From 8ca9a7a5d19d4b31141b3f748ccf7a2639f0edca Mon Sep 17 00:00:00 2001 From: "Gustavo \"Guz\" L. de Mello" Date: Sun, 28 Jan 2024 16:04:58 -0300 Subject: [PATCH] feat: handle local network server domains --- hosts/homex/configuration.nix | 18 ++-------- hosts/homex/network.nix | 20 ----------- modules/nixos/homelab/adguard.nix | 12 +++++-- modules/nixos/homelab/caddy.nix | 30 +++++++++++++++++ modules/nixos/homelab/default.nix | 55 ++++++++++++++++++++++++++++++- modules/nixos/homelab/forgejo.nix | 12 +++++-- 6 files changed, 107 insertions(+), 40 deletions(-) create mode 100644 modules/nixos/homelab/caddy.nix diff --git a/hosts/homex/configuration.nix b/hosts/homex/configuration.nix index 2fba71d..3441c11 100644 --- a/hosts/homex/configuration.nix +++ b/hosts/homex/configuration.nix @@ -19,18 +19,9 @@ enable = true; flakeDir = "/home/guz/.nix#homex"; - adguard = { - enable = true; - settings.server = { - port = 3010; - }; - settings.dns = { - rewrites = { - "guz.local" = "100.66.139.89"; - "*.guz.local" = "100.66.139.89"; - }; - }; - }; + domain = "guz.local"; + ip = "100.66.139.89"; + localIp = "192.168.1.10"; forgejo = { enable = true; @@ -40,9 +31,6 @@ password = /. + config.sops.secrets."forgejo/user1/password".path; admin = true; }; - settings.server = { - port = 3020; - }; }; }; diff --git a/hosts/homex/network.nix b/hosts/homex/network.nix index 14fec53..4b0f05b 100644 --- a/hosts/homex/network.nix +++ b/hosts/homex/network.nix @@ -18,30 +18,10 @@ enable = true; useRoutingFeatures = "both"; }; - systemd.services."tailscaled" = { - serviceConfig = { - Environment = [ "TS_PERMIT_CERT_UID=caddy" ]; - }; - }; - - services.caddy = { - enable = true; - virtualHosts."homex.kiko-liberty.ts.net".extraConfig = '' - respond "Hello, World" - ''; - virtualHosts."guz.local".extraConfig = '' - respond "Hello, World" - ''; - virtualHosts."adguard.guz.local".extraConfig = '' - reverse_proxy 192.168.1.10:3010 - ''; - }; - networking.firewall.allowedTCPPorts = [ 80 433 ]; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; - services.openssh.enable = true; }; } diff --git a/modules/nixos/homelab/adguard.nix b/modules/nixos/homelab/adguard.nix index ddaab78..8d5bcec 100644 --- a/modules/nixos/homelab/adguard.nix +++ b/modules/nixos/homelab/adguard.nix @@ -11,14 +11,22 @@ in type = listOf str; default = [ ]; }; + domain = mkOption { + type = str; + default = "adguard." + config.homelab.domain; + }; + port = mkOption { + type = port; + default = 3010; + }; settings = { server.domain = mkOption { type = str; - default = "localhost"; + default = cfg.domain; }; server.port = mkOption { type = port; - default = 3000; + default = cfg.port; }; server.address = mkOption { type = str; diff --git a/modules/nixos/homelab/caddy.nix b/modules/nixos/homelab/caddy.nix new file mode 100644 index 0000000..f542de9 --- /dev/null +++ b/modules/nixos/homelab/caddy.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.homelab.caddy; +in +{ + imports = [ ]; + options.homelab.caddy = with lib; with lib.types; { + enable = mkEnableOption ""; + settings = { + virtualHosts = mkOption { + type = attrsOf (submodule ({ config, lib, ... }: { + options = { + extraConfig = mkOption { + type = lines; + default = ""; + }; + }; + })); + default = { }; + }; + }; + }; + config = lib.mkIf cfg.enable { + services.caddy = { + enable = true; + virtualHosts = cfg.settings.virtualHosts; + }; + }; +} diff --git a/modules/nixos/homelab/default.nix b/modules/nixos/homelab/default.nix index 66d10a4..03994ae 100644 --- a/modules/nixos/homelab/default.nix +++ b/modules/nixos/homelab/default.nix @@ -23,8 +23,9 @@ let in { imports = [ - ./forgejo.nix ./adguard.nix + ./caddy.nix + ./forgejo.nix ]; options.homelab = with lib; with lib.types; { enable = mkEnableOption ""; @@ -36,10 +37,62 @@ in default = /data/homelab; description = "The Homelab central storage path"; }; + domain = mkOption { + type = either str path; + default = "homelab.local"; + }; + ip = mkOption { + type = str; + }; + localIp = mkOption { + type = str; + }; + handleDomains = mkOption { + type = bool; + default = true; + }; }; config = lib.mkIf cfg.enable { environment.systemPackages = [ homelab ]; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.handleDomains [ 80 433 ]; + + systemd.services."tailscaled" = lib.mkIf cfg.handleDomains { + serviceConfig = { + Environment = [ "TS_PERMIT_CERT_UID=caddy" ]; + }; + }; + + homelab = with lib; mkIf cfg.handleDomains { + adguard = { + enable = true; + settings.dns.rewrites = (if hasPrefix "*." cfg.domain then { + "${cfg.domain}" = cfg.ip; + } else { + "${cfg.domain}" = cfg.ip; + "${"*." + cfg.domain}" = cfg.ip; + }); + }; + + caddy = + let + homelabServices = (lib.filterAttrs (n: v: builtins.isAttrs v && v?domain) cfg); + in + with lib; + mkIf cfg.handleDomains { + enable = true; + settings.virtualHosts = mapAttrs' + (name: value: nameValuePair (value.domain) ({ + extraConfig = '' + reverse_proxy ${cfg.localIp}:${toString value.port} + ''; + })) + homelabServices; + }; + }; }; } + + diff --git a/modules/nixos/homelab/forgejo.nix b/modules/nixos/homelab/forgejo.nix index c4d5700..5b59f8d 100644 --- a/modules/nixos/homelab/forgejo.nix +++ b/modules/nixos/homelab/forgejo.nix @@ -27,6 +27,14 @@ in type = bool; default = true; }; + domain = mkOption { + type = str; + default = "forgejo." + config.homelab.domain; + }; + port = mkOption { + type = port; + default = 3020; + }; data = { root = mkOption { type = path; @@ -130,11 +138,11 @@ in }; server.domain = mkOption { type = str; - default = "localhost"; + default = cfg.domain; }; server.port = mkOption { type = port; - default = 3000; + default = cfg.port; }; server.address = mkOption { type = either str path;