diff --git a/nix/hosts/hetznix/modules/acme.nix b/nix/hosts/hetznix/modules/acme.nix
index c96c68b4..efabb9a1 100644
--- a/nix/hosts/hetznix/modules/acme.nix
+++ b/nix/hosts/hetznix/modules/acme.nix
@@ -3,13 +3,16 @@
{
security.acme = {
acceptTerms = true;
- defaults.email = "oliver@oliverdavies.uk";
- defaults.environmentFile = config.age.secrets.cloudflare.path;
+
+ defaults = {
+ dnsProvider = "cloudflare";
+ email = "oliver@oliverdavies.uk";
+ environmentFile = config.age.secrets.cloudflare.path;
+ webroot = null;
+ };
certs."oliverdavies.uk" = {
domain = "oliverdavies.uk";
- dnsProvider = "cloudflare";
- webroot = null;
extraDomainNames = [
# TODO Refactor to use a wildcard certificate.
diff --git a/nix/hosts/nixedo/configuration.nix b/nix/hosts/nixedo/configuration.nix
index 7895a159..635a22f3 100644
--- a/nix/hosts/nixedo/configuration.nix
+++ b/nix/hosts/nixedo/configuration.nix
@@ -2,11 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
-{ inputs, pkgs, ... }:
+{ inputs, ... }:
{
imports = [
./hardware-configuration.nix
+
+ ./modules/acme.nix
];
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
@@ -30,4 +32,6 @@
80
443
];
+
+ services.caddy.enable = true;
}
diff --git a/nix/hosts/nixedo/default.nix b/nix/hosts/nixedo/default.nix
index 7367d697..9c64fdf0 100644
--- a/nix/hosts/nixedo/default.nix
+++ b/nix/hosts/nixedo/default.nix
@@ -23,7 +23,5 @@
./configuration.nix
./secrets.nix
./extra.nix
-
- ./modules/nginx.nix
];
}
diff --git a/nix/hosts/nixedo/modules/acme.nix b/nix/hosts/nixedo/modules/acme.nix
new file mode 100644
index 00000000..352b7538
--- /dev/null
+++ b/nix/hosts/nixedo/modules/acme.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+
+{
+ security.acme = {
+ acceptTerms = true;
+
+ certs = {
+ "opdavies.uk" = {
+ domain = "opdavies.uk";
+ dnsProvider = "cloudflare";
+ email = "oliver@oliverdavies.uk";
+ environmentFile = config.age.secrets.cloudflare-opdavies-uk.path;
+ webroot = null;
+
+ extraDomainNames = [ "*.opdavies.uk" ];
+ };
+ };
+ };
+}
diff --git a/nix/hosts/nixedo/modules/nginx.nix b/nix/hosts/nixedo/modules/nginx.nix
deleted file mode 100644
index 34ca2d87..00000000
--- a/nix/hosts/nixedo/modules/nginx.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, ... }:
-
-{
- services.nginx = {
- enable = true;
-
- virtualHosts = {
- "syncthing.localhost".locations."/".proxyPass = "http://localhost:8384/";
- };
- };
-}
diff --git a/nix/hosts/nixedo/secrets.nix b/nix/hosts/nixedo/secrets.nix
index 325699d8..b4448de5 100644
--- a/nix/hosts/nixedo/secrets.nix
+++ b/nix/hosts/nixedo/secrets.nix
@@ -1,5 +1,6 @@
{
age.secrets = {
+ cloudflare-opdavies-uk.file = ../../secrets/cloudflare-opdavies-uk.age;
tubearchivist.file = ../../secrets/tubearchivist.age;
};
}
diff --git a/nix/modules/nixos/features/homelab/audiobookshelf.nix b/nix/modules/nixos/features/homelab/audiobookshelf.nix
index 79537dcd..a0012a30 100644
--- a/nix/modules/nixos/features/homelab/audiobookshelf.nix
+++ b/nix/modules/nixos/features/homelab/audiobookshelf.nix
@@ -9,21 +9,17 @@ in
options.features.homelab.audiobookshelf.enable = mkEnableOption "Enable audiobookshelf";
config = mkIf cfg.enable {
- services.audiobookshelf = {
- enable = true;
+ services = {
+ audiobookshelf = {
+ enable = true;
- host = "audiobookshelf.oliverdavies.uk";
- port = 4001;
- };
+ port = 4001;
+ };
- services.nginx = {
- enable = true;
+ caddy.virtualHosts."audiobookshelf.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."audiobookshelf.oliverdavies.uk" = {
- locations."/" = {
