change pdf url, add rss

.env

@@ -22,3 +22,4 @@ PUBLIC_DOMAIN=crescentec.ch
 
 # Personal info
 EMAIL=chris.windler@crescentec.ch
+MAIN_SERVER_NODE_IP=100.64.0.1:443

services/caddy/Caddyfile

@@ -13,7 +13,7 @@
 }
 
 auth.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -23,7 +23,7 @@ auth.{$public_domain} {
 }
 
 audiobookshelf.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -33,7 +33,7 @@ audiobookshelf.{$public_domain} {
 }
 
 gitea.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+        reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -43,18 +43,13 @@ gitea.{$public_domain} {
 }
 
 headscale.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+        reverse_proxy headscale:8080
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
         tls {$email}
         import forward_headers
 }
 
-
 immich.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -64,7 +59,7 @@ immich.{$public_domain} {
 }
 
 ldap.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -74,7 +69,7 @@ ldap.{$public_domain} {
 }
 
 linkwarden.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -84,7 +79,27 @@ linkwarden.{$public_domain} {
 }
 
 mealie.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
+                transport http {
+                        tls_insecure_skip_verify
+                }
+        }
+        tls {$email}
+        import forward_headers
+}
+
+navidrome.{$public_domain} {
+	reverse_proxy {$main_server_ip} {
+                transport http {
+                        tls_insecure_skip_verify
+                }
+        }
+        tls {$email}
+        import forward_headers
+}
+
+ntfy.{$public_domain} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -94,7 +109,7 @@ mealie.{$public_domain} {
 }
 
 paperless.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -104,7 +119,7 @@ paperless.{$public_domain} {
 }
 
 radicale.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -113,8 +128,8 @@ radicale.{$public_domain} {
         import forward_headers
 }
 
-shlink.{$public_domain} {
+rss.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -123,8 +138,8 @@ shlink.{$public_domain} {
         import forward_headers
 }
 
-stirling-pdf.{$public_domain} {
+pdf.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -134,7 +149,7 @@ stirling-pdf.{$public_domain} {
 }
 
 superset.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -144,7 +159,7 @@ superset.{$public_domain} {
 }
 
 vaultwarden.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -154,7 +169,7 @@ vaultwarden.{$public_domain} {
 }
 
 vikunja.{$public_domain} {
-        reverse_proxy ${node_local_ip} {
+	reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }
@@ -164,7 +179,7 @@ vikunja.{$public_domain} {
 }
 
 {$public_domain} {
-        reverse_proxy ${node_local_ip} {
+        reverse_proxy {$main_server_ip} {
                 transport http {
                         tls_insecure_skip_verify
                 }

services/caddy/caddy.yml

@@ -20,7 +20,7 @@ services:
       email: ${EMAIL}
       public_domain: ${PUBLIC_DOMAIN}
       private_domain: ${LOCAL_DOMAIN}
-      node_local_ip: ${NODE_LOCAL_IP}
+      main_server_ip: ${MAIN_SERVER_NODE_IP:-10.10.10.2}
     cap_add:
       - NET_ADMIN
     networks:

services/headscale/config-template.yaml.j2

@@ -10,13 +10,13 @@
 #
 # https://myheadscale.example.com:443
 #
-server_url: http://0.0.0.0:8080
+server_url: {{ headscale_server_url }} 
 
 # Address to listen to / bind to on the server
 #
 # For production:
-listen_addr: 0.0.0.0:8080
 #listen_addr: 127.0.0.1:8080
+listen_addr: {{ headscale_listen_addr }}
 
 # Address to listen to /metrics and /debug, you may want
 # to keep this endpoint private to your internal network
@@ -276,7 +276,7 @@ dns:
   # `base_domain` must be a FQDN, without the trailing dot.
   # The FQDN of the hosts will be
   # `hostname.base_domain` (e.g., _myhost.example.com_).
-  base_domain: example.com
+  base_domain: {{ headscale_base_domain }} 
 
   # Whether to use the local DNS settings of a node or override the local DNS
   # settings (default) and force the use of Headscale's DNS configuration.
@@ -285,10 +285,7 @@ dns:
   # List of DNS servers to expose to clients.
   nameservers:
     global:
-      - 1.1.1.1
+      - {{ dns_nameserver }}
-      - 1.0.0.1
-      - 2606:4700:4700::1111
-      - 2606:4700:4700::1001
 
       # NextDNS (see https://tailscale.com/kb/1218/nextdns/).
       # "abc123" is example NextDNS ID, replace with yours.

services/headscale/headscale.yml

@@ -10,9 +10,10 @@ services:
       - ${SERVICE_PATH}/headscale/lib:/var/lib/headscale
       - ${SERVICE_PATH}/headscale/run:/var/run/headscale
     ports:
-      - 0.0.0.0:1000:8080 # api 
+      - 127.0.0.1:8080:8080 # api 
-      - 0.0.0.0:1001:9090 # metrics
+      - 127.0.0.1:9090:9090 # metrics
     command: serve
+    environment:
     networks:
       - ip4net
     labels: