blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update proxy config

Browse Source
This commit is contained in:
blake
2025-10-12 22:24:09 -05:00
parent cae85ef2e6
commit 61e8436dd9
17 changed files with 27 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/homelab/services/arr/bazarr/default.nix
View File

@@ -75,7 +75,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/arr/flaresolverr/default.nix
View File

@@ -71,7 +71,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };
}; };

2
modules/homelab/services/arr/prowlarr/default.nix
View File

@@ -77,7 +77,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/arr/radarr/default.nix
View File

@@ -80,7 +80,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/arr/sonarr/default.nix
View File

@@ -78,7 +78,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

6
modules/homelab/services/audiobookshelf/default.nix
View File

@@ -81,12 +81,6 @@ in
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy 127.0.0.1:${toString cfg.port} { reverse_proxy 127.0.0.1:${toString cfg.port} {
stream_timeout 24h
stream_close_delay 5m
transport http {
tls
tls_insecure_skip_verify
}
} }
''; '';
}; };

2
modules/homelab/services/caddy/default.nix
View File

@@ -46,7 +46,7 @@ in
dataDir = cfg.data_dir; dataDir = cfg.data_dir;
email = "me@blakedheld.xyz"; email = "me@blakedheld.xyz";
globalConfig = '' globalConfig = ''
# auto_https ignore_loaded_certs auto_https ignore_loaded_certs
''; '';
virtualHosts."key.${homelab.public_domain}" = { virtualHosts."key.${homelab.public_domain}" = {

5
modules/homelab/services/gitea/default.nix
View File

@@ -95,8 +95,9 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "git.${homelab.public_domain}" ]; serverAliases = [ "git.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
# tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy localhost:${toString cfg.port} {
}
''; '';
}; };

2
modules/homelab/services/glance/default.nix
View File

@@ -236,7 +236,7 @@ in
# serverAliases = [ "${homelab.public_domain}" ]; # serverAliases = [ "${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/home/homeassistant/default.nix
View File

@@ -92,7 +92,7 @@ in
serverAliases = [ "${service}.${homelab.public_domain}" ]; serverAliases = [ "${service}.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/home/zigbee2mqtt/default.nix
View File

@@ -99,7 +99,7 @@ in
serverAliases = [ "z2m.${homelab.public_domain}" ]; serverAliases = [ "z2m.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/immich/default.nix
View File

@@ -80,7 +80,7 @@ in
serverAliases = [ "photos.${homelab.public_domain}" ]; serverAliases = [ "photos.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/jellyfin/default.nix
View File

@@ -76,7 +76,7 @@ in
serverAliases = [ "media.${homelab.public_domain}" ]; serverAliases = [ "media.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/qbittorrent/default.nix
View File

@@ -113,7 +113,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/uptime-kuma/default.nix
View File

@@ -76,7 +76,7 @@ in
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/services/vaultwarden/default.nix
View File

@@ -89,7 +89,7 @@ in
serverAliases = [ "pass.${homelab.public_domain}" ]; serverAliases = [ "pass.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key
reverse_proxy http://127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

11
modules/homelab/services/yacreader/default.nix
View File

@@ -79,13 +79,22 @@ in
# open firewall # open firewall
networking.firewall.allowedTCPPorts = [ cfg.port ]; networking.firewall.allowedTCPPorts = [ cfg.port ];
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy 127.0.0.1:${toString cfg.port} {
}
'';
};
# add to glance local service # add to glance local service
modules.services.glance.links.mediastack = [{ modules.services.glance.links.mediastack = [{
title = service; title = service;
url = "https://${cfg.url}"; url = "https://${cfg.url}";
error-url = "http://${homelab.host_ip}:${toString cfg.port}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}";
check-url = "http://${homelab.host_ip}:${toString cfg.port}"; check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}"; }]; icon = "di:yac-reader"; }];
# sops.secrets = { # sops.secrets = {
# "${service}_" = { # "${service}_" = {