tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

nginx: remove caddy configs

Browse source
This commit is contained in:
Tigor Hutasuhut 2024-11-24 21:49:24 +07:00
parent d85d2eeaf2
commit c760e55c24
25 changed files with 28 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
system/podman/memos.nix
View file

@ -13,10 +13,6 @@ let
in in
{ {
config = mkIf (podman.enable && podman.${name}.enable) { config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:5230
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

23
system/podman/minecraft.nix
View file

@ -29,29 +29,6 @@ let
in in
{ {
config = mkIf (podman.enable && podman.${name}.enable) { config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = # html
''
header Content-Type text/html
respond <<EOF
<!DOCTYPE html>
<html>
<head>
<title>Minecraft Server</title>
</head>
<body>
<h1>Congrats! The minecraft server should be up!</h1>
<h2>
This server is invitation only.
Please contact the server owner for more info.
</h2>
<p>Server Address: <b>${domain}</b></p>
<p>Bedrock Server Port: <b>19132</b></p>
<p>Java Server Port: <b>25565</b></p>
</body>
</html>
EOF 200
'';
# Minecraft only autoupdates at startup # Minecraft only autoupdates at startup
# #
# To keep up with the update, restart the server at 4am everyday. # To keep up with the update, restart the server at 4am everyday.

4
system/podman/morphos.nix
View file

@ -12,10 +12,6 @@ let
in in
{ {
config = mkIf (podman.enable && podman.${name}.enable) { config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

11
system/podman/openobserve.nix
View file

@ -13,9 +13,14 @@ let
in in
{ {
config = mkIf (podman.enable && podman.${name}.enable) { config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = '' services.nginx.virtualHosts.${domain} = {
reverse_proxy ${ip}:5080 useACMEHost = "tigor.web.id";
''; forceSSL = true;
locations."/" = {
proxyPass = "http://${ip}:5080";
proxyWebsockets = true;
};
};
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/data mkdir -p ${rootVolume}/data

8
system/podman/pihole.nix
View file

@ -11,12 +11,6 @@ let
in in
{ {
config = mkIf (podman.enable && pihole.enable) { config = mkIf (podman.enable && pihole.enable) {
services.caddy.virtualHosts."pihole.tigor.web.id".extraConfig = ''
@root path /
redir @root /admin
reverse_proxy ${ip}:80
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;
@ -56,7 +50,7 @@ in
# 192.168.100.5 {domain_name_1} # 192.168.100.5 {domain_name_1}
# 192.168.100.5 {domain_name_2} # 192.168.100.5 {domain_name_2}
# #
# For each domain defined in services.caddy.virtualHosts # For each domain defined in services.nginx.virtualHosts
text = text =
let let
inherit (lib) strings attrsets; inherit (lib) strings attrsets;

4
system/podman/qbittorrent.nix
View file

@ -20,10 +20,6 @@ let
in in
lib.mkMerge [ lib.mkMerge [
(mkIf (podman.enable && qbittorrent.enable) { (mkIf (podman.enable && qbittorrent.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

4
system/podman/redmage-demo.nix
View file

@ -13,10 +13,6 @@ let
in in
{ {
config = mkIf (podman.enable && podman.${name}.enable) { config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

11
system/podman/redmage.nix
View file

@ -13,17 +13,6 @@ let
in in
{ {
config = mkIf (podman.enable && podman.${name}.enable) { config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
@botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
handle @botForbidden {
respond /* "Access Denied" 403 {
close
}
}
reverse_proxy ${ip}:8080
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

5
system/podman/servarr/bazarr.nix
View file

@ -16,15 +16,12 @@ let
in in
{ {
config = mkIf (podman.enable && bazarr.enable) { config = mkIf (podman.enable && bazarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:6767
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${ip}:6767"; proxyPass = "http://${ip}:6767";
proxyWebsockets = true;
}; };
}; };

5
system/podman/servarr/prowlarr.nix
View file

@ -18,15 +18,12 @@ let
in in
{ {
config = mkIf (podman.enable && prowlarr.enable) { config = mkIf (podman.enable && prowlarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:9696
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${ip}:9696"; proxyPass = "http://${ip}:9696";
proxyWebsockets = true;
}; };
}; };

