caddy: sigma

2024-04-16 01:49:39 +02:00 · 2024-04-16 01:49:39 +02:00 · 51c25793b9
parent c3ce52026e
commit 51c25793b9
4 changed files with 29 additions and 6 deletions
--- a/hosts/sigma/acme.nix
+++ b/hosts/sigma/acme.nix
@ -0,0 +1,11 @@
 {...}: {
  security.acme.certs."caspervk.net" = {
    domain = "*.caspervk.net";
    reloadServices = [
      "caddy.service"
    ];
  };
  users.groups.acme.members = [
    "caddy"
  ];
 }
--- a/hosts/sigma/caddy.nix
+++ b/hosts/sigma/caddy.nix
@ -0,0 +1,3 @@
 {secrets, ...}: {
  services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
 }
--- a/hosts/sigma/default.nix
+++ b/hosts/sigma/default.nix
@ -3,9 +3,11 @@
    ../../overlays
    ../../modules/base
    ../../modules/server
-    ./hardware.nix
+    ./acme.nix
-    #./borg.nix
+    #./borg.nix TODO!
    ./caddy.nix
    ./gitea.nix
    ./hardware.nix
    ./network.nix
  ];
--- a/hosts/sigma/network.nix
+++ b/hosts/sigma/network.nix
@ -132,16 +132,23 @@
    allowedUDPPorts = lib.mkForce [];
    allowedTCPPortRanges = lib.mkForce [];
    allowedUDPPortRanges = lib.mkForce [];
    interfaces = {
      "enp5s0" = {
-        allowedTCPPorts = [22];
+        allowedTCPPorts = [
          22 # SSH
        ];
      };
      "wg-sigma-public" = {
-        allowedTCPPorts = [22];
+        allowedTCPPorts = [
          22 # SSH
          80 # Caddy
          443 # Caddy
        ];
      };
      "wg-sigma-p2p" = {
-        allowedTCPPorts = [1337];
+        allowedTCPPorts = [
          1337 # random testing (TODO)
        ];
      };
    };
  };