Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-17 04:58:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

moved haproxy to a service

Browse Source
This commit is contained in:
Richie Cahill
2025-02-02 22:52:57 -05:00
parent f691015920
commit d3aa49f9e4
8 changed files with 34 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
systems/jeeves/docker/cloud_flare_tunnel.nix Normal file
View File

@@ -0,0 +1,18 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
cloud_flare_tunnel = {
image = "cloudflare/cloudflared:2025.1.1";
user = "600:600";
cmd = [
"tunnel"
"run"
];
environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
}

35
systems/jeeves/docker/reverse_proxy.nix
View File

@@ -1,35 +0,0 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:3.1";
user = "600:600";
environment = {
TZ = "Etc/EST";
};
volumes = [
"${vars.storage_secrets}/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem"
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
];
dependsOn = [
"uptime_kuma"
];
extraOptions = [ "--network=web" ];
autoStart = true;
};
cloud_flare_tunnel = {
image = "cloudflare/cloudflared:2025.1.1";
user = "600:600";
cmd = [
"tunnel"
"run"
];
environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"];
dependsOn = [ "haproxy" ];
extraOptions = [ "--network=web" ];
autoStart = true;
};
};
}

1
systems/jeeves/docker/share.nix
View File

@@ -4,6 +4,7 @@ in
{
virtualisation.oci-containers.containers.share = {
image = "ubuntu/apache2:2.4-22.04_beta";
ports = [ "8091:80" ];
volumes = [
"${../../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
"${vars.media_share}:/data"

1
systems/jeeves/docker/uptime_kuma.nix
View File

@@ -4,6 +4,7 @@ in
{
virtualisation.oci-containers.containers = {
uptime_kuma = {
ports = [ "3001:3001" ];
image = "louislam/uptime-kuma:1.23.16-debian";
volumes = [
"${vars.media_docker_configs}/uptime_kuma:/app/data"

6
systems/jeeves/docker/haproxy.cfg → systems/jeeves/services/haproxy.cfg
View File

@@ -22,7 +22,7 @@ defaults
#Application Setup
frontend ContentSwitching
bind *:80
bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
bind *:443 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
mode http
# tmmworkshop.com
acl host_audiobookshelf hdr(host) -i audiobookshelf.tmmworkshop.com
@@ -66,8 +66,8 @@ backend jellyfin
backend share_nodes
mode http
server server share:80
server server 192.168.95.14:8091
backend uptime_kuma_nodes
mode http
server server uptime_kuma:3001
server server 192.168.95.14:3001

8
systems/jeeves/services/haproxy.nix Normal file
View File

@@ -0,0 +1,8 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.haproxy = {
enable = true;
config = builtins.readFile ./haproxy.cfg;
};
}

3
systems/jeeves/services/home_assistant.nix
View File

@@ -16,7 +16,7 @@ in
"192.168.98.4"
];
use_x_forwarded_for = true;
trusted_proxies = "172.18.0.0/24";
trusted_proxies = "192.168.95.0/24";
};
homeassistant = {
time_zone = "America/New_York";
@@ -57,6 +57,7 @@ in
pyownet
rokuecp
uiprotect
wakeonlan
];
extraComponents = [ "isal" ];
};

2
systems/jeeves/services/validate_system.toml
View File

@@ -2,7 +2,7 @@ zpool = ["root_pool", "storage", "torrenting", "media"]
services = [
"audiobookshelf",
"docker-cloud_flare_tunnel",
"docker-haproxy",
"haproxy",
"docker-qbit",
"docker-qbitvpn",
"docker-uptime_kuma",