botalex/nixos-server
1
0
Fork 0
mirror of https://github.com/MagicBOTAlex/nixos-server.git synced 2026-05-06 10:02:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

sync

Browse source
This commit is contained in:
BOTAlex 2026-04-01 22:53:54 +02:00
parent 38d26110e1
commit f2bb1de7d8
15 changed files with 505 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

32
networking/caddy.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [ ./networkSetup.nix ];
services.caddy.virtualHosts."immich.deprived.dev" = {
@ -24,7 +25,9 @@
# '';
# };
services.caddy.virtualHosts."argocd.deprived.dev" = {
extraConfig = "reverse_proxy https://127.0.0.1:4325";
extraConfig = ''
reverse_proxy * 10.0.0.2:4325
'';
};
services.caddy.virtualHosts."webui.deprived.dev" = {
@ -56,6 +59,31 @@
reverse_proxy * 127.0.0.1:5544
'';
};
services.caddy.virtualHosts."akupunktur-herlev.dk" = {
extraConfig = ''
redir https://www.akupunktur-herlev.dk{uri} 301
'';
};
services.caddy.virtualHosts."www.akupunktur-herlev.dk" = {
extraConfig = ''
reverse_proxy 127.0.0.1:6642 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-Proto {scheme}
}
'';
};
services.caddy.virtualHosts."devcam.deprived.dev" = {
extraConfig = ''
@protected not method OPTIONS
basicauth @protected {
alex $2a$14$GbqQnETcOz5fNEbS06Y0E.HxRIIgPKAK7OMijT1Bv63h3V6S/gwRG
}
reverse_proxy * 192.168.50.85:80
'';
};
services.caddy.virtualHosts."api.deprived.dev" = {
extraConfig = ''

30
networking/wireguard-kube.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, pkgs, ... }:
{
# Ensure the necessary tools are installed
environment.systemPackages = [ pkgs.wireguard-tools ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
systemd.services.wireguard-kube = {
description = "WireGuard VPN Service for kube-wg";
# Ensure the service starts after the network is up
after = [
"network.target"
"network-online.target"
];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
# Use wg-quick to setup and teardown the interface
ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up /etc/wireguard/wireguard-kube.conf";
ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down /etc/wireguard/wireguard-kube.conf";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
};
};
}