use public domain for internal services via intra subdomain

2026-04-03 15:16:28 +02:00 · 2026-04-03 15:16:28 +02:00 · de754b0033
commit de754b0033
parent c6c4d905ac
3 changed files with 8 additions and 21 deletions
--- a/constants.nix
+++ b/constants.nix
@ -3,15 +3,12 @@ rec {
  hosts = {
    sid = {
      ip = "100.64.0.6";
      domain = "sid.tail";
    };
    rx4 = {
      ip = "100.64.0.10";
      domain = "rx4.tail";
    };
    vde = {
      ip = "100.64.0.1";
      domain = "vde.tail";
    };
  };
  services = {
@ -27,7 +24,7 @@ rec {
      port = 8085;
    };
    netdata = {
-      fqdn = "netdata.sid.tail";
+      fqdn = "netdata.intra." + domain;
      port = 19999;
    };
    open-webui-oci = {
@ -43,11 +40,11 @@ rec {
      port = 1200;
    };
    vaultwarden = {
-      fqdn = "pw.rx4.tail";
+      fqdn = "pw.intra." + domain;
      port = 8222;
    };
    webdav = {
-      fqdn = "dav.rx4.tail";
+      fqdn = "dav.intra." + domain;
      port = 8080;
    };
  };
--- a/hosts/sid/services/headscale.nix
+++ b/hosts/sid/services/headscale.nix
@ -21,11 +21,10 @@
      .:53 {
        bind ${hosts.sid.ip}
        hosts {
-          ${hosts.sid.ip} sid.tail
+          ${hosts.rx4.ip} ${services.vaultwarden.fqdn}
-          ${hosts.sid.ip} netdata.sid.tail
+          ${hosts.rx4.ip} ${services.webdav.fqdn}
          ${hosts.rx4.ip} rx4.tail
-          ${hosts.rx4.ip} dav.rx4.tail
+          ${hosts.sid.ip} sid.tail
          ${hosts.rx4.ip} pw.rx4.tail
          ${hosts.vde.ip} vde.tail
          fallthrough
        }
@ -54,16 +53,7 @@
    };
    settings = {
      dns = {
-        magic_dns = true;
+        magic_dns = true; # NOTE: should coredns handle everything?
        base_domain = "tail";
        search_domains = [ "tail" ];
        override_local_dns = true;
        nameservers = {
          global = [ "1.1.1.1" ];
          split = {
            "tail" = [ constants.hosts.sid.ip ];
          };
        };
      };
    };
  };
--- a/hosts/sid/services/nginx.nix
+++ b/hosts/sid/services/nginx.nix
@ -35,7 +35,7 @@ in
      port = constants.services.miniflux.port;
    };
    virtualHosts."${constants.services.netdata.fqdn}" = mkVirtualHost {
-      ssl = false;
+      inherit ssl;
      port = constants.services.netdata.port;
    };
    virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost {