feat: basic setup/test of https with caddy

2024-01-27 12:04:47 -03:00
parent d0034cc30a
commit 8c045c7a42
2 changed files with 29 additions and 0 deletions
--- a/hosts/homex/network.nix
+++ b/hosts/homex/network.nix
@@ -18,6 +18,25 @@
      enable = true;
      useRoutingFeatures = "both";
    };
+    systemd.services."tailscaled" = {
+      serviceConfig = {
+        Environment = [ "TS_PERMIT_CERT_UID=caddy" ];
+      };
+    };
+
+    services.caddy = {
+      enable = true;
+      virtualHosts."homex.kiko-liberty.ts.net".extraConfig = ''
+        respond "Hello, World"
+      '';
+      virtualHosts."guz.local".extraConfig = ''
+        respond "Hello, World"
+      '';
+      virtualHosts."adguard.guz.local".extraConfig = ''
+        reverse_proxy 192.168.1.10:3010
+      '';
+    };
+    networking.firewall.allowedTCPPorts = [ 80 433 ];

    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
--- a/modules/nixos/homelab/adguard.nix
+++ b/modules/nixos/homelab/adguard.nix
@@ -39,6 +39,16 @@ in
        http = {
          address = "${cfg.settings.server.address}:${toString cfg.settings.server.port}";
        };
+        dns.rewrites = [
+          {
+            domain = "guz.local";
+            answer = "100.66.139.89";
+          }
+          {
+            domain = "*.guz.local";
+            answer = "100.66.139.89";
+          }
+        ];
      };
    };
  };