imterah/nix-infra
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

chore: Port over Caddy internal stack

Browse source
This commit is contained in:
Tera << 8 2025-05-06 19:37:57 -04:00
parent d1e9635166
commit 126147fcb4
Signed by: imterah
GPG key ID: 8FA7DD57BA6CEA37
7 changed files with 125 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

23
README.md
View file

@ -2,10 +2,31 @@
Work-in-progress NixOS Server Infrastructure based on [valerie's NixOS setup](https://git.dessa.dev/valnyx/nixos/src/branch/main). Work-in-progress NixOS Server Infrastructure based on [valerie's NixOS setup](https://git.dessa.dev/valnyx/nixos/src/branch/main).
## WARNING ## WIP
This is a work-in-progress and currently DOES NOT WORK. Please check back later. This is a work-in-progress and currently DOES NOT WORK. Please check back later.
### Checklist
- [x] Get basic install working
- [x] Configure reverse proxy
- [x] Configure firewall
- [x] Install Docker
- [x] Configure NFS mount
- [x] Configure Traefik & its dashboard
- [ ] Configure Caddy for internal service port forwarding (difficult!)
- [ ] Install Portainer for other servers & basic admin tasks
- [ ] Install Forgejo
- [ ] Install Personal Website
- [ ] Install Passbolt
- [ ] Install Pterodactyl Panel
- [ ] Install Immich
- [ ] Restore Forgejo
- [ ] Restore Passbolt
- [ ] Restore Pterodactyl Panel
- [ ] Restore Immich (difficult!)
- [ ] Get myself a treat :3
## Setup ## Setup
### Setting up Sops ### Setting up Sops

1
hosts/andromeda/configuration.nix
View file

@ -17,6 +17,7 @@
# Docker stacks # Docker stacks
./stacks/traefik/docker-compose.nix ./stacks/traefik/docker-compose.nix
./stacks/caddy/docker-compose.nix
]; ];
users.mutableUsers = false; users.mutableUsers = false;

84
hosts/andromeda/stacks/caddy/docker-compose.nix Normal file
View file

@ -0,0 +1,84 @@
# Auto-generated using compose2nix v0.3.1.
{ pkgs, lib, ... }:
{
imports = [
../../../../system/sops.nix
];
# Containers
virtualisation.oci-containers.containers."caddy-web" = {
environmentFiles = [ config.sops.secrets.caddy_docker_env.path ];
image = "caddy-custom:2.10.0-builder";
volumes = [
"${./volume}:/etc/caddy:ro"
"caddy_caddy:/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=curl -sS -k https://127.0.0.1 || exit 1"
"--health-interval=10s"
"--health-retries=3"
"--health-timeout=10s"
"--network=host"
];
};
systemd.services."docker-caddy-web" = {
serviceConfig = {
Restart = lib.mkOverride 90 "on-failure";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-caddy_caddy.service"
];
requires = [
"docker-volume-caddy_caddy.service"
];
partOf = [
"docker-compose-caddy-root.target"
];
wantedBy = [
"docker-compose-caddy-root.target"
];
};
# Volumes
systemd.services."docker-volume-caddy_caddy" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect caddy_caddy || docker volume create caddy_caddy
'';
partOf = [ "docker-compose-caddy-root.target" ];
wantedBy = [ "docker-compose-caddy-root.target" ];
};
# Builds
systemd.services."docker-build-caddy-web" = {
path = [ pkgs.docker pkgs.git ];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /home/tera/Documents/ops/misc-git/nix-infra/hosts/andromeda/stacks/caddy/caddy
docker build -t caddy-custom:2.10.0-builder -f ${./volume/Dockerfile} .
'';
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-caddy-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

8
hosts/andromeda/stacks/caddy/volume/Caddyfile Normal file
View file

@ -0,0 +1,8 @@
hofers.cloud, *.hofers.cloud {
tls {
dns cloudflare {env.CF_API_TOKEN}
resolvers 1.1.1.1
}
reverse_proxy /* 127.0.0.1:8000
}

8
hosts/andromeda/stacks/caddy/volume/Dockerfile Normal file
View file

@ -0,0 +1,8 @@
FROM caddy:2.10.0-builder AS caddy-builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:2.10.0-alpine
COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy

2
secrets

@ -1 +1 @@
Subproject commit 7851d29bba582893f904cf7b9244abd7adaa0068 Subproject commit 05d59e8bdcd23b9877443bebb1e5894992d786fa

1
system/sops.nix
View file

@ -20,6 +20,7 @@ in
neededForUsers = true; neededForUsers = true;
}; };
reverse_proxy_client_privkey = {}; reverse_proxy_client_privkey = {};
caddy_docker_env = {};
}; };
}; };
} }