removed nginx and altered caddy (build script changes too)

2025-10-12 13:57:35 -05:00
parent d58262a043
commit 5168f5fc3e
24 changed files with 63 additions and 557 deletions
--- a/modules/homelab/services/gitea/default.nix
+++ b/modules/homelab/services/gitea/default.nix
@@ -91,47 +91,11 @@ in
    # open firewall
    networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];

-    # internal reverse proxy entry
-    services.nginx.virtualHosts."${cfg.url}" = {
-      forceSSL = true;
-      sslCertificate = sec."ssl_blakedheld_crt".path;
-      sslCertificateKey = sec."ssl_blakedheld_key".path;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.port}";
-        extraConfig = ''
-          client_max_body_size 512M;
-          proxy_set_header Connection $http_connection;
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-        '';
-      };
-    };
-     # external reverse proxy entry
-     services.nginx.virtualHosts."git.blakedheld.xyz" = {
-      enableACME = true;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.port}";
-        extraConfig = ''
-          client_max_body_size 512M;
-          proxy_set_header Connection $http_connection;
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-        '';
-      };
-    };
-
    # add to caddy for reverse proxy
    services.caddy.virtualHosts."${cfg.url}" = {
      serverAliases = [ "git.${homelab.public_domain}" ];
      extraConfig = ''
-        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+#        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
        reverse_proxy http://127.0.0.1:${toString cfg.port}
      '';
    };
@@ -144,6 +108,7 @@ in
      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
      icon = "di:${service}"; }];

+    # manage secrets with sops
    sops.secrets = {
      "${service}_database_password" = {
        owner = "${service}";