4
system/podman/servarr/qbittorrent.nix
View file

@ -16,10 +16,6 @@ let
in in
{ {
config = mkIf (podman.enable && qbittorrent.enable) { config = mkIf (podman.enable && qbittorrent.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

4
system/podman/servarr/radarr.nix
View file

@ -16,10 +16,6 @@ let
in in
{ {
config = mkIf (podman.enable && radarr.enable) { config = mkIf (podman.enable && radarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:7878
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

4
system/podman/servarr/rdtclient.nix
View file

@ -16,10 +16,6 @@ let
in in
{ {
config = mkIf (podman.enable && cfg.enable) { config = mkIf (podman.enable && cfg.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:6500
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

4
system/podman/servarr/real-debrid-manager.nix
View file

@ -17,10 +17,6 @@ let
in in
{ {
config = mkIf (podman.enable && real-debrid-manager.enable) { config = mkIf (podman.enable && real-debrid-manager.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:5000
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

8
system/podman/servarr/sonarr.nix
View file

@ -20,10 +20,6 @@ let
in in
{ {
config = mkIf (podman.enable && sonarr.enable) { config = mkIf (podman.enable && sonarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8989
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;
@ -38,10 +34,6 @@ in
domain-anime domain-anime
]; ];
services.caddy.virtualHosts.${domain-anime}.extraConfig = ''
reverse_proxy ${ip-anime}:8989
'';
services.nginx.virtualHosts.${domain-anime} = { services.nginx.virtualHosts.${domain-anime} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

5
system/podman/suwayomi.nix
View file

@ -17,15 +17,12 @@ let
in in
{ {
config = mkIf (podman.enable && suwayomi.enable) { config = mkIf (podman.enable && suwayomi.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:4567
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${ip}:4567"; proxyPass = "http://${ip}:4567";
proxyWebsockets = true;
}; };
}; };

4
system/podman/valheim.nix
View file

@ -15,10 +15,6 @@ let
in in
lib.mkMerge [ lib.mkMerge [
(mkIf (podman.${name}.enable) { (mkIf (podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:80
'';
sops = sops =
let let
opts = { opts = {

9
system/podman/ytptube.nix
View file

@ -76,15 +76,6 @@ lib.mkMerge [
domain domain
]; ];
services.caddy.virtualHosts.${domain}.extraConfig = ''
@require_auth not remote_ip private_ranges
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${ip}:8081
'';
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${volume} mkdir -p ${volume}
chown -R ${uid}:${gid} ${volume} /etc/podman/${name} chown -R ${uid}:${gid} ${volume} /etc/podman/${name}

13
system/services/cockpit.nix
View file

@ -20,19 +20,16 @@ in
locations."/" = { locations."/" = {
proxyPass = "http://0.0.0.0:9090"; proxyPass = "http://0.0.0.0:9090";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = ''
if ($auth_ip != off) {
return 403;
}
'';
}; };
}; };
security.acme.certs."tigor.web.id".extraDomainNames = [ "cockpit.tigor.web.id" ]; security.acme.certs."tigor.web.id".extraDomainNames = [ "cockpit.tigor.web.id" ];
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = # caddyfile
''
@denied not remote_ip private_ranges
respond @denied "Access denied" 403
reverse_proxy 0.0.0.0:9090
'';
services.udisks2.enable = true; services.udisks2.enable = true;
services.cockpit = { services.cockpit = {
enable = true; enable = true;

15
system/services/couchdb.nix
View file

@ -52,20 +52,7 @@ in
}; };
}; };
services.caddy.virtualHosts."couchdb.tigor.web.id".extraConfig = '' # Have to NGINX module if this gets re-enabled
@obsidian header Origin "app://obsidian.md"
header @obsidian {
Access-Control-Allow-Origin "app://obsidian.md"
Access-Control-Allow-Methods "OPTIONS,HEAD,GET,POST,PUT,PATCH,DELETE"
Access-Control-Allow-Credentials "true"
Access-Control-Allow-Headers "Authorization,Content-Type"
defer
}
@options method OPTIONS
respond @options 204
reverse_proxy localhost:5984
'';
services.couchdb = { services.couchdb = {
enable = true; enable = true;

