yemou.pink / nix-configs
Nix configurations for my homelab
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

caddy: move from dandelion to lily

dandelion is being retired

yemou b8eedc02 4ae0ab1d

+56 -37
+24 -2
lily/config.nix
··· 6 6 ./services/fail2ban.nix 7 7 8 8 ../modules/basic.nix 9 + ../modules/caddy.nix 9 10 ../modules/development/nix.nix 10 11 ../modules/development/sh.nix 11 12 ../modules/editor.nix ··· 17 18 ../modules/nix.nix 18 19 ../modules/remote-builder.nix 19 20 21 + ../modules/services/caddy 22 + ../modules/services/caddy/atproto-did.nix 23 + ../modules/services/caddy/nextcloud.nix 24 + ../modules/services/caddy/pds.nix 25 + ../modules/services/caddy/soju.nix 26 + ../modules/services/caddy/tangled-knot.nix 27 + ../modules/services/caddy/websites/boo-b77.nix 28 + ../modules/services/caddy/websites/boo-y6d.nix 29 + ../modules/services/caddy/websites/org-biotabit.nix 30 + ../modules/services/caddy/websites/org-butwho.nix 31 + ../modules/services/caddy/websites/pink-lilac.nix 32 + ../modules/services/caddy/websites/pink-yemou.nix 33 + 20 34 ../modules/services/nextcloud.nix 21 35 ../modules/services/openssh.nix 22 36 ../modules/services/pds.nix 37 + ../modules/services/soju.nix 23 38 ../modules/services/tangled.nix 24 39 ]; 25 40 26 - garden.info.host = { 27 - server = true; 41 + garden = { 42 + caddy.package = { 43 + plugins = [ 44 + "github.com/mholt/caddy-events-exec@v0.1.0" 45 + "github.com/mholt/caddy-l4@v0.0.0-20250530154005-4d3c80e89c5f" 46 + ]; 47 + hash = "sha256-X+46XM2UzadAifeTvKOdUdawU8EaINUTIeCjAVVCGqU="; 48 + }; 49 + info.host.server = true; 28 50 }; 29 51 30 52 sops = {
-1
modules/openssh.nix
··· 19 19 settings = { 20 20 PasswordAuthentication = false; 21 21 PermitRootLogin = "no"; 22 - PerSourcePenalties = "no"; # TODO: Look into mmproxy or some other way of giving the client-ip to openssh 23 22 }; 24 23 }; 25 24 }
+2 -2
modules/services/caddy/nextcloud.nix
··· 1 - { config, ... }: 1 + { ... }: 2 2 { 3 3 services.caddy.virtualHosts."cloud.lilac.pink".extraConfig = '' 4 4 encode 5 - reverse_proxy ${config.garden.info.network.lily.netbird-ip}:80 { 5 + reverse_proxy [::1]:8080 { 6 6 # NixOS uses nginx as a webserver for NextCloud by default and nginx will send 301 redirects to the client 7 7 # using http as the protocol instead of https since it doesn't have SSL certs of its own. 8 8 # Because the redirect isn't also https, this can cause a Content-Security-Policy error on the client.
+5 -5
modules/services/caddy/pds.nix
··· 1 - { config, ... }: 1 + { ... }: 2 2 { 3 3 services.caddy = { 4 4 globalConfig = '' 5 5 on_demand_tls { 6 - ask http://${config.garden.info.network.lily.netbird-ip}:3000/tls-check 6 + ask http://[::1]:3000/tls-check 7 7 } 8 8 ''; 9 9 virtualHosts = { ··· 12 12 on_demand 13 13 } 14 14 encode 15 - reverse_proxy ${config.garden.info.network.lily.netbird-ip}:3000 15 + reverse_proxy [::1]:3000 16 16 ''; 17 17 "*.butwho.club".extraConfig = '' 18 18 tls { 19 19 on_demand 20 20 } 21 21 encode 22 - reverse_proxy ${config.garden.info.network.lily.netbird-ip}:3000 22 + reverse_proxy [::1]:3000 23 23 ''; 24 24 "*.butwho.social".extraConfig = '' 25 25 tls { 26 26 on_demand 27 27 } 28 28 encode 29 - reverse_proxy ${config.garden.info.network.lily.netbird-ip}:3000 29 + reverse_proxy [::1]:3000 30 30 ''; 31 31 }; 32 32 };
+2 -2
modules/services/caddy/soju.nix
··· 1 1 { ... }: 2 2 { 3 - networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ 6697 ]; 3 + networking.firewall.allowedTCPPorts = [ 6697 ]; 4 4 5 5 services.caddy.virtualHosts."soju.y6d.boo".extraConfig = '' 6 6 encode 7 - reverse_proxy [::1]:8080 7 + reverse_proxy [::1]:8081 8 8 ''; 9 9 10 10 garden.caddy.layer4 = ''
+2 -12
modules/services/caddy/tangled-knot.nix
··· 1 - { config, ... }: 1 + { ... }: 2 2 { 3 - networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ 22 ]; 4 - 5 3 services.caddy.virtualHosts."knot.butwho.org".extraConfig = '' 6 4 encode 7 - reverse_proxy ${config.garden.info.network.lily.netbird-ip}:5555 8 - ''; 9 - 10 - garden.caddy.layer4 = '' 11 - [::]:22 { 12 - route { 13 - proxy ${config.garden.info.network.lily.netbird-ip}:2222 14 - } 15 - } 5 + reverse_proxy [::1]:5555 16 6 ''; 17 7 }
+3
modules/services/caddy/websites/org-butwho.nix
··· 21 21 respond "{err.status_code} {err.status_text}" 22 22 } 23 23 ''; 24 + "butwho.club".extraConfig = '' 25 + redir https://butwho.org{uri} 26 + ''; 24 27 "butwho.social".extraConfig = '' 25 28 redir https://butwho.org{uri} 26 29 '';
+9 -8
modules/services/nextcloud.nix
··· 46 46 }; 47 47 48 48 # This is the port that nginx listens on by default 49 - networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 80 ]; 49 + 50 + services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [ 51 + { 52 + addr = "[::1]"; 53 + port = 8080; 54 + } 55 + ]; 50 56 51 57 services = { 52 58 redis.package = pkgs.valkey; ··· 74 80 maxUploadSize = "1G"; 75 81 notify_push = { 76 82 enable = true; 77 - nextcloudUrl = "http://${config.garden.info.network.${config.networking.hostName}.netbird-ip}"; 83 + nextcloudUrl = "http://[::1]:8080"; 78 84 }; 79 85 phpOptions = { 80 86 "opcache.interned_strings_buffer" = "16"; ··· 103 109 }; 104 110 "simpleSignUpLink.shown" = false; 105 111 trusted_proxies = [ 106 - config.garden.info.network.${config.networking.hostName}.netbird-ip 107 - config.garden.info.network.dandelion.netbird-ip 108 - config.garden.info.network.${config.networking.hostName}.ipv4-local 112 + "::1" 109 113 ]; 110 114 }; 111 115 }; ··· 115 119 services = { 116 120 # TODO: Need to make sure that this runs after nextcloud to avoid startup errors especially when there is a nextcloud 117 121 # upgrade 118 - nextcloud-notify_push_setup.environment = { 119 - NEXTCLOUD_URL = config.services.nextcloud.notify_push.nextcloudUrl; 120 - }; 121 122 nextcloud-generate-previews = { 122 123 enable = true; 123 124 description = "Nextcloud preview generator app (https://github.com/nextcloud/previewgenerator)";
+1 -1
modules/services/soju.nix
··· 5 5 hostName = "soju.y6d.boo"; 6 6 listen = [ 7 7 "irc+insecure://[::1]:6667" 8 - "http+insecure://[::1]:8080" # Needed for file-upload 8 + "http+insecure://[::1]:8081" # Needed for file-upload 9 9 ]; 10 10 acceptProxyIP = [ "localhost" ]; 11 11 enableMessageLogging = false; # This stores messages using the filesystem, I want to use the database.
+8 -4
modules/services/tangled.nix
··· 21 21 ''; 22 22 }; 23 23 24 - services.openssh.settings.AllowUsers = [ 25 - "${config.services.tangled-knot.gitUser}@${config.garden.info.network.dandelion.netbird-ip}" 26 - ]; 24 + services.openssh = { 25 + ports = [ 22 ]; 26 + settings.AllowUsers = [ "${config.services.tangled-knot.gitUser}" ]; 27 + }; 27 28 28 - networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 5555 ]; 29 + networking.firewall.allowedTCPPorts = [ 30 + 22 31 + 5555 32 + ]; 29 33 30 34 services.tangled-knot = { 31 35 enable = true;