mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-08-08 21:04:38 -05:00
feat: added glance to caddy
This commit is contained in:
Nick
parent
d306321c8a
commit
187e067118
2 changed files with 34 additions and 6 deletions
|
|
@ -40,6 +40,7 @@ in
|
||||||
"searx"
|
"searx"
|
||||||
"vaultwarden"
|
"vaultwarden"
|
||||||
"audiobookshelf"
|
"audiobookshelf"
|
||||||
|
"glance"
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
++ (map
|
++ (map
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,17 @@
|
||||||
{ config, flake, ... }:
|
{ config, flake, ... }:
|
||||||
let
|
let
|
||||||
inherit (flake.config.services.instances) glance jellyfin;
|
inherit (flake.config.services.instances)
|
||||||
|
glance
|
||||||
|
jellyfin
|
||||||
|
web
|
||||||
|
;
|
||||||
|
inherit (flake.config.machines.devices) ceres mars deimos;
|
||||||
|
configHelpers = {
|
||||||
|
service = glance;
|
||||||
|
hostname = config.networking.hostName;
|
||||||
|
localhost = web.localhost.address0;
|
||||||
|
host = configHelpers.service.domains.url0;
|
||||||
|
};
|
||||||
service = glance;
|
service = glance;
|
||||||
configPath = ./config;
|
configPath = ./config;
|
||||||
configImports = {
|
configImports = {
|
||||||
|
|
@ -17,6 +28,27 @@ in
|
||||||
settings = configImports;
|
settings = configImports;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
caddy = {
|
||||||
|
virtualHosts = {
|
||||||
|
"${configHelpers.host}" = {
|
||||||
|
extraConfig = ''
|
||||||
|
@allowed_ips {
|
||||||
|
remote_ip ${mars.wireguard.ip0} ${deimos.wireguard.ip0}
|
||||||
|
}
|
||||||
|
|
||||||
|
handle @allowed_ips {
|
||||||
|
redir /.well-known/carddav /remote.php/dav/ 301
|
||||||
|
redir /.well-known/caldav /remote.php/dav/ 301
|
||||||
|
reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
|
||||||
|
}
|
||||||
|
handle {
|
||||||
|
respond "Access Denied" 403
|
||||||
|
}
|
||||||
|
tls ${configHelpers.service.ssl.cert} ${configHelpers.service.ssl.key}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
sops =
|
sops =
|
||||||
let
|
let
|
||||||
sopsPath = secret: {
|
sopsPath = secret: {
|
||||||
|
|
@ -41,11 +73,6 @@ in
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
# "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
|
|
||||||
# "Z ${service.sops.path0} 755 root root -"
|
|
||||||
];
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue