fix: switch to caddy layer4 · devins.page/flake@5e114ea

devins.page / flake

fork atom

configurations for my servers and desktops

nix nixos flake dots dotfiles

fork atom

fix: switch to caddy layer4

devins.page 1 month ago 5e114ea0 9f7275cd

+19 -109

4 changed files

expand all

hosts

bluepill-proxy

default.nix

modules

caddy.nix

socat.nix

modules

nixos

modules

ssh.nix

-1

hosts/bluepill-proxy/default.nix

··· 3 3 ./hardware.nix 4 4 ./modules/caddy.nix 5 5 ./modules/fail2ban.nix 6 - ./modules/socat.nix 7 6 ]; 8 7 9 8 networking.hostName = "bluepill-proxy";

+18

hosts/bluepill-proxy/modules/caddy.nix

··· 5 5 6 6 services.caddy = { 7 7 enable = true; 8 + package = pkgs.caddy.withPlugins { 9 + plugins = [ 10 + "github.com/mholt/caddy-l4@v0.0.0-20251001194302-2e3e6cf60b25" 11 + ]; 12 + hash = "sha256-nIQ3E1gIUqvZA+JMmZmdFy8NMOyuRmA5O+qLi0Ne8s4="; 13 + }; 8 14 email = "devin@devins.page"; 9 15 virtualHosts = { 10 16 "pds.devins.page" = { ··· 33 39 ''; 34 40 }; 35 41 }; 42 + globalConfig = '' 43 + layer4 { 44 + :22 { 45 + @a ssh 46 + route @a { 47 + proxy { 48 + upstream http://100.108.47.83:2222 49 + } 50 + } 51 + } 52 + } 53 + ''; 36 54 }; 37 55 }

-108

hosts/bluepill-proxy/modules/socat.nix

··· 1 - {pkgs, ...}: { 2 - networking.firewall = { 3 - enable = true; 4 - allowedTCPPorts = [22 2222 25565 23343]; 5 - allowedUDPPorts = [25565 23343 24454 22232]; 6 - }; 7 - 8 - # TCP ports 9 - systemd.services.minecraft-tcp-25565 = { 10 - description = "Minecraft TCP 25565 forward"; 11 - wants = ["network-online.target"]; 12 - after = ["network-online.target"]; 13 - serviceConfig = { 14 - ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:25565,reuseaddr,fork TCP:100.108.47.83:25565"; 15 - Restart = "always"; 16 - User = "nobody"; 17 - StandardOutput = "journal"; 18 - StandardError = "journal"; 19 - }; 20 - wantedBy = ["multi-user.target"]; 21 - }; 22 - 23 - systemd.services.minecraft-tcp-23343 = { 24 - description = "Minecraft TCP 23343 forward"; 25 - wants = ["network-online.target"]; 26 - after = ["network-online.target"]; 27 - serviceConfig = { 28 - ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:23343,reuseaddr,fork TCP:100.108.47.83:23343"; 29 - Restart = "always"; 30 - User = "nobody"; 31 - StandardOutput = "journal"; 32 - StandardError = "journal"; 33 - }; 34 - wantedBy = ["multi-user.target"]; 35 - }; 36 - 37 - # UDP ports 38 - systemd.services.minecraft-udp-25565 = { 39 - description = "Minecraft UDP 25565 forward"; 40 - wants = ["network-online.target"]; 41 - after = ["network-online.target"]; 42 - serviceConfig = { 43 - ExecStart = "${pkgs.socat}/bin/socat UDP-LISTEN:25565,reuseaddr,fork UDP:100.108.47.83:25565"; 44 - Restart = "always"; 45 - User = "nobody"; 46 - StandardOutput = "journal"; 47 - StandardError = "journal"; 48 - }; 49 - wantedBy = ["multi-user.target"]; 50 - }; 51 - 52 - systemd.services.minecraft-udp-24454 = { 53 - description = "Minecraft UDP 24454 forward"; 54 - wants = ["network-online.target"]; 55 - after = ["network-online.target"]; 56 - serviceConfig = { 57 - ExecStart = "${pkgs.socat}/bin/socat UDP-LISTEN:24454,reuseaddr,fork UDP:100.108.47.83:24454"; 58 - Restart = "always"; 59 - User = "nobody"; 60 - StandardOutput = "journal"; 61 - StandardError = "journal"; 62 - }; 63 - wantedBy = ["multi-user.target"]; 64 - }; 65 - 66 - systemd.services.minecraft-udp-23343 = { 67 - description = "Minecraft UDP 23343 forward"; 68 - wants = ["network-online.target"]; 69 - after = ["network-online.target"]; 70 - serviceConfig = { 71 - ExecStart = "${pkgs.socat}/bin/socat UDP-LISTEN:23343,reuseaddr,fork UDP:100.108.47.83:23343"; 72 - Restart = "always"; 73 - User = "nobody"; 74 - StandardOutput = "journal"; 75 - StandardError = "journal"; 76 - }; 77 - wantedBy = ["multi-user.target"]; 78 - }; 79 - 80 - systemd.services.minecraft-udp-22232 = { 81 - description = "Minecraft UDP 22232 forward"; 82 - wants = ["network-online.target"]; 83 - after = ["network-online.target"]; 84 - serviceConfig = { 85 - ExecStart = "${pkgs.socat}/bin/socat UDP-LISTEN:22232,reuseaddr,fork UDP:100.108.47.83:22232"; 86 - Restart = "always"; 87 - User = "nobody"; 88 - StandardOutput = "journal"; 89 - StandardError = "journal"; 90 - }; 91 - wantedBy = ["multi-user.target"]; 92 - }; 93 - 94 - services.openssh.ports = [2222]; 95 - systemd.services.ssh-tcp-22 = { 96 - description = "SSH TCP 22 forward"; 97 - wants = ["network-online.target"]; 98 - after = ["network-online.target"]; 99 - serviceConfig = { 100 - ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:22,reuseaddr,fork TCP:100.108.47.83:22"; 101 - Restart = "always"; 102 - User = "root"; 103 - StandardOutput = "journal"; 104 - StandardError = "journal"; 105 - }; 106 - wantedBy = ["multi-user.target"]; 107 - }; 108 - }

modules/nixos/modules/ssh.nix

··· 2 2 services = { 3 3 openssh = { 4 4 enable = true; 5 + ports = [ 2222 ]; 5 6 settings = { 6 7 LogLevel = "VERBOSE"; 7 8 PasswordAuthentication = false;