caddy: sigma
This commit is contained in:
parent
c3ce52026e
commit
51c25793b9
11
hosts/sigma/acme.nix
Normal file
11
hosts/sigma/acme.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{...}: {
|
||||
security.acme.certs."caspervk.net" = {
|
||||
domain = "*.caspervk.net";
|
||||
reloadServices = [
|
||||
"caddy.service"
|
||||
];
|
||||
};
|
||||
users.groups.acme.members = [
|
||||
"caddy"
|
||||
];
|
||||
}
|
3
hosts/sigma/caddy.nix
Normal file
3
hosts/sigma/caddy.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
{secrets, ...}: {
|
||||
services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
|
||||
}
|
|
@ -3,9 +3,11 @@
|
|||
../../overlays
|
||||
../../modules/base
|
||||
../../modules/server
|
||||
./hardware.nix
|
||||
#./borg.nix
|
||||
./acme.nix
|
||||
#./borg.nix TODO!
|
||||
./caddy.nix
|
||||
./gitea.nix
|
||||
./hardware.nix
|
||||
./network.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -132,16 +132,23 @@
|
|||
allowedUDPPorts = lib.mkForce [];
|
||||
allowedTCPPortRanges = lib.mkForce [];
|
||||
allowedUDPPortRanges = lib.mkForce [];
|
||||
|
||||
interfaces = {
|
||||
"enp5s0" = {
|
||||
allowedTCPPorts = [22];
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
];
|
||||
};
|
||||
"wg-sigma-public" = {
|
||||
allowedTCPPorts = [22];
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
80 # Caddy
|
||||
443 # Caddy
|
||||
];
|
||||
};
|
||||
"wg-sigma-p2p" = {
|
||||
allowedTCPPorts = [1337];
|
||||
allowedTCPPorts = [
|
||||
1337 # random testing (TODO)
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue