feat: handle local network server domains

2024-01-28 16:04:58 -03:00
parent 02985e0817
commit 8ca9a7a5d1
6 changed files with 107 additions and 40 deletions
--- a/hosts/homex/configuration.nix
+++ b/hosts/homex/configuration.nix
@@ -19,18 +19,9 @@
    enable = true;
    flakeDir = "/home/guz/.nix#homex";

-    adguard = {
-      enable = true;
-      settings.server = {
-        port = 3010;
-      };
-      settings.dns = {
-        rewrites = {
-          "guz.local" = "100.66.139.89";
-          "*.guz.local" = "100.66.139.89";
-        };
-      };
-    };
+    domain = "guz.local";
+    ip = "100.66.139.89";
+    localIp = "192.168.1.10";

    forgejo = {
      enable = true;
@@ -40,9 +31,6 @@
        password = /. + config.sops.secrets."forgejo/user1/password".path;
        admin = true;
      };
-      settings.server = {
-        port = 3020;
-      };
    };
  };

--- a/hosts/homex/network.nix
+++ b/hosts/homex/network.nix
@@ -18,30 +18,10 @@
      enable = true;
      useRoutingFeatures = "both";
    };
-    systemd.services."tailscaled" = {
-      serviceConfig = {
-        Environment = [ "TS_PERMIT_CERT_UID=caddy" ];
-      };
-    };
-
-    services.caddy = {
-      enable = true;
-      virtualHosts."homex.kiko-liberty.ts.net".extraConfig = ''
-        respond "Hello, World"
-      '';
-      virtualHosts."guz.local".extraConfig = ''
-        respond "Hello, World"
-      '';
-      virtualHosts."adguard.guz.local".extraConfig = ''
-        reverse_proxy 192.168.1.10:3010
-      '';
-    };
-    networking.firewall.allowedTCPPorts = [ 80 433 ];

    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;

-
    services.openssh.enable = true;
  };
 }
--- a/modules/nixos/homelab/adguard.nix
+++ b/modules/nixos/homelab/adguard.nix
@@ -11,14 +11,22 @@ in
      type = listOf str;
      default = [ ];
    };
+    domain = mkOption {
+      type = str;
+      default = "adguard." + config.homelab.domain;
+    };
+    port = mkOption {
+      type = port;
+      default = 3010;
+    };
    settings = {
      server.domain = mkOption {
        type = str;
-        default = "localhost";
+        default = cfg.domain;
      };
      server.port = mkOption {
        type = port;
-        default = 3000;
+        default = cfg.port;
      };
      server.address = mkOption {
        type = str;
--- a/modules/nixos/homelab/caddy.nix
+++ b/modules/nixos/homelab/caddy.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.homelab.caddy;
+in
+{
+  imports = [ ];
+  options.homelab.caddy = with lib; with lib.types; {
+    enable = mkEnableOption "";
+    settings = {
+      virtualHosts = mkOption {
+        type = attrsOf (submodule ({ config, lib, ... }: {
+          options = {
+            extraConfig = mkOption {
+              type = lines;
+              default = "";
+            };
+          };
+        }));
+        default = { };
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.caddy = {
+      enable = true;
+      virtualHosts = cfg.settings.virtualHosts;
+    };
+  };
+}
--- a/modules/nixos/homelab/default.nix
+++ b/modules/nixos/homelab/default.nix
@@ -23,8 +23,9 @@ let
 in
 {
  imports = [
-    ./forgejo.nix
    ./adguard.nix
+    ./caddy.nix
+    ./forgejo.nix
  ];
  options.homelab = with lib; with lib.types; {
    enable = mkEnableOption "";
@@ -36,10 +37,62 @@ in
      default = /data/homelab;
      description = "The Homelab central storage path";
    };
+    domain = mkOption {
+      type = either str path;
+      default = "homelab.local";
+    };
+    ip = mkOption {
+      type = str;
+    };
+    localIp = mkOption {
+      type = str;
+    };
+    handleDomains = mkOption {
+      type = bool;
+      default = true;
+    };
  };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = [
      homelab
    ];
+
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.handleDomains [ 80 433 ];
+
+    systemd.services."tailscaled" = lib.mkIf cfg.handleDomains {
+      serviceConfig = {
+        Environment = [ "TS_PERMIT_CERT_UID=caddy" ];
+      };
+    };
+
+    homelab = with lib; mkIf cfg.handleDomains {
+      adguard = {
+        enable = true;
+        settings.dns.rewrites = (if hasPrefix "*." cfg.domain then {
+          "${cfg.domain}" = cfg.ip;
+        } else {
+          "${cfg.domain}" = cfg.ip;
+          "${"*." + cfg.domain}" = cfg.ip;
+        });
+      };
+
+      caddy =
+        let
+          homelabServices = (lib.filterAttrs (n: v: builtins.isAttrs v && v?domain) cfg);
+        in
+        with lib;
+        mkIf cfg.handleDomains {
+          enable = true;
+          settings.virtualHosts = mapAttrs'
+            (name: value: nameValuePair (value.domain) ({
+              extraConfig = ''
+                reverse_proxy ${cfg.localIp}:${toString value.port}
+              '';
+            }))
+            homelabServices;
+        };
+    };
  };
 }
+
+
--- a/modules/nixos/homelab/forgejo.nix
+++ b/modules/nixos/homelab/forgejo.nix
@@ -27,6 +27,14 @@ in
      type = bool;
      default = true;
    };
+    domain = mkOption {
+      type = str;
+      default = "forgejo." + config.homelab.domain;
+    };
+    port = mkOption {
+      type = port;
+      default = 3020;
+    };
    data = {
      root = mkOption {
        type = path;
@@ -130,11 +138,11 @@ in
      };
      server.domain = mkOption {
        type = str;
-        default = "localhost";
+        default = cfg.domain;
      };
      server.port = mkOption {
        type = port;
-        default = 3000;
+        default = cfg.port;
      };
      server.address = mkOption {
        type = either str path;