- proxyPass = "http://localhost:${toString config.services.audiobookshelf.port}/";
- proxyWebsockets = true;
- };
+ extraConfig = "reverse_proxy localhost:${toString config.services.audiobookshelf.port}";
};
};
};
diff --git a/nix/modules/nixos/features/homelab/forgejo.nix b/nix/modules/nixos/features/homelab/forgejo.nix
index e89f2030..509c34c9 100644
--- a/nix/modules/nixos/features/homelab/forgejo.nix
+++ b/nix/modules/nixos/features/homelab/forgejo.nix
@@ -2,9 +2,6 @@
with lib;
-let
- port = 2223;
-in
{
options.features.homelab.forgejo.enable = mkEnableOption "Enable forgejo";
@@ -17,7 +14,8 @@ in
settings = {
server = {
- HTTP_PORT = port;
+ DOMAIN = "forgejo.opdavies.uk";
+ HTTP_PORT = 2223;
};
service = {
@@ -26,11 +24,10 @@ in
};
};
- nginx = {
- enable = true;
+ caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."forgejo.oliverdavies.uk".locations."/".proxyPass =
- "http://localhost:${toString port}/";
+ extraConfig = "reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
};
};
diff --git a/nix/modules/nixos/features/homelab/freshrss.nix b/nix/modules/nixos/features/homelab/freshrss.nix
index d353be33..706624dc 100644
--- a/nix/modules/nixos/features/homelab/freshrss.nix
+++ b/nix/modules/nixos/features/homelab/freshrss.nix
@@ -95,11 +95,10 @@ in
wantedBy = [ "multi-user.target" ];
};
- services.nginx = {
- enable = true;
+ services.caddy.virtualHosts."freshrss.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."freshrss.oliverdavies.uk".locations."/".proxyPass =
- "http://localhost:${toString port}/";
+ extraConfig = "reverse_proxy localhost:${toString port}";
};
};
}
diff --git a/nix/modules/nixos/features/homelab/gitea.nix b/nix/modules/nixos/features/homelab/gitea.nix
index 8ff4f588..dadf2270 100644
--- a/nix/modules/nixos/features/homelab/gitea.nix
+++ b/nix/modules/nixos/features/homelab/gitea.nix
@@ -26,10 +26,10 @@ in
};
};
- nginx = {
- enable = true;
+ caddy.virtualHosts."gitea.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."gitea.oliverdavies.uk".locations."/".proxyPass = "http://localhost:${toString port}/";
+ extraConfig = "reverse_proxy localhost:${toString port}";
};
};
};
diff --git a/nix/modules/nixos/features/homelab/immich.nix b/nix/modules/nixos/features/homelab/immich.nix
index 4726c3bc..82b89dd2 100644
--- a/nix/modules/nixos/features/homelab/immich.nix
+++ b/nix/modules/nixos/features/homelab/immich.nix
@@ -19,11 +19,10 @@ with lib;
environment.systemPackages = [ pkgs.immich-cli ];
- services.nginx = {
- enable = true;
+ services.caddy.virtualHosts."immich.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."immich.oliverdavies.uk".locations."/".proxyPass =
- "http://localhost:${toString config.services.immich.port}/";
+ extraConfig = "reverse_proxy localhost:${toString config.services.immich.port}";
};
};
}
diff --git a/nix/modules/nixos/features/homelab/jellyfin.nix b/nix/modules/nixos/features/homelab/jellyfin.nix
index 1397fdae..4804a78e 100644
--- a/nix/modules/nixos/features/homelab/jellyfin.nix
+++ b/nix/modules/nixos/features/homelab/jellyfin.nix
@@ -13,10 +13,10 @@ with lib;
configDir = "/mnt/media/jellyfin";
};
- services.nginx = {
- enable = true;
+ services.caddy.virtualHosts."jellyfin.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."jellyfin.oliverdavies.uk".locations."/".proxyPass = "http://localhost:8096/";
+ extraConfig = "reverse_proxy localhost:8096";
};
};
}
diff --git a/nix/modules/nixos/features/homelab/paperless.nix b/nix/modules/nixos/features/homelab/paperless.nix
index 8d97a8d2..99ec00e0 100644
--- a/nix/modules/nixos/features/homelab/paperless.nix
+++ b/nix/modules/nixos/features/homelab/paperless.nix
@@ -6,8 +6,20 @@ with lib;
options.features.homelab.paperless.enable = mkEnableOption "Enable paperless";
config = mkIf config.features.homelab.paperless.enable {
- services.paperless = {
- enable = true;
+ services = {
+ paperless = {
+ enable = true;
+
+ settings = {
+ PAPERLESS_URL = "https://paperless.opdavies.uk";
+ };
+ };
+
+ caddy.virtualHosts."paperless.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
+
+ extraConfig = "reverse_proxy localhost:28981";
+ };
};
};
}
diff --git a/nix/modules/nixos/features/homelab/pi-hole.nix b/nix/modules/nixos/features/homelab/pi-hole.nix
index d8cc070d..80a6f8d1 100644
--- a/nix/modules/nixos/features/homelab/pi-hole.nix
+++ b/nix/modules/nixos/features/homelab/pi-hole.nix
@@ -95,9 +95,5 @@ in
wantedBy = [ "multi-user.target" ];
};
};
-
- services.nginx.virtualHosts."pihole.localhost" = {
- locations."/".proxyPass = "http://localhost:${toString port}/";
- };
};
}
diff --git a/nix/modules/nixos/features/homelab/tubearchivist-container.nix b/nix/modules/nixos/features/homelab/tubearchivist-container.nix
index 300b3e97..d78afaf0 100644
--- a/nix/modules/nixos/features/homelab/tubearchivist-container.nix
+++ b/nix/modules/nixos/features/homelab/tubearchivist-container.nix
@@ -10,7 +10,7 @@ with lib;
let
cfg = config.features.homelab.tubearchivist-container;
- port = 8000;
+ port = 8085;
in
{
options.features.homelab.tubearchivist-container = {
@@ -286,11 +286,10 @@ in
wantedBy = [ "multi-user.target" ];
};
- services.nginx = {
- enable = true;
+ services.caddy.virtualHosts."tubearchivist.opdavies.uk" = {
+ useACMEHost = "opdavies.uk";
- virtualHosts."tubearchivist.oliverdavies.uk".locations."/".proxyPass =
- "http://localhost:${toString port}/";
+ extraConfig = "reverse_proxy localhost:${toString port}";
};
};
}
diff --git a/nix/secrets/cloudflare-opdavies-uk.age b/nix/secrets/cloudflare-opdavies-uk.age
new file mode 100644
index 00000000..835ebf71
--- /dev/null
+++ b/nix/secrets/cloudflare-opdavies-uk.age
@@ -0,0 +1,18 @@
+age-encryption.org/v1
+-> ssh-ed25519 IsVD3g kacSrvgn/CGIwU05AkK6UGhxVm5oO/FRK2jgH1qHVg0
+JXzp1+Al5O8sBw3a4td7RA3HVP6C9tIdvvgZFZ9Se5w
+-> ssh-rsa +vTWQw
+ndPfUjqCzN5uqcrRvb/OGKmBouyM6qwf5ZmnfMg49NXcxt7bwCK0v7iPtOOOgDI2
+34Oi1EGgjkJ/YY+nxKuHZtRlq+wySbqeLVXUmb52reW4sj4PHEZOsFIO8Dnxmx9P
+9AtISLIrdJd3V39v4+pXOo9tBvBcTAs7JKqDGFcfp7gcVH0vLga0l3jLUspZiNB9
+DXW6Gbttg8Z6El9J1fAqVXcDE3q7pPZE//zu/cIRyt4/kbK76bx7yEaKAy2GycZS
+SCjjxsRtkBHOKQEQnFdKfWD/AG1USNmoiv4zHx1G9pIVJJA47yNWLwsx8Q7VrfNS
+CXpxQt+ElOH5pRTpXMAx1/rHs/NpXMMUm0EVvWKTNbrbHvepTUvEYABo+DKicRVI
+3H6RYWedXZ9ggpfID66CbF4HFtVJTXwHhvdzGfdna8J1Dy7nJyevT/fCz8tqlVIa
+EFEFqUardSWj0zFL3PQgk2qmrC9W1+isp83Rioi/n/ow8O0Q+XlzO3rQjNYWtEgp
+jufzw+3YI9HuNLPXB0xBfSgwP8Ao6iYskE+8IL+xu4ITCec/ItpoYk1Yeb38G2HQ
+6JlIseQIgpOzw8DlMMWtWjO4U+9JAZh5XOlEgwFPFL25m//24UM7RB3/Yd1/it8i
+cNaHR1L2/P8k5FnbR2jhxcTb2tEzlFo422brC0r/Ilc
+--- MqcbFcs1myK1Dn1h/PQKZ59BdgYXIifkp0DkvoNQaL4
+��W������y
+�j`����$�E��n��_<�������%s`�#�d,x�MG�df:��*`z���R�X����>��KJ�0���B�����D�j<ţ���=%
\ No newline at end of file
diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix
index 795609b7..0bfbf804 100644
--- a/nix/secrets/secrets.nix
+++ b/nix/secrets/secrets.nix
@@ -13,11 +13,15 @@ in
{
"cloudflare.age".publicKeys = [
hosts.hetznix
- hosts.nixedo
hosts.t490
users.opdavies
];
+ "cloudflare-opdavies-uk.age".publicKeys = [
+ hosts.nixedo
+ users.opdavies
+ ];
+
"tubearchivist.age".publicKeys = [
hosts.lemp11
hosts.nixedo