motiejus/config
1
Fork 0
Code Packages Releases Activity

hass

Browse Source
This commit is contained in:
Motiejus Jakštys
2023-11-14 09:01:02 +02:00
parent 2af9421074
commit c3bb5e41d6
4 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/vno1-oh2/configuration.nix
View File

@@ -173,6 +173,7 @@
enable = true;
zones."irc.jakstys.lt".accountKey = accountKey;
zones."hdd.jakstys.lt".accountKey = accountKey;
zones."hass.jakstys.lt".accountKey = accountKey;
zones."grafana.jakstys.lt".accountKey = accountKey;
zones."bitwarden.jakstys.lt".accountKey = accountKey;
};
@@ -250,6 +251,12 @@
metrics
}
'';
virtualHosts."hass.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied
reverse_proxy 127.0.0.1:8123
tls {$CREDENTIALS_DIRECTORY}/hass.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/hass.jakstys.lt-key.pem
'';
virtualHosts."grafana.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied
@@ -526,20 +533,25 @@
systemd.services = {
caddy = let
hass = config.mj.services.nsd-acme.zones."hass.jakstys.lt";
grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
in {
serviceConfig.LoadCredential = [
"hass.jakstys.lt-cert.pem:${hass.certFile}"
"hass.jakstys.lt-key.pem:${hass.keyFile}"
"grafana.jakstys.lt-cert.pem:${grafana.certFile}"
"grafana.jakstys.lt-key.pem:${grafana.keyFile}"
"bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}"
"bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
];
after = [
"nsd-acme-hass.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service"
];
requires = [
"nsd-acme-hass.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service"
];
@@ -610,6 +622,7 @@
wantedBy = ["multi-user.target"];
pathConfig = {
PathChanged = [
config.mj.services.nsd-acme.zones."hass.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile
];