38
system/services/jellyfin.nix
View file

@ -21,7 +21,14 @@ in
forceSSL = true; forceSSL = true;
locations = { locations = {
"= /metrics" = { "= /metrics" = {
return = "403"; proxyPass = "http://0.0.0.0:8096";
extraConfig =
#nginx
''
if ($auth_ip != off) {
return 403;
}
'';
}; };
"/" = { "/" = {
proxyPass = "http://0.0.0.0:8096"; proxyPass = "http://0.0.0.0:8096";
@ -35,35 +42,6 @@ in
domain-jellyseerr domain-jellyseerr
]; ];
services.caddy.virtualHosts."${domain}".extraConfig = ''
@public not remote_ip private_ranges
handle_path /metrics {
header @public Content-Type text/html
respond @public <<HTML
<!DOCTYPE html>
<html>
<head>
<title>Access Denied</title>
</head>
<body>
<h1>Access Denied</h1>
</body>
</html>
HTML 403
reverse_proxy 0.0.0.0:8096
}
handle {
reverse_proxy 0.0.0.0:8096
}
'';
services.caddy.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable {
extraConfig = ''
reverse_proxy 0.0.0.0:5055
'';
};
services.nginx.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable { services.nginx.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

3
system/services/kavita.nix
View file

@ -20,9 +20,6 @@ in
owner = "kavita"; owner = "kavita";
sopsFile = ../../secrets/kavita.yaml; sopsFile = ../../secrets/kavita.yaml;
}; };
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port}
'';
services.nginx.virtualHosts."kavita.tigor.web.id" = { services.nginx.virtualHosts."kavita.tigor.web.id" = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";

4
system/services/navidrome.nix
View file

@ -6,10 +6,6 @@ let
in in
{ {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
'';
services.nginx.virtualHosts."navidrome.tigor.web.id" = { services.nginx.virtualHosts."navidrome.tigor.web.id" = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;

7
system/services/photoprism.nix
View file

@ -17,10 +17,6 @@ in
users.groups.${user.name}.members = [ "photoprism" ]; users.groups.${user.name}.members = [ "photoprism" ];
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy 0.0.0.0:${toString config.services.photoprism.port}
'';
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";
forceSSL = true; forceSSL = true;
@ -44,10 +40,9 @@ in
passwordFile = config.sops.secrets."photoprism/admin_password".path; passwordFile = config.sops.secrets."photoprism/admin_password".path;
settings = { settings = {
PHOTOPRISM_ADMIN_USER = "hutasuhut"; PHOTOPRISM_ADMIN_USER = "hutasuhut";
PHOTOPRISM_INDEX_SCHEDULE = "0 */6 * * *"; PHOTOPRISM_INDEX_SCHEDULE = "0 3 * * *";
PHOTOPRISM_DEFAULT_TIMEZONE = "Asia/Jakarta"; PHOTOPRISM_DEFAULT_TIMEZONE = "Asia/Jakarta";
PHOTOPRISM_SITE_AUTHOR = "Tigor Hutasuhut"; PHOTOPRISM_SITE_AUTHOR = "Tigor Hutasuhut";
PHOTOPRISM_FACE_CLUSTER_CORE = "3"; PHOTOPRISM_FACE_CLUSTER_CORE = "3";
}; };
}; };

3
system/services/syncthing.nix
View file

@ -13,9 +13,6 @@ in
mkdir -p ${dataDir} mkdir -p ${dataDir}
chown ${uid}:${gid} ${dataDir} chown ${uid}:${gid} ${dataDir}
''; '';
services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = ''
reverse_proxy 0.0.0.0:8384
'';
services.nginx.virtualHosts."syncthing.tigor.web.id" = { services.nginx.virtualHosts."syncthing.tigor.web.id" = {
useACMEHost = "tigor.web.id"; useACMEHost = "tigor.web.id";