From ad7db51d8bb6aa291651badf47346e692e35b4d6 Mon Sep 17 00:00:00 2001 From: "Casper V. Kristensen" Date: Tue, 16 Apr 2024 01:49:39 +0200 Subject: [PATCH] caddy: sigma --- hosts/sigma/acme.nix | 11 +++++++++++ hosts/sigma/caddy.nix | 3 +++ hosts/sigma/default.nix | 6 ++++-- hosts/sigma/network.nix | 15 +++++++++++---- 4 files changed, 29 insertions(+), 6 deletions(-) create mode 100644 hosts/sigma/acme.nix create mode 100644 hosts/sigma/caddy.nix diff --git a/hosts/sigma/acme.nix b/hosts/sigma/acme.nix new file mode 100644 index 0000000..bfdba92 --- /dev/null +++ b/hosts/sigma/acme.nix @@ -0,0 +1,11 @@ +{...}: { + security.acme.certs."caspervk.net" = { + domain = "*.caspervk.net"; + reloadServices = [ + "caddy.service" + ]; + }; + users.groups.acme.members = [ + "caddy" + ]; +} diff --git a/hosts/sigma/caddy.nix b/hosts/sigma/caddy.nix new file mode 100644 index 0000000..cb12155 --- /dev/null +++ b/hosts/sigma/caddy.nix @@ -0,0 +1,3 @@ +{secrets, ...}: { + services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts; +} diff --git a/hosts/sigma/default.nix b/hosts/sigma/default.nix index 1c002ce..969053d 100644 --- a/hosts/sigma/default.nix +++ b/hosts/sigma/default.nix @@ -3,9 +3,11 @@ ../../overlays ../../modules/base ../../modules/server - ./hardware.nix - #./borg.nix + ./acme.nix + #./borg.nix TODO! + ./caddy.nix ./gitea.nix + ./hardware.nix ./network.nix ]; diff --git a/hosts/sigma/network.nix b/hosts/sigma/network.nix index 795bd73..a1cd821 100644 --- a/hosts/sigma/network.nix +++ b/hosts/sigma/network.nix @@ -132,16 +132,23 @@ allowedUDPPorts = lib.mkForce []; allowedTCPPortRanges = lib.mkForce []; allowedUDPPortRanges = lib.mkForce []; - interfaces = { "enp5s0" = { - allowedTCPPorts = [22]; + allowedTCPPorts = [ + 22 # SSH + ]; }; "wg-sigma-public" = { - allowedTCPPorts = [22]; + allowedTCPPorts = [ + 22 # SSH + 80 # Caddy + 443 # Caddy + ]; }; "wg-sigma-p2p" = { - allowedTCPPorts = [1337]; + allowedTCPPorts = [ + 1337 # random testing (TODO) + ]; }; }; };