split up web.nix

2026-04-17 13:08:19 -04:00 · 2024-10-26 10:15:09 -04:00
parent d706ca8fb3
commit 47e01ac591
4 changed files with 36 additions and 24 deletions
--- a/systems/jeeves/docker/reverse_proxy.nix
+++ b/systems/jeeves/docker/reverse_proxy.nix
@@ -0,0 +1,43 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  networking.firewall = {
+    allowedTCPPorts = [ 7844 ];
+    allowedUDPPorts = [ 7844 ];
+  };
+  virtualisation.oci-containers.containers = {
+    haproxy = {
+      image = "haproxy:latest";
+      user = "600:600";
+      environment = {
+        TZ = "Etc/EST";
+      };
+      volumes = [
+        "${vars.storage_secrets}/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem"
+        "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
+      ];
+      dependsOn = [
+        "arch_mirror"
+        "audiobookshelf"
+        "filebrowser"
+        "grafana"
+        "uptime_kuma"
+      ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+    cloud_flare_tunnel = {
+      image = "cloudflare/cloudflared:latest";
+      user = "600:600";
+      cmd = [
+        "tunnel"
+        "run"
+      ];
+      environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"];
+      dependsOn = [ "haproxy" ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+  };
+}