blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

removed nginx and altered caddy (build script changes too)

Browse Source
This commit is contained in:
blake
2025-10-12 13:57:35 -05:00
parent d58262a043
commit 5168f5fc3e
24 changed files with 63 additions and 557 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
modules/homelab/services/default_temp.nix → modules/homelab/services/.default.nix.template
View File

10
modules/homelab/services/arr/bazarr/default.nix
View File

@@ -71,16 +71,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''

10
modules/homelab/services/arr/flaresolverr/default.nix
View File

@@ -67,16 +67,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''

10
modules/homelab/services/arr/prowlarr/default.nix
View File

@@ -73,16 +73,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''

10
modules/homelab/services/arr/radarr/default.nix
View File

@@ -76,16 +76,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''

11
modules/homelab/services/arr/sonarr/default.nix
View File

@@ -74,16 +74,7 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}

29
modules/homelab/services/audiobookshelf/default.nix
View File

@@ -75,35 +75,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
client_max_body_size 10240M;
'';
};
};
# external reverse proxy entry
services.nginx.virtualHosts."$abs.blakedheld.xyz" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "abs.${homelab.public_domain}" ];

2
modules/homelab/services/caddy/default.nix
View File

@@ -46,7 +46,7 @@ in
dataDir = cfg.data_dir;
email = "me@blakedheld.xyz";
globalConfig = ''
auto_https ignore_loaded_certs
# auto_https ignore_loaded_certs
'';
};

1
modules/homelab/services/default.nix
View File

@@ -17,7 +17,6 @@
./audiobookshelf
./qbittorrent
./jellyfin
./nginx-proxy
./caddy
./arr/flaresolverr
./home/mosquitto

39
modules/homelab/services/gitea/default.nix
View File

@@ -91,47 +91,11 @@ in
# open firewall
networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
client_max_body_size 512M;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
# external reverse proxy entry
services.nginx.virtualHosts."git.blakedheld.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
client_max_body_size 512M;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "git.${homelab.public_domain}" ];
extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
# tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port}
'';
};
@@ -144,6 +108,7 @@ in
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}"; }];
# manage secrets with sops
sops.secrets = {
"${service}_database_password" = {
owner = "${service}";

19
modules/homelab/services/glance/default.nix
View File

@@ -223,25 +223,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# # external reverse proxy entry
# services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
# forceSSL = true;
# sslCertificate = sec."ssl_blakedheld_crt".path;
# sslCertificateKey = sec."ssl_blakedheld_key".path;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
# };
# };
#
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";

37
modules/homelab/services/home/homeassistant/default.nix
View File

@@ -87,40 +87,6 @@ in
# open firewall
networking.firewall.allowedTCPPorts = [ cfg.port 8123 ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig =
"proxy_set_header Upgrade $http_upgrade;" +
"proxy_set_header Connection upgrade;"
;
};
};
# external reverse proxy entry
services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig =
"proxy_set_header Upgrade $http_upgrade;" +
"proxy_set_header Connection upgrade;"
;
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "${service}.${homelab.public_domain}" ];
@@ -147,9 +113,6 @@ in
# here lies my tough, and I mean fucking tough, swing at
# getting this to work bare metal, ggs ill see you again
# - didnt take long

27
modules/homelab/services/home/zigbee2mqtt/default.nix
View File

@@ -94,33 +94,6 @@ in
# # open firewall
networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
locations."/api" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}/api";
extraConfig = ''
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
'';
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "z2m.${homelab.public_domain}" ];

21
modules/homelab/services/immich/default.nix
View File

@@ -75,27 +75,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
};
};
# external reverse proxy entry
services.nginx.virtualHosts."photos.blakedheld.xyz" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "photos.${homelab.public_domain}" ];

19
modules/homelab/services/jellyfin/default.nix
View File

@@ -71,25 +71,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# external reverse proxy entry
services.nginx.virtualHosts."media.blakedheld.xyz" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "media.${homelab.public_domain}" ];

10
modules/homelab/services/qbittorrent/default.nix
View File

@@ -109,16 +109,6 @@ in
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''

32
modules/homelab/services/uptime-kuma/default.nix
View File

@@ -67,32 +67,11 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# # external reverse proxy entry
# services.nginx.virtualHosts."up.blakedheld.xyz" = {
# forceSSL = true;
# sslCertificate = sec."ssl_blakedheld_crt".path;
# sslCertificateKey = sec."ssl_blakedheld_key".path;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
# };
# };
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''
@@ -109,14 +88,9 @@ in
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}"; }];
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
modules.system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};
}

20
modules/homelab/services/vaultwarden/default.nix
View File

@@ -84,25 +84,6 @@ in
# open firewall
networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# external reverse proxy entry
services.nginx.virtualHosts."pass.blakedheld.xyz" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "pass.${homelab.public_domain}" ];
@@ -111,7 +92,6 @@ in
reverse_proxy http://127.0.0.1:${toString cfg.port}
'';
};
# tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
# add to glance
modules.services.glance.links.services = [{