moved haproxy to a service

2026-04-17 13:08:19 -04:00 · 2025-02-02 22:52:57 -05:00
parent f691015920
commit d3aa49f9e4
8 changed files with 34 additions and 40 deletions
--- a/systems/jeeves/services/haproxy.cfg
+++ b/systems/jeeves/services/haproxy.cfg
@@ -0,0 +1,73 @@
+global
+  log stdout format raw local0
+  # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+  stats timeout 30s
+
+defaults
+  log global
+  mode http
+  retries 3
+  maxconn 2000
+  timeout connect 5s
+  timeout client 50s
+  timeout server 50s
+  timeout http-request 10s
+  timeout http-keep-alive 2s
+  timeout queue 5s
+  timeout tunnel 2m
+  timeout client-fin 1s
+  timeout server-fin 1s
+
+
+#Application Setup
+frontend ContentSwitching
+  bind *:80
+  bind *:443 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
+  mode  http
+  # tmmworkshop.com
+  acl host_audiobookshelf  hdr(host) -i audiobookshelf.tmmworkshop.com
+  acl host_cache  hdr(host) -i cache.tmmworkshop.com
+  acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
+  acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
+  acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
+  acl host_share  hdr(host) -i share.tmmworkshop.com
+  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
+
+  use_backend audiobookshelf_nodes if host_audiobookshelf
+  use_backend cache_nodes  if host_cache
+  use_backend filebrowser_nodes  if host_filebrowser
+  use_backend homeassistant_nodes  if host_homeassistant
+  use_backend jellyfin if host_jellyfin
+  use_backend share_nodes  if host_share
+  use_backend uptime_kuma_nodes  if host_uptime_kuma
+
+backend audiobookshelf_nodes
+  mode http
+  server server 192.168.90.40:8000
+
+backend cache_nodes
+  mode http
+  server server 192.168.90.40:5000
+
+backend filebrowser_nodes
+  mode http
+  server server 192.168.90.40:8080
+
+backend homeassistant_nodes
+  mode http
+  server server 192.168.95.14:8123
+
+backend jellyfin
+    option httpchk
+    option forwardfor
+    http-check send meth GET uri /health
+    http-check expect string Healthy
+    server jellyfin 192.168.95.14:8096
+
+backend share_nodes
+  mode http
+  server server 192.168.95.14:8091
+
+backend uptime_kuma_nodes
+  mode http
+  server server 192.168.95.14:3001
--- a/systems/jeeves/services/haproxy.nix
+++ b/systems/jeeves/services/haproxy.nix
@@ -0,0 +1,8 @@
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.haproxy = {
+    enable = true;
+    config = builtins.readFile ./haproxy.cfg;
+  };
+}
--- a/systems/jeeves/services/home_assistant.nix
+++ b/systems/jeeves/services/home_assistant.nix
@@ -16,7 +16,7 @@ in
            "192.168.98.4"
          ];
          use_x_forwarded_for = true;
-          trusted_proxies = "172.18.0.0/24";
+          trusted_proxies = "192.168.95.0/24";
        };
        homeassistant = {
          time_zone = "America/New_York";
@@ -57,6 +57,7 @@ in
          pyownet
          rokuecp
          uiprotect
+          wakeonlan
        ];
      extraComponents = [ "isal" ];
    };
--- a/systems/jeeves/services/validate_system.toml
+++ b/systems/jeeves/services/validate_system.toml
@@ -2,7 +2,7 @@ zpool = ["root_pool", "storage", "torrenting", "media"]
 services = [
    "audiobookshelf",
    "docker-cloud_flare_tunnel",
-    "docker-haproxy",
+    "haproxy",
    "docker-qbit",
    "docker-qbitvpn",
    "docker-uptime_kuma",