torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Add internal CA
All checks were successful
Run nix flake check / flake-check (push) Successful in 3m31s
Details

Browse Source
This commit is contained in:
Torjus Håkestad 2024-11-30 20:24:43 +01:00
parent d16a35acb4
commit 5844e7b32b
Signed by: torjus
SSH Key Fingerprint: SHA256:KjAds8wHfD2mBYK2H815s/+ABcSdcIHUndwHEdSxml4
4 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
services/http-proxy/proxy.nix
View File

@ -3,33 +3,37 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
configFile = pkgs.writeText "Caddyfile" '' configFile = pkgs.writeText "Caddyfile" ''
http://nzbget.home.2rjus.net { {
acme_ca https://ca.home.2rjus.net/acme/acme/directory
}
nzbget.home.2rjus.net {
log { log {
output file /var/log/caddy/nzbget.log output file /var/log/caddy/nzbget.log
} }
reverse_proxy http://nzbget-jail.home.2rjus.net:6789 reverse_proxy http://nzbget-jail.home.2rjus.net:6789
} }
http://radarr.home.2rjus.net { radarr.home.2rjus.net {
log { log {
output file /var/log/caddy/radarr.log output file /var/log/caddy/radarr.log
} }
reverse_proxy http://radarr-jail.home.2rjus.net:7878 reverse_proxy http://radarr-jail.home.2rjus.net:7878
} }
http://sonarr.home.2rjus.net { sonarr.home.2rjus.net {
log { log {
output file /var/log/caddy/sonarr.log output file /var/log/caddy/sonarr.log
} }
reverse_proxy http://sonarr-jail.home.2rjus.net:8989 reverse_proxy http://sonarr-jail.home.2rjus.net:8989
} }
http://ha.home.2rjus.net { ha.home.2rjus.net {
log { log {
output file /var/log/caddy/ha.log output file /var/log/caddy/ha.log
} }
reverse_proxy http://ha1.home.2rjus.net:8123 reverse_proxy http://ha1.home.2rjus.net:8123
} }
http://z2m.home.2rjus.net { z2m.home.2rjus.net {
log { log {
output file /var/log/caddy/z2m.log output file /var/log/caddy/z2m.log
} }

1
system/default.nix
View File

@ -4,6 +4,7 @@
./monitoring.nix ./monitoring.nix
./packages.nix ./packages.nix
./root-user.nix ./root-user.nix
./root-ca.nix
./sops.nix ./sops.nix
./sshd.nix ./sshd.nix
./weekly-rebuild.nix ./weekly-rebuild.nix

12
system/root-ca.crt Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBxDCCAWmgAwIBAgIQQCSzuOLIKLj1dGbC+NFttjAKBggqhkjOPQQDAjBAMRow
GAYDVQQKExFob21lLjJyanVzLm5ldCBDQTEiMCAGA1UEAxMZaG9tZS4ycmp1cy5u
ZXQgQ0EgUm9vdCBDQTAeFw0yNDEwMjEwOTEyNDRaFw0zNDEwMTkwOTEyNDRaMEAx
GjAYBgNVBAoTEWhvbWUuMnJqdXMubmV0IENBMSIwIAYDVQQDExlob21lLjJyanVz
Lm5ldCBDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGDE4ss9y
9msphQ/Sa/tAoEaGoDHQcg5oRcxWL5SZYjUPNl+zbRZzqkvCz2S1XrHJPiPWbyJX
cZAlPxbwZrWDyKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQEwHQYDVR0OBBYEFPZx6AahX5diBMChZbv5N4dh+vCTMAoGCCqGSM49BAMCA0kA
MEYCIQC6yqMM9/s1Dct5jlq0NAGsDA68hVTDcO3RP61lxQlfBwIhAL1jlmIwaSJc
TjdIMjPQ3ombBRqDJBDvDr8o6oOUjret
-----END CERTIFICATE-----

9
system/root-ca.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
security.pki = {
certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
./root-ca.crt
];
};
}