chore: move caddy to common settings

2025-05-10 00:27:51 +08:00 · 2025-05-10 00:27:51 +08:00 · 9b3e4038a9
commit 9b3e4038a9
parent e78f1fe200
21 changed files with 69 additions and 6709 deletions
--- a/machines/weilite/default.nix
+++ b/machines/weilite/default.nix
@ -32,6 +32,7 @@
      };
      comin.enable = true;
      network.localdns.enable = true;
+      serverComponents.enable = true;
    };

    boot = {
--- a/machines/weilite/services/caddy.nix
+++ b/machines/weilite/services/caddy.nix
@ -35,13 +35,6 @@
      }";
    in
    {
-      enable = true;
-      package = pkgs.caddy.withPlugins {
-        plugins = [
-          "github.com/caddy-dns/cloudflare@v0.2.1"
-        ];
-        hash = "sha256-saKJatiBZ4775IV2C5JLOmZ4BwHKFtRZan94aS5pO90=";
-      };
      virtualHosts."derper00.namely.icu:8443".extraConfig = ''
        ${acmeCF}
        reverse_proxy 127.0.0.1:${toString config.services.tailscale.derper.port}
@ -52,10 +45,7 @@
      '';
    };

-  networking.firewall.allowedTCPPorts = [
-    8000
-    8443
-  ];
+  networking.firewall.allowedTCPPorts = [ 8443 ];

  systemd.services.caddy = {
    serviceConfig = {
--- a/machines/weilite/services/jellyfin.nix
+++ b/machines/weilite/services/jellyfin.nix
@ -19,7 +19,7 @@ in
  services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:8920".extraConfig = ''
    reverse_proxy 127.0.0.1:8096
  '';
-  networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan
+
  users.users.jellyfin.extraGroups = [ "render" ];
  users.groups.media.members = [ cfg.user ];
 }
--- a/machines/weilite/services/ocis.nix
+++ b/machines/weilite/services/ocis.nix
@ -27,7 +27,6 @@
    # environmentFile = config.sops.secrets."ocis/env".path;
  };

-  networking.firewall.allowedTCPPorts = [ 8443 ];
  services.caddy.virtualHosts."${config.services.ocis.url}".extraConfig = ''
    reverse_proxy ${config.services.ocis.address}:${toString config.services.ocis.port}
  '';
--- a/machines/weilite/services/restic.nix
+++ b/machines/weilite/services/restic.nix
@ -38,8 +38,6 @@ in
    (mkPrune "xin" "thorite")
  ];

-  networking.firewall.allowedTCPPorts = [ 8443 ];
-
  services.caddy.virtualHosts."https://backup.xinyang.life:8443".extraConfig = ''
    tls {
      dns dnspod {env.DNSPOD_API_TOKEN}
--- a/machines/weilite/services/transmission.nix
+++ b/machines/weilite/services/transmission.nix
@ -73,6 +73,8 @@ in
      watch-dir-enabled = false;
    };
  };
+
+  networking.firewall.allowedTCPPorts = [ 9091 ];
  services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:9091".extraConfig = ''
    reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port}
  '';
@ -93,6 +95,5 @@ in
    };
  };

-  networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan
  users.groups.media.members = [ cfg.user ];
 }