mirrors/mdlayher-homelab
1
0
Fork 0
mirror of https://github.com/mdlayher/homelab.git synced 2024-12-14 11:47:32 +00:00
Code Activity

nixos/routnerr-3: switch traefik for caddy

Browse source
This commit is contained in:
Matt Layher 2023-08-18 11:15:01 -04:00
parent 558db6e4bc
commit ad1e50345c
4 changed files with 40 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
nixos/routnerr-3/caddy.nix Normal file
View file

@ -0,0 +1,38 @@
{ ... }:
let
secrets = import ./lib/secrets.nix;
vars = import ./lib/vars.nix;
in {
services.caddy = {
enable = true;
virtualHosts = {
"alertmanager.servnerr.com".extraConfig = ''
reverse_proxy http://servnerr-4.${vars.domain}:9093
basicauth {
${secrets.caddy.alertmanager_auth}
}
'';
"grafana.servnerr.com".extraConfig = ''
reverse_proxy http://servnerr-4.${vars.domain}:3000
'';
"hass.servnerr.com".extraConfig = ''
reverse_proxy http://servnerr-4.${vars.domain}:8123
'';
"plex.servnerr.com".extraConfig = ''
reverse_proxy http://servnerr-4.${vars.domain}:32400
'';
"prometheus.servnerr.com".extraConfig = ''
reverse_proxy http://servnerr-4.${vars.domain}:9090
basicauth {
${secrets.caddy.prometheus_auth}
}
'';
};
};
}

14
nixos/routnerr-3/configuration.nix
View file

@ -19,7 +19,7 @@ in {
# Networking daemons.
./coredns.nix
./corerad.nix
./traefik.nix
./caddy.nix
# Unstable or out-of-tree modules.
./lib/modules/wireguard_exporter.nix
@ -79,18 +79,6 @@ in {
wireguard_exporter
];
# Use server as a remote builder.
nix = {
distributedBuilds = true;
buildMachines = [{
hostName = "servnerr-4";
system = "x86_64-linux";
maxJobs = 16;
speedFactor = 4;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}];
};
services = {
# Allow mDNS to reflect between VLANs where necessary for devices such as
# Google Home and Chromecast.

1
nixos/routnerr-3/networking.nix
View file

@ -245,6 +245,7 @@ in {
enable = true;
package = unstable.tailscale;
interfaceName = "ts0";
permitCertUid = "caddy";
useRoutingFeatures = "server";
};

88
nixos/routnerr-3/traefik.nix
View file

@ -1,88 +0,0 @@
{ ... }:
let
secrets = import ./lib/secrets.nix;
vars = import ./lib/vars.nix;
in {
services.traefik = {
enable = true;
staticConfigOptions = {
certificatesResolvers.letsencrypt.acme = {
email = "mdlayher@gmail.com";
storage = "/var/lib/traefik/acme.json";
httpChallenge.entryPoint = "http";
};
entryPoints = {
# External entry points.
http = {
address = ":80";
http.redirections.entryPoint = {
to = "https";
scheme = "https";
};
};
https.address = ":443";
};
};
dynamicConfigOptions = {
http = {
routers = {
alertmanager = {
rule = "Host(`alertmanager.servnerr.com`)";
middlewares = [ "alertmanager" ];
service = "alertmanager";
tls.certResolver = "letsencrypt";
};
grafana = {
rule = "Host(`grafana.servnerr.com`)";
service = "grafana";
tls.certResolver = "letsencrypt";
};
hass = {
rule = "Host(`hass.servnerr.com`)";
service = "hass";
tls.certResolver = "letsencrypt";
};
plex = {
rule = "Host(`plex.servnerr.com`)";
service = "plex";
tls.certResolver = "letsencrypt";
};
prometheus = {
rule = "Host(`prometheus.servnerr.com`)";
middlewares = [ "prometheus" ];
service = "prometheus";
tls.certResolver = "letsencrypt";
};
};
middlewares = {
alertmanager.basicAuth.users =
[ "${secrets.traefik.alertmanager_auth}" ];
prometheus.basicAuth.users = [ "${secrets.traefik.prometheus_auth}" ];
};
services = {
alertmanager.loadBalancer.servers =
[{ url = "http://servnerr-4.${vars.domain}:9093"; }];
grafana.loadBalancer.servers =
[{ url = "http://servnerr-4.${vars.domain}:3000"; }];
hass.loadBalancer.servers =
[{ url = "http://servnerr-4.${vars.domain}:8123"; }];
plex.loadBalancer.servers =
[{ url = "http://servnerr-4.${vars.domain}:32400"; }];
prometheus.loadBalancer.servers =
[{ url = "http://servnerr-4.${vars.domain}:9090"; }];
};
};
};
};
}