 - } - ''; - services.caddy.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable { - extraConfig = '' - reverse_proxy 0.0.0.0:5055 - ''; - }; - services.nginx.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/services/kavita.nix b/system/services/kavita.nix index 5224a95..6a9e2c6 100644 --- a/system/services/kavita.nix +++ b/system/services/kavita.nix @@ -20,9 +20,6 @@ in owner = "kavita"; sopsFile = ../../secrets/kavita.yaml; }; - services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = '' - reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port} - ''; services.nginx.virtualHosts."kavita.tigor.web.id" = { useACMEHost = "tigor.web.id"; diff --git a/system/services/navidrome.nix b/system/services/navidrome.nix index 386f878..367b022 100644 --- a/system/services/navidrome.nix +++ b/system/services/navidrome.nix @@ -6,10 +6,6 @@ let in { config = mkIf cfg.enable { - services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = '' - reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port} - ''; - services.nginx.virtualHosts."navidrome.tigor.web.id" = { useACMEHost = "tigor.web.id"; forceSSL = true; diff --git a/system/services/photoprism.nix b/system/services/photoprism.nix index acdb2df..4ca2ff8 100644 --- a/system/services/photoprism.nix +++ b/system/services/photoprism.nix @@ -17,10 +17,6 @@ in users.groups.${user.name}.members = [ "photoprism" ]; - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy 0.0.0.0:${toString config.services.photoprism.port} - ''; - services.nginx.virtualHosts.${domain} = { useACMEHost = "tigor.web.id"; forceSSL = true; @@ -44,10 +40,9 @@ in passwordFile = config.sops.secrets."photoprism/admin_password".path; settings = { PHOTOPRISM_ADMIN_USER = "hutasuhut"; - PHOTOPRISM_INDEX_SCHEDULE = "0 */6 * * *"; + PHOTOPRISM_INDEX_SCHEDULE = "0 3 * * *"; PHOTOPRISM_DEFAULT_TIMEZONE = "Asia/Jakarta"; PHOTOPRISM_SITE_AUTHOR = "Tigor Hutasuhut"; - PHOTOPRISM_FACE_CLUSTER_CORE = "3"; }; }; diff --git a/system/services/syncthing.nix b/system/services/syncthing.nix index aacb192..db60b45 100644 --- a/system/services/syncthing.nix +++ b/system/services/syncthing.nix @@ -13,9 +13,6 @@ in mkdir -p ${dataDir} chown ${uid}:${gid} ${dataDir} ''; - services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = '' - reverse_proxy 0.0.0.0:8384 - ''; services.nginx.virtualHosts."syncthing.tigor.web.id" = { useACMEHost = "tigor.web.id";