feat: add caddy as reverse proxy

Scrumplex · Scrumplex · commit d95cd17fe1f8 · 2025-08-02T10:50:19.000+02:00
Signed-off-by: Sefa Eyeoglu &lt;contact@scrumplex.net&gt;
diff --git a/machines/andesite/caddy.nix b/machines/andesite/caddy.nix
@@ -0,0 +1,14 @@
+{ ... }:
+{
+  services.caddy = {
+    enable = true;
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      80
+      443
+    ];
+    allowedUDPPorts = [ 443 ];
+  };
+}
diff --git a/machines/andesite/configuration.nix b/machines/andesite/configuration.nix
@@ -15,6 +15,7 @@
     inputs.agenix.nixosModules.age
 
     ./blockgame-meta.nix
+    ./caddy.nix
     ./comin.nix
     ./disks.nix
     ./letterbox.nix
diff --git a/machines/andesite/prometheus/default.nix b/machines/andesite/prometheus/default.nix
@@ -1,4 +1,7 @@
 { config, ... }:
+let
+  fqdn = "prometheus.andesite.prismlauncher.org";
+in
 {
   imports = [
     ./exporters/node.nix
@@ -14,6 +17,7 @@
     ];
 
     globalConfig.scrape_interval = "15s";
+    webExternalUrl = "https://${fqdn}/";
 
     alertmanagers = [
       {
@@ -55,6 +59,10 @@
     config.services.prometheus.port
   ];
 
+  services.caddy.virtualHosts.${fqdn}.extraConfig = ''
+    reverse_proxy localhost:${toString config.services.prometheus.port}
+  '';
+
   environment.persistence."/nix/persistence".directories = [
     "/var/lib/prometheus2"
   ];
diff --git a/main.tf b/main.tf
@@ -42,6 +42,14 @@ resource "cloudflare_dns_record" "andesite6" {
   ttl     = 1
 }
 
+resource "cloudflare_dns_record" "prometheus_andesite" {
+  zone_id = var.zone_id
+  name    = "prometheus.andesite.prismlauncher.org"
+  content = "andesite.prismlauncher.org"
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "local_file" "andesite-facts" {
   content = jsonencode({
     "hostname"     = hcloud_server.andesite.name
