caddy: generate config via go

kahnwong · Oct 27, 2024 · 89c98d7 · 89c98d7
1 parent 26b3d07
commit 89c98d7
Show file tree

Hide file tree

Showing 4 changed files with 203 additions and 102 deletions.
diff --git a/caddy/config/Caddyfile b/caddy/config/Caddyfile
@@ -1,39 +1,35 @@
 audiobookshelf.karnwong.me {
     reverse_proxy 192.168.1.36:30027
 }
-harbor.karnwong.me {
-    reverse_proxy 192.168.1.36:30500
+authentik.karnwong.me {
+    reverse_proxy 192.168.1.36:30047
 }
-immich.karnwong.me {
-    reverse_proxy 192.168.1.36:30030
+books.karnwong.me {
+    reverse_proxy 192.168.1.36:30032
 }
-jellyfin.karnwong.me {
-    reverse_proxy 192.168.1.36:30003
+console.minio.karnwong.me {
+    reverse_proxy 192.168.1.36:30021
 }
-music.karnwong.me {
-    reverse_proxy 192.168.1.36:30006
+excalidraw.karnwong.me {
+    reverse_proxy 192.168.1.36:30034
 }
-syncthing.karnwong.me {
-    reverse_proxy 192.168.1.36:8384
+gist.karnwong.me {
+    reverse_proxy 192.168.1.36:30039
 }
 git.karnwong.me {
     reverse_proxy 192.168.1.36:30026
 }
-#linkding.karnwong.me {
-#    reverse_proxy 192.168.1.36:30005
-#}
-linkding.karnwong.me {
-    route {
-        reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
-
-        forward_auth http://192.168.1.36:30047 {
-            uri /outpost.goauthentik.io/auth/caddy
-            copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
-            trusted_proxies private_ranges
-        }
-
-        reverse_proxy 192.168.1.36:30005
-    }
+go.karnwong.me {
+    reverse_proxy 192.168.1.36:30042
+}
+harbor.karnwong.me {
+    reverse_proxy 192.168.1.36:30500
+}
+immich.karnwong.me {
+    reverse_proxy 192.168.1.36:30030
+}
+jellyfin.karnwong.me {
+    reverse_proxy 192.168.1.36:30003
 }
 memos.karnwong.me {
     reverse_proxy 192.168.1.36:30031
@@ -44,12 +40,21 @@ miniflux.karnwong.me {
 minio.karnwong.me {
     reverse_proxy 192.168.1.36:30020
 }
-console.minio.karnwong.me {
-    reverse_proxy 192.168.1.36:30021
+music.karnwong.me {
+    reverse_proxy 192.168.1.36:30006
 }
 ntfy.karnwong.me {
     reverse_proxy 192.168.1.36:30022
 }
+pdf.karnwong.me {
+    reverse_proxy 192.168.1.36:30040
+}
+plausible.karnwong.me {
+    reverse_proxy 192.168.1.36:30044
+}
+qa-api.karnwong.me {
+    reverse_proxy 192.168.1.36:30043
+}
 rustpad.karnwong.me {
     reverse_proxy 192.168.1.36:30019
 }
@@ -59,74 +64,19 @@ secrets.karnwong.me {
 share.karnwong.me {
     reverse_proxy 192.168.1.36:30017
 }
-wallabag.karnwong.me {
-    reverse_proxy 192.168.1.36:30009 {
-        transport http {
-            dial_timeout 5m
-            response_header_timeout 5m
-            read_timeout 5m
-            write_timeout 5m
-        }
-    }
-}
-
-(cors) {
-  @cors_preflight method OPTIONS
-  @cors header Origin {args.0}
-
-  handle @cors_preflight {
-    header Access-Control-Allow-Origin "{args.0}"
-    header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, HEAD"
-    header Access-Control-Allow-Headers "Range,If-Match"
-    header Access-Control-Max-Age "3600"
-    respond "" 204
-  }
-
-  handle @cors {
-    header Access-Control-Allow-Origin "{args.0}"
-    header Access-Control-Expose-Headers "ETag"
-  }
-}
-pmtiles.karnwong.me {
-    root * /opt/pmtiles
-    file_server
-
-    import cors https://maps.karnwong.me
-}
-excalidraw.karnwong.me {
-    reverse_proxy 192.168.1.36:30034
-}
-books.karnwong.me {
-    reverse_proxy 192.168.1.36:30032
-}
 subsonic-widgets.karnwong.me {
     reverse_proxy 192.168.1.36:30038
 }
-gist.karnwong.me {
-    reverse_proxy 192.168.1.36:30039
-}
-wakapi.karnwong.me {
-    reverse_proxy 192.168.1.36:30041
-}
-go.karnwong.me {
-    reverse_proxy 192.168.1.36:30042
-}
-qa-api.karnwong.me {
-    reverse_proxy 192.168.1.36:30043
-}
-pdf.karnwong.me {
-    reverse_proxy 192.168.1.36:30040
-}
-plausible.karnwong.me {
-    reverse_proxy 192.168.1.36:30044
+syncthing.karnwong.me {
+    reverse_proxy 192.168.1.36:8384
 }
 thai-tech-cal.karnwong.me {
     reverse_proxy 192.168.1.36:30046
 }
-authentik.karnwong.me {
-    reverse_proxy 192.168.1.36:30047
+wakapi.karnwong.me {
+    reverse_proxy 192.168.1.36:30041
 }
-livegrep.karnwong.me {
+console.mlflow.karnwong.me {
     route {
         reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
 
