wiro.world / dotfiles
yep, more dotfiles
fork atom

hide server services behind tailnet

wiro.world 6b2455ff 02af7e7e

verified
nix.yml
+29 -22
+1
.ignore
··· 1 + *.age
+1 -1
hosts/weird-row-server/authelia.nix
··· 8 8 9 9 authelia-metrics-port = 9004; 10 10 headscale-hostname = "headscale.wiro.world"; 11 - grafana-hostname = "console.wiro.world"; 11 + grafana-hostname = "console.net.wiro.world"; 12 12 miniflux-hostname = "news.wiro.world"; 13 13 in 14 14 {
+8 -2
hosts/weird-row-server/default.nix
··· 101 101 jails = { }; 102 102 }; 103 103 104 + age.secrets.caddy-env.file = secrets/caddy-env.age; 104 105 services.caddy = { 105 106 enable = true; 106 107 package = pkgs.caddy.withPlugins { 107 - doInstallCheck = false; 108 108 plugins = [ 109 + "github.com/caddy-dns/hetzner/v2@v2.0.0-preview-1" 109 110 "github.com/tailscale/caddy-tailscale@v0.0.0-20251016213337-01d084e119cb" 110 - "github.com/caddy-dns/hetzner@v2.0.0-preview-1" 111 111 ]; 112 112 hash = "sha256-muKwDYs5Jp4ib/psZxpp1Kyfsqz6wPz/lpHFGtx67uY="; 113 113 }; 114 114 115 + environmentFile = config.age.secrets.caddy-env.path; 116 + 115 117 globalConfig = '' 116 118 tailscale { 119 + # this caddy instance already proxies headscale but needs to access headscale to start 120 + # control_url https://headscale.wiro.world 121 + control_url http://localhost:3006 122 + 117 123 ephemeral 118 124 } 119 125 '';
+1 -1
hosts/weird-row-server/goatcounter.nix
··· 18 18 19 19 services.caddy = { 20 20 virtualHosts.${goatcounter-hostname}.extraConfig = '' 21 - reverse_proxy http://localhost:${toString goatcounter-port} 21 + reverse_proxy http://localhost:${toString config.services.goatcounter.port} 22 22 ''; 23 23 }; 24 24 };
+3 -2
hosts/weird-row-server/grafana.nix
··· 4 4 5 5 let 6 6 grafana-port = 3002; 7 - grafana-hostname = "console.wiro.world"; 7 + grafana-hostname = "console.net.wiro.world"; 8 8 9 9 prometheus-port = 9001; 10 10 prometheus-node-exporter-port = 9002; ··· 76 76 globalConfig = '' 77 77 metrics { per_host } 78 78 ''; 79 - virtualHosts.${grafana-hostname}.extraConfig = '' 79 + virtualHosts."http://${grafana-hostname}".extraConfig = '' 80 + bind tailscale/console 80 81 reverse_proxy http://localhost:${toString grafana-port} 81 82 ''; 82 83 };
+4 -3
hosts/weird-row-server/lldap.nix
··· 4 4 5 5 let 6 6 lldap-port = 3007; 7 - lldap-hostname = "ldap.wiro.world"; 7 + lldap-hostname = "ldap.net.wiro.world"; 8 8 in 9 9 { 10 10 config = { ··· 30 30 }; 31 31 32 32 services.caddy = { 33 - virtualHosts.${lldap-hostname}.extraConfig = '' 34 - reverse_proxy http://localhost:${toString lldap-port} 33 + virtualHosts."http://${lldap-hostname}".extraConfig = '' 34 + bind tailscale/ldap 35 + reverse_proxy http://localhost:${toString config.services.lldap.settings.http_port} 35 36 ''; 36 37 }; 37 38 };
+2 -2
hosts/weird-row-server/pds.nix
··· 34 34 virtualHosts.${pds-hostname} = { 35 35 serverAliases = [ "*.${pds-hostname}" ]; 36 36 extraConfig = '' 37 - tls { on_demand } 38 - reverse_proxy http://localhost:${toString pds-port} 37 + tls { on_demand } 38 + reverse_proxy http://localhost:${toString config.services.bluesky-pds.settings.PDS_HOSTNAME} 39 39 ''; 40 40 }; 41 41 };
hosts/weird-row-server/secrets/caddy-env.age

This is a binary file and will not be displayed.

+1
hosts/weird-row-server/secrets/default.nix
··· 23 23 # Defines `HYPIXEL_API_KEY`, `PROFILE_UUID` 24 24 "hypixel-bank-tracker-main.age".publicKeys = deploy; 25 25 "hypixel-bank-tracker-banana.age".publicKeys = deploy; 26 + "caddy-env.age".publicKeys = deploy; 26 27 }
+4 -3
hosts/weird-row-server/thelounge.nix
··· 4 4 5 5 let 6 6 thelounge-port = 3005; 7 - thelounge-hostname = "lounge.wiro.world"; 7 + thelounge-hostname = "irc-lounge.net.wiro.world"; 8 8 in 9 9 { 10 10 config = { ··· 22 22 }; 23 23 24 24 services.caddy = { 25 - virtualHosts.${thelounge-hostname}.extraConfig = '' 26 - reverse_proxy http://localhost:${toString thelounge-port} 25 + virtualHosts."http://${thelounge-hostname}".extraConfig = '' 26 + bind tailscale/irc-lounge 27 + reverse_proxy http://localhost:${toString config.services.thelounge.port} 27 28 ''; 28 29 }; 29 30 };
+1 -1
hosts/weird-row-server/vaultwarden.nix
··· 31 31 32 32 services.caddy = { 33 33 virtualHosts.${vaultwarden-hostname}.extraConfig = '' 34 - reverse_proxy http://localhost:${toString vaultwarden-port} 34 + reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} 35 35 ''; 36 36 }; 37 37 };
+3 -7
hosts/weird-row-server/warrior.nix
··· 4 4 5 5 let 6 6 warrior-port = 3015; 7 - warrior-hostname = "warrior.wiro.world"; 8 - 9 - authelia-port = 3008; 7 + warrior-hostname = "warrior.net.wiro.world"; 10 8 in 11 9 { 12 10 config = { ··· 17 15 }; 18 16 19 17 services.caddy = { 20 - virtualHosts.${warrior-hostname}.extraConfig = '' 21 - forward_auth localhost:${toString authelia-port} { 22 - uri /api/authz/forward-auth 23 - } 18 + virtualHosts."http://${warrior-hostname}".extraConfig = '' 19 + bind tailscale/warrior 24 20 reverse_proxy http://localhost:${toString warrior-port} 25 21 ''; 26 22 };