caddy: enable tailscale https

2022-06-29 16:03:48 -04:00 · 2022-06-29 16:03:48 -04:00 · 7999ff7e26
commit 7999ff7e26
parent 80fb573166
3 changed files with 39 additions and 29 deletions
--- a/hosts/marvin/configuration.nix
+++ b/hosts/marvin/configuration.nix
@ -23,6 +23,7 @@
    # Running Services
    ./services/adguardhome.nix
    ./services/avahi.nix
+    ./services/caddy.nix
    ./services/cf-dyndns.nix
    ./services/cloudflared.nix
    ./services/hydra.nix
--- a/hosts/marvin/services/caddy.nix
+++ b/hosts/marvin/services/caddy.nix
@ -7,36 +7,44 @@
  services.caddy = {
    enable = true;
    email = "hedgehog@mrhedgehog.xyz";
-    # globalConfig = ''
-    # '';
-    virtualHosts = {
-      "cache.thehedgehog.me" = {
-        extraConfig = ''
-          import cf_tls
-          reverse_proxy http://localhost:5000
+    globalConfig = ''
+      http_port 81
    '';
-      };
-      "hydra.thehedgehog.me" = {
    extraConfig = ''
-          import cf_tls
-          reverse_proxy http://localhost:3000
-        '';
-      };
-      "reddit.thehedgehog.me" = {
-        extraConfig = ''
-          import cf_tls
-          reverse_proxy http://localhost:4000
-        '';
-      };
-    };
-    extraConfig = ''
-      (cf_tls) {
-        tls ${config.age.secrets.thehedgehog-pem.path} ${config.age.secrets.thehedgehog-key.path} {
-          protocols tls1.3
-          client_auth {
-            mode require_and_verify
-            trusted_ca_cert_file ${config.age.secrets.cloudflare-ca.path}
+      *.tailnet-a79e.ts.net {
+        @libreddit host libreddit.tailnet-a79e.ts.net
+        handle @libreddit {
+          reverse_proxy localhost:4000
        }
+
+        @hydra host hydra.tailnet-a79e.ts.net
+        handle @hydra {
+          reverse_proxy localhost:3000
+        }
+
+        @radicale host dav.tailnet-a79e.ts.net
+        handle @radicale {
+          reverse_proxy localhost:5352
+        }
+
+        @vaultwarden host bw.tailnet-a79e.ts.net
+        handle @vaultwarden {
+          reverse_proxy localhost:8000
+        }
+
+        @miniflux host bw.tailnet-a79e.ts.net
+        handle @miniflux {
+          reverse_proxy localhost:6000
+        }
+
+        @jellyfin host media.tailnet-a79e.ts.net
+        handle @jellyfin {
+          reverse_proxy localhost:8096
+        }
+
+        @rssbridge host rss-bridge.tailnet-a79e.ts.net
+        handle @rssbridge {
+          reverse_proxy localhost:80
        }
      }
    '';
--- a/hosts/marvin/services/tailscale.nix
+++ b/hosts/marvin/services/tailscale.nix
@ -1,6 +1,7 @@
 {config, ...}: {
  services.tailscale = {
    enable = true;
+    permitCertUid = "962";
  };
  networking.firewall = {
    trustedInterfaces = [ "tailscale0" ];