@@ -136,10 +86,10 @@ livegrep.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.36:30033
+        reverse_proxy 192.168.1.36:30037
     }
 }
-podgrab.karnwong.me {
+dashy.karnwong.me {
     route {
         reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
 
@@ -149,10 +99,10 @@ podgrab.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.36:30004
+        reverse_proxy 192.168.1.36:30023
     }
 }
-dashy.karnwong.me {
+gatus.karnwong.me {
     route {
         reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
 
@@ -162,10 +112,10 @@ dashy.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.36:30023
+        reverse_proxy 192.168.1.36:30029
     }
 }
-gatus.karnwong.me {
+linkding.karnwong.me {
     route {
         reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
 
@@ -175,17 +125,23 @@ gatus.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.36:30029
+        reverse_proxy 192.168.1.36:30005
     }
 }
-proxmox.karnwong.me {
-    reverse_proxy 192.168.1.70:8006 {
-        transport http {
-           tls_insecure_skip_verify
+livegrep.karnwong.me {
+    route {
+        reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
+
+        forward_auth http://192.168.1.36:30047 {
+            uri /outpost.goauthentik.io/auth/caddy
+            copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+            trusted_proxies private_ranges
         }
+
+        reverse_proxy 192.168.1.36:30033
     }
 }
-console.mlflow.karnwong.me {
+podgrab.karnwong.me {
     route {
         reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
 
@@ -195,6 +151,6 @@ console.mlflow.karnwong.me {
             trusted_proxies private_ranges
         }
 
-        reverse_proxy 192.168.1.36:30037
+        reverse_proxy 192.168.1.36:30004
     }
 }
diff --git a/caddy/config/Caddyfile.misc b/caddy/config/Caddyfile.misc
@@ -0,0 +1,40 @@
+wallabag.karnwong.me {
+    reverse_proxy 192.168.1.36:30009 {
+        transport http {
+            dial_timeout 5m
+            response_header_timeout 5m
+            read_timeout 5m
+            write_timeout 5m
+        }
+    }
+}
+(cors) {
+  @cors_preflight method OPTIONS
+  @cors header Origin {args.0}
+
+  handle @cors_preflight {
+    header Access-Control-Allow-Origin "{args.0}"
+    header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE, HEAD"
+    header Access-Control-Allow-Headers "Range,If-Match"
+    header Access-Control-Max-Age "3600"
+    respond "" 204
+  }
+
+  handle @cors {
+    header Access-Control-Allow-Origin "{args.0}"
+    header Access-Control-Expose-Headers "ETag"
+  }
+}
+pmtiles.karnwong.me {
+    root * /opt/pmtiles
+    file_server
+
+    import cors https://maps.karnwong.me
+}
+proxmox.karnwong.me {
+    reverse_proxy 192.168.1.70:8006 {
+        transport http {
+           tls_insecure_skip_verify
+        }
+    }
+}
diff --git a/caddy/main.go b/caddy/main.go
@@ -1,7 +1,111 @@
 package main
 
-import "fmt"
+import (
+	"fmt"
+	"os"
+	"sort"
+)
+
+func generateConfig(services map[string]int) string {
+	config := ""
+
+	keys := make([]string, 0, len(services))
+
+	for k := range services {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	for _, k := range keys {
+		config += fmt.Sprintf(`%s.karnwong.me {
+    reverse_proxy 192.168.1.36:%v
+}
+`, k, services[k])
+	}
+
+	return config
+}
+
+func generateConfigForwardAuth(services map[string]int) string {
+	config := ""
+
+	keys := make([]string, 0, len(services))
+
+	for k := range services {
+		keys = append(keys, k)
+	}
+	sort.Strings(keys)
+
+	for _, k := range keys {
+		config += fmt.Sprintf(`%s.karnwong.me {
+    route {
+        reverse_proxy /outpost.goauthentik.io/* http://192.168.1.36:30047
+
+        forward_auth http://192.168.1.36:30047 {
+            uri /outpost.goauthentik.io/auth/caddy
+            copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
+            trusted_proxies private_ranges
+        }
+
+        reverse_proxy 192.168.1.36:%v
+    }
+}
+`, k, services[k])
+	}
+
+	return config
+}
 
 func main() {
-	fmt.Println("caddy")
+	services := map[string]int{
+		"audiobookshelf":   30027,
+		"authentik":        30047,
+		"books":            30032,
+		"console.minio":    30021,
+		"excalidraw":       30034,
+		"gist":             30039,
+		"git":              30026,
+		"go":               30042,
+		"harbor":           30500,
+		"immich":           30030,
+		"jellyfin":         30003,
+		"memos":            30031,
+		"miniflux":         30007,
+		"minio":            30020,
+		"music":            30006,
+		"ntfy":             30022,
+		"pdf":              30040,
+		"plausible":        30044,
+		"qa-api":           30043,
+		"rustpad":          30019,
+		"secrets":          30025,
+		"share":            30017,
+		"subsonic-widgets": 30038,
+		"syncthing":        8384,
+		"thai-tech-cal":    30046,
+		"wakapi":           30041,
+	}
+	servicesForwardAuth := map[string]int{
+		"console.mlflow": 30037,
+		"dashy":          30023,
+		"gatus":          30029,
+		"linkding":       30005,
+		"livegrep":       30033,
+		"podgrab":        30004,
+	}
+
+	// generate config
+	config := generateConfig(services)
+	configForwardAuth := generateConfigForwardAuth(servicesForwardAuth)
+
+	configAll := config + configForwardAuth
+	fmt.Println(configAll)
+
+	// write to file
+	err := os.WriteFile("./config/Caddyfile", []byte(configAll), 0644)
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("Caddyfile configured")
+
 }