dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity
Files
c05c137e902e74aefec092959e79496db60c4516
spacestation/capytal/network.nix

51 lines
1.3 KiB
Nix
Raw Blame History

{config, ...}: {
imports = [];
services.caddy.enable = true;
services.caddy.virtualHosts = let
forgejo-port = config.services.forgejo.settings.server.HTTP_PORT;
in {
":${toString (forgejo-port + 10)}" = {
extraConfig = ''
reverse_proxy http://localhost${config.services.anubis.instances."forgejo".bind} {
header_up X-Real-Ip {remote_host}
}
'';
};
};
services.anubis.enable = true;
services.anubis.instances = {
"forgejo" = let
forgejo-port = config.services.forgejo.settings.server.HTTP_PORT;
in {
bind = ":${toString (forgejo-port + 20)}";
metricsBind = ":${toString (forgejo-port + 30)}";
serveRobotsTxt = true;
target = "http://localhost:${toString forgejo-port}";
ed25519PrivateKeyHexFile = config.sops.secrets."forgejo/anubis/hexFile".path;
};
};
virtualisation.oci-containers.containers.cloudflare-tunnel = {
image = "cloudflare/cloudflared:latest";
autoStart = true;
extraOptions = [
"--network=host"
];
cmd = [
"tunnel"
"--no-autoupdate"
"run"
];
environmentFiles = [
config.sops.secrets."cloudflared/tunnel-env".path
];
};
networking.firewall.allowedTCPPorts = [
80
433
];
}
Reference in New Issue View Git Blame Copy Permalink