capytal/network.nix

{config, ...}: {
  imports = [];

  services.caddy.enable = true;
  services.caddy.virtualHosts = let
    forgejo-port = config.services.forgejo.settings.server.HTTP_PORT;
  in {
    ":${toString (forgejo-port + 10)}" = {
      extraConfig = ''
        reverse_proxy http://localhost${config.services.anubis.instances."forgejo".bind} {
          header_up X-Real-Ip {remote_host}
        }
      '';
    };
  };

  services.anubis.enable = true;
  services.anubis.instances = {
    "forgejo" = let
      forgejo-port = config.services.forgejo.settings.server.HTTP_PORT;
    in {
      bind = ":${toString (forgejo-port + 20)}";
      metricsBind = ":${toString (forgejo-port + 30)}";
      serveRobotsTxt = true;
      target = "http://localhost:${toString forgejo-port}";
    };
  };

  virtualisation.oci-containers.containers.cloudflare-tunnel = {
    image = "cloudflare/cloudflared:latest";
    autoStart = true;
    extraOptions = [
      "--network=host"
    ];
    cmd = [
      "tunnel"
      "--no-autoupdate"
      "run"
    ];
    environmentFiles = [
      config.sops.secrets."cloudflared/tunnel-env".path
    ];
  };

  networking.firewall.allowedTCPPorts = [
    80
    433
  ];
}
chore(capytal): clean unused code 2025-04-04 20:56:49 -03:00			`{config, ...}: {`
feat: move configuration of reverse proxy closer to site definition 2025-04-04 20:14:30 -03:00			`imports = [];`

			`services.caddy.enable = true;`
			`services.caddy.virtualHosts = let`
			`forgejo-port = config.services.forgejo.settings.server.HTTP_PORT;`
			`in {`
			`":${toString (forgejo-port + 10)}" = {`
			`extraConfig = ''`
			`reverse_proxy http://localhost${config.services.anubis.instances."forgejo".bind} {`
			`header_up X-Real-Ip {remote_host}`
			`}`
			`'';`
			`};`
			`};`
feat: anubis bot protection to forgejo 2025-04-04 20:16:16 -03:00
			`services.anubis.enable = true;`
			`services.anubis.instances = {`
			`"forgejo" = let`
			`forgejo-port = config.services.forgejo.settings.server.HTTP_PORT;`
			`in {`
			`bind = ":${toString (forgejo-port + 20)}";`
			`metricsBind = ":${toString (forgejo-port + 30)}";`
			`serveRobotsTxt = true;`
			`target = "http://localhost:${toString forgejo-port}";`
			`};`
			`};`

chore(capytal): clean unused code 2025-04-04 20:56:49 -03:00			`virtualisation.oci-containers.containers.cloudflare-tunnel = {`
feat: move cloudflare tunnel config to network.nix 2025-04-04 20:15:09 -03:00			`image = "cloudflare/cloudflared:latest";`
			`autoStart = true;`
			`extraOptions = [`
			`"--network=host"`
			`];`
			`cmd = [`
			`"tunnel"`
			`"--no-autoupdate"`
			`"run"`
feat: move cloudflare tunnel token to sops secret 2025-04-04 20:51:38 -03:00			`];`
			`environmentFiles = [`
			`config.sops.secrets."cloudflared/tunnel-env".path`
feat: move cloudflare tunnel config to network.nix 2025-04-04 20:15:09 -03:00			`];`
			`};`

			`networking.firewall.allowedTCPPorts = [`
			`80`
			`433`
			`];`
feat: move configuration of reverse proxy closer to site definition 2025-04-04 20:14:30 -03:00			`}`