Initial framework: reusable modules, lib, pkgs, overlays, scripts, sample environment

2026-05-10 19:06:58 +02:00
commit c53d997d07
32 changed files with 1339 additions and 0 deletions
@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+let
+  # Récupère la liste des services depuis la configuration
+  publicServices = config.services.reverse-proxy.publicServices or [];
+in
+{
+  # Options pour le module reverse-proxy
+  options.services.reverse-proxy = {
+    publicServices = lib.mkOption {
+      type = lib.types.listOf (lib.types.submodule {
+        options = {
+          host = lib.mkOption { type = lib.types.str; };
+          internalHost = lib.mkOption { type = lib.types.str; };
+          port = lib.mkOption { type = lib.types.int; default = 80; };
+        };
+      });
+      default = [];
+      description = "Liste des services à exposer via le reverse proxy";
+    };
+  };
+
+  # Configuration de Caddy
+  config = lib.mkIf (config.services.reverse-proxy.publicServices or []) != [] {
+    services.caddy = {
+      enable = true;
+      virtualHosts = map (service: {
+        host = "${service.host}.lagraula.fr";
+        reverseProxy = "http://${service.internalHost}.lagraula.fr:${toString service.port}";
+        tls = {
+          email = config.services.caddy.email or "xavier@lagraula.fr";
+        };
+      }) (config.services.reverse-proxy.publicServices or []);
+
+      # Configuration globale pour Caddy
+      extraConfig = ''
+        {
+          # Rate limiting global (optionnel)
+          rate_limit {
+            requests 100
+            burst 200
+            interval 1m
+          }
+          # Logging
+          log {
+            output file /var/log/caddy/access.log
+          }
+        }
+      '';
+    };
+
+    # Ouvrir les ports firewall pour HTTP/HTTPS
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedUDPPorts = [];
+  };
+}