torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
3f94f7ee9505b44d24077397cc3c5c25aaaa4f9d
nixos-servers/services/http-proxy/proxy.nix
Torjus Håkestad 21db7e9573 acme: migrate from step-ca to OpenBao PKI 
Switch all ACME certificate issuance from step-ca (ca.home.2rjus.net)
to OpenBao PKI (vault.home.2rjus.net:8200/v1/pki_int/acme/directory).

- Update default ACME server in system/acme.nix
- Update Caddy acme_ca in http-proxy and nix-cache services
- Remove labmon service from monitoring01 (step-ca monitoring)
- Remove labmon scrape target and certificate_rules alerts
- Remove alloy.nix (only used for labmon profiling)
- Add docs/plans/cert-monitoring.md for future cert monitoring needs

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-07 18:20:10 +01:00

116 lines
2.7 KiB
Nix
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{ pkgs, ... }:
{
services.caddy = {
enable = true;
package = pkgs.unstable.caddy;
configFile = pkgs.writeText "Caddyfile" ''
{
acme_ca https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
metrics {
per_host
}
}
nzbget.home.2rjus.net {
log {
output file /var/log/caddy/nzbget.log {
mode 644
}
}
reverse_proxy http://nzbget-jail.home.2rjus.net:6789
}
radarr.home.2rjus.net {
log {
output file /var/log/caddy/radarr.log {
mode 644
}
}
reverse_proxy http://radarr-jail.home.2rjus.net:7878
}
sonarr.home.2rjus.net {
log {
output file /var/log/caddy/sonarr.log {
mode 644
}
}
reverse_proxy http://sonarr-jail.home.2rjus.net:8989
}
ha.home.2rjus.net {
log {
output file /var/log/caddy/ha.log {
mode 644
}
}
reverse_proxy http://ha1.home.2rjus.net:8123
}
z2m.home.2rjus.net {
log {
output file /var/log/caddy/z2m.log {
mode 644
}
}
reverse_proxy http://ha1.home.2rjus.net:8080
}
prometheus.home.2rjus.net {
log {
output file /var/log/caddy/prometheus.log {
mode 644
}
}
reverse_proxy http://monitoring01.home.2rjus.net:9090
}
alertmanager.home.2rjus.net {
log {
output file /var/log/caddy/alertmanager.log {
mode 644
}
}
reverse_proxy http://monitoring01.home.2rjus.net:9093
}
grafana.home.2rjus.net {
log {
output file /var/log/caddy/grafana.log {
mode 644
}
}
reverse_proxy http://monitoring01.home.2rjus.net:3000
}
jelly.home.2rjus.net {
log {
output file /var/log/caddy/jelly.log {
mode 644
}
}
reverse_proxy http://jelly01.home.2rjus.net:8096
}
pyroscope.home.2rjus.net {
log {
output file /var/log/caddy/pyroscope.log {
mode 644
}
}
reverse_proxy http://monitoring01.home.2rjus.net:4040
}
pushgw.home.2rjus.net {
log {
output file /var/log/caddy/pushgw.log {
mode 644
}
}
reverse_proxy http://monitoring01.home.2rjus.net:9091
}
http://http-proxy.home.2rjus.net/metrics {
log {
output file /var/log/caddy/caddy-metrics.log {
mode 644
}
}
metrics
}
'';
};
}
Reference in New Issue View Git Blame Copy Permalink