feat: added comfyui to caddy

2025-08-08 04:44:39 -05:00 · 2025-07-27 17:52:29 -05:00 · 2025-07-27 17:52:29 -05:00 · 67537dc549
commit 67537dc549
parent d443dc5953
4 changed files with 56 additions and 41 deletions
--- a/modules/config/instances/config/comfyui.nix
+++ b/modules/config/instances/config/comfyui.nix
@ -1,7 +1,7 @@
 { moduleFunctions }:
 let
  inherit (moduleFunctions.instancesFunctions)
-    domain3
+    domain0
    servicePath
    sslPath
    sopsPath
@ -9,15 +9,20 @@ let

  label = "ComfyUI";
  name = "comfyui";
+  subdomain = "comfyui";
+  domain = "${subdomain}.${domain0}";
 in
 {
  label = label;
  name = name;
  short = label;
-
  sops = {
    path0 = "${sopsPath}/${name}";
  };
+  domains = {
+    url0 = domain;
+  };
+  subdomain = subdomain;
  tags = [
    name
    "comfy"
@ -29,5 +34,8 @@ in
  ports = {
    port0 = 8188;
  };
-
+  ssl = {
+    cert = "${sslPath}/${domain0}/fullchain.pem";
+    key = "${sslPath}/${domain0}/key.pem";
+  };
 }
--- a/modules/nixos/services/acme/default.nix
+++ b/modules/nixos/services/acme/default.nix
@ -43,6 +43,7 @@ in
          "vaultwarden"
          "opencloud"
          "prompter"
+          "comfyui"
        ]
      )
      ++ (map
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -51,6 +51,7 @@ opencloud:
    env: ENC[AES256_GCM,data:JZOs+86/jhHtXuOb4fsk4ceZuFpSa6PAMN2/vmGlvlXvsx/Yk2ZXeZZU0jtwweN8Sk61A2538OdPpfKynBgwsZ2SgoxAIyJtQl3HZWdZzNZ6+/t+AFvvav/x9nUv1O5704FP5OYOMniQAmqu0ds0JIX3YV/cstoo+rNhNW2emlVhj2ABYhTxy0BFJ8A+Re9y5FN5WT4tmloF/21ZrIwtTw8ULQPCksJfTFwEE+cCN3aIWZn00/4zUuv6CEtZeKeOeLxgQL+G2pPhNrQzG+lw+AKLzXA2mJM+3Zfq0MplyXeFCLkV1GCHksrMPp2w5j2RdtfcdE9IP+tXoD/fZNfYgCK1Pk/JhkXcV9EPbz4KUL/+OpgFqh+RvKGPXH2iTV0B8t2Ag7NowxULI2jKw0c=,iv:1ClzjY1n48cQ9bdBewM5A5Lr/c13HbSSYJ7xYCwZDzA=,tag:FavwE2sX+wSgKOEpywFeMw==,type:str]
 caddy:
    prompter-auth: ENC[AES256_GCM,data:uEj6gruCfcIRoCQY9eNcOka+PAIIhAlKnI+ehZ88aZo90tINcxZ7ZvKqlTJr4rt5o+EO7rvRJcYH/s8/+piszFyxSa64Rtq5KdAjfHnRm0QM8q/2JIHnZsQC3fPz1S177WPs/c3Eydh4VeVe,iv:ZOru4ABFgIy9DoTlMl3InSf8zM1ERNpbRNLN6vy97Jc=,tag:5v3w7kvFQCEPBjchE8K0cw==,type:str]
+    comfyui-auth: ENC[AES256_GCM,data:YkHxbW/0zTmnrggXKl2jNO4OnBaepmCwB3ZC6d8MPIKf8snWJzAvTq5+X5ABzziwKaypHRTcS6vuNntxKrrD8DS7hX9DqVCZc5WeFHI6S5VzHh3SprW2MF4E8nm4Hj+VHoKGmRSSOU1cfX3J,iv:v0Pid0BCY2QsMNaahBvJd4WWZD115JDLHlOCQvPiaGU=,tag:gpsAgt052NoOyIa9WqJXyg==,type:str]
 sops:
    age:
        - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0
@ -62,7 +63,7 @@ sops:
            bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
            aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-27T20:53:53Z"
-    mac: ENC[AES256_GCM,data:xXwsCvG/p0Mrn6NXuWX5gXBvB+9qXsU4S2d9BxByp9Ip2vdmRzbL7Y7rwEkH92bS7p+yPuPF8lVnuMEpTEnlI82cEsag7FaZEfiK2jsZr8iSKnN/nwthTfc9j3GeYyy4KziTyyvJZRv0D3KyeUsjHswgXoGPskrX9gKcLJOa76o=,iv:tt8WSHvGCK5XytyH55obHHrFEqPZex8kI/tynmG8CoY=,tag:qFhiTwq/npRsXVqqid6Dlg==,type:str]
+    lastmodified: "2025-07-27T22:50:42Z"
+    mac: ENC[AES256_GCM,data:iu/l4hWqbT4yZJEmtuAdHKlP5pAmTkjHsCO4el5gOGFi+oRf3cYhXVu11H4NcPP8MHdajvRb9ly+QeQyBdWcgKwVrTHFvSMy/V95gC1Z5nP7sW/uV8hLeMQ/R+mj3a+Dho5fgjbgOubCF8gYj5vckcjJvq0bAxqTBZjqDAu6QQM=,iv:DMZiLphm//e4e9x76Cez/HKubSLbll27nVmMYNuwNuk=,tag:6mN0YyYtBHHKjzNszGh9Yg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2
--- a/systems/ceres/config/comfyui.nix
+++ b/systems/ceres/config/comfyui.nix
@ -4,23 +4,20 @@
  flake,
  ...
 }:
+
 let
-  inherit (flake.config.machines.devices)
-    ceres
-    ;
-  inherit (flake.config.services.instances)
-    comfyui
-    web
-    ;
+  inherit (flake.config.services.instances) comfyui web;
  service = comfyui;
  localhost = web.localhost.address1;
+  host = service.domains.url0;
 in
 {
  nixpkgs.overlays = [
    flake.inputs.nix-comfyui.overlays.default
  ];

-  services.comfyui = {
+  services = {
+    comfyui = {
      enable = true;
      openFirewall = true;
      host = localhost;
@ -37,21 +34,29 @@ in
        ];
      };
    };
-  # fileSystems."/var/lib/${service.name}" = {
-  #   device = service.paths.path0;
-  #   fsType = "none";
-  #   options = [
-  #     "bind"
-  #   ];
-  #   depends = [
-  #     ceres.storage0.mount
-  #   ];
-  # };
+    caddy = {
+      environmentFile = config.sops.secrets."caddy/${service.name}-auth".path;

-  # systemd.tmpfiles.rules = [
-  #   "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
-  #   "Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
-  # ];
+      virtualHosts = {
+        "${host}" = {
+          extraConfig = ''
+            basicauth {
+              {$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH}
+            }
+            root * ${service.paths.path0}
+            file_server
+            encode gzip
+            try_files {path} /index.html
+            tls ${service.ssl.cert} ${service.ssl.key}
+          '';
+        };
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "Z ${service.sops.path0} 755 caddy caddy -"
+  ];

  users.users.${service.name}.extraGroups = [
    "users"