caddy: sigma

2024-04-16 01:49:39 +02:00 · 2024-04-16 01:49:39 +02:00 · ad7db51d8b
parent 6e8309029b
commit ad7db51d8b
4 changed files with 29 additions and 6 deletions
--- a/hosts/sigma/acme.nix
+++ b/hosts/sigma/acme.nix
@ -0,0 +1,11 @@
+{...}: {
+  security.acme.certs."caspervk.net" = {
+    domain = "*.caspervk.net";
+    reloadServices = [
+      "caddy.service"
+    ];
+  };
+  users.groups.acme.members = [
+    "caddy"
+  ];
+}
--- a/hosts/sigma/caddy.nix
+++ b/hosts/sigma/caddy.nix
@ -0,0 +1,3 @@
+{secrets, ...}: {
+  services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
+}
--- a/hosts/sigma/default.nix
+++ b/hosts/sigma/default.nix
@ -3,9 +3,11 @@
    ../../overlays
    ../../modules/base
    ../../modules/server
-    ./hardware.nix
-    #./borg.nix
+    ./acme.nix
+    #./borg.nix TODO!
+    ./caddy.nix
    ./gitea.nix
+    ./hardware.nix
    ./network.nix
  ];

--- a/hosts/sigma/network.nix
+++ b/hosts/sigma/network.nix
@ -132,16 +132,23 @@
    allowedUDPPorts = lib.mkForce [];
    allowedTCPPortRanges = lib.mkForce [];
    allowedUDPPortRanges = lib.mkForce [];
-
    interfaces = {
      "enp5s0" = {
-        allowedTCPPorts = [22];
+        allowedTCPPorts = [
+          22 # SSH
+        ];
      };
      "wg-sigma-public" = {
-        allowedTCPPorts = [22];
+        allowedTCPPorts = [
+          22 # SSH
+          80 # Caddy
+          443 # Caddy
+        ];
      };
      "wg-sigma-p2p" = {
-        allowedTCPPorts = [1337];
+        allowedTCPPorts = [
+          1337 # random testing (TODO)
+        ];
      };
    };
  };