caddy: enable tailscale https
This commit is contained in:
parent
80fb573166
commit
7999ff7e26
3 changed files with 39 additions and 29 deletions
|
@ -23,6 +23,7 @@
|
||||||
# Running Services
|
# Running Services
|
||||||
./services/adguardhome.nix
|
./services/adguardhome.nix
|
||||||
./services/avahi.nix
|
./services/avahi.nix
|
||||||
|
./services/caddy.nix
|
||||||
./services/cf-dyndns.nix
|
./services/cf-dyndns.nix
|
||||||
./services/cloudflared.nix
|
./services/cloudflared.nix
|
||||||
./services/hydra.nix
|
./services/hydra.nix
|
||||||
|
|
|
@ -7,36 +7,44 @@
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
email = "hedgehog@mrhedgehog.xyz";
|
email = "hedgehog@mrhedgehog.xyz";
|
||||||
# globalConfig = ''
|
globalConfig = ''
|
||||||
# '';
|
http_port 81
|
||||||
virtualHosts = {
|
'';
|
||||||
"cache.thehedgehog.me" = {
|
|
||||||
extraConfig = ''
|
|
||||||
import cf_tls
|
|
||||||
reverse_proxy http://localhost:5000
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"hydra.thehedgehog.me" = {
|
|
||||||
extraConfig = ''
|
|
||||||
import cf_tls
|
|
||||||
reverse_proxy http://localhost:3000
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"reddit.thehedgehog.me" = {
|
|
||||||
extraConfig = ''
|
|
||||||
import cf_tls
|
|
||||||
reverse_proxy http://localhost:4000
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
(cf_tls) {
|
*.tailnet-a79e.ts.net {
|
||||||
tls ${config.age.secrets.thehedgehog-pem.path} ${config.age.secrets.thehedgehog-key.path} {
|
@libreddit host libreddit.tailnet-a79e.ts.net
|
||||||
protocols tls1.3
|
handle @libreddit {
|
||||||
client_auth {
|
reverse_proxy localhost:4000
|
||||||
mode require_and_verify
|
}
|
||||||
trusted_ca_cert_file ${config.age.secrets.cloudflare-ca.path}
|
|
||||||
}
|
@hydra host hydra.tailnet-a79e.ts.net
|
||||||
|
handle @hydra {
|
||||||
|
reverse_proxy localhost:3000
|
||||||
|
}
|
||||||
|
|
||||||
|
@radicale host dav.tailnet-a79e.ts.net
|
||||||
|
handle @radicale {
|
||||||
|
reverse_proxy localhost:5352
|
||||||
|
}
|
||||||
|
|
||||||
|
@vaultwarden host bw.tailnet-a79e.ts.net
|
||||||
|
handle @vaultwarden {
|
||||||
|
reverse_proxy localhost:8000
|
||||||
|
}
|
||||||
|
|
||||||
|
@miniflux host bw.tailnet-a79e.ts.net
|
||||||
|
handle @miniflux {
|
||||||
|
reverse_proxy localhost:6000
|
||||||
|
}
|
||||||
|
|
||||||
|
@jellyfin host media.tailnet-a79e.ts.net
|
||||||
|
handle @jellyfin {
|
||||||
|
reverse_proxy localhost:8096
|
||||||
|
}
|
||||||
|
|
||||||
|
@rssbridge host rss-bridge.tailnet-a79e.ts.net
|
||||||
|
handle @rssbridge {
|
||||||
|
reverse_proxy localhost:80
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{config, ...}: {
|
{config, ...}: {
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
permitCertUid = "962";
|
||||||
};
|
};
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
trustedInterfaces = [ "tailscale0" ];
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
|
|
Loading…
Reference in a new issue