create universal options for hostnames

This commit is contained in:
Noah Masur 2023-07-07 10:16:07 -06:00
parent c0da8391ef
commit 21cbe29bd8
11 changed files with 67 additions and 92 deletions

View File

@ -125,14 +125,16 @@
mail.imapHost = "imap.purelymail.com"; mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com"; mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "git@github.com:nmasur/dotfiles"; dotfilesRepo = "git@github.com:nmasur/dotfiles";
gitServer = "git.${baseName}"; hostnames = {
metricsServer = "metrics.${baseName}"; git = "git.${baseName}";
prometheusServer = "prom.${baseName}"; metrics = "metrics.${baseName}";
secretsServer = "vault.${baseName}"; prometheus = "prom.${baseName}";
streamServer = "stream.${baseName}"; secrets = "vault.${baseName}";
contentServer = "cloud.${baseName}"; stream = "stream.${baseName}";
bookServer = "books.${baseName}"; content = "cloud.${baseName}";
downloadServer = "download.${baseName}"; books = "books.${baseName}";
download = "download.${baseName}";
};
}; };
# Common overlays to always use # Common overlays to always use

View File

@ -66,6 +66,40 @@
description = "List of unfree packages to allow."; description = "List of unfree packages to allow.";
default = [ ]; default = [ ];
}; };
hostnames = {
git = lib.mkOption {
type = lib.types.str;
description = "Hostname for git server (Gitea).";
};
metrics = lib.mkOption {
type = lib.types.str;
description = "Hostname for metrics server.";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";
};
stream = lib.mkOption {
type = lib.types.str;
description = "Hostname for video/media library (Jellyfin).";
};
content = lib.mkOption {
type = lib.types.str;
description = "Hostname for personal content system (Nextcloud).";
};
books = lib.mkOption {
type = lib.types.str;
description = "Hostname for books library (Calibre-Web).";
};
download = lib.mkOption {
type = lib.types.str;
description = "Hostname for download services.";
};
};
}; };
config = let stateVersion = "23.05"; config = let stateVersion = "23.05";

View File

@ -1,13 +1,6 @@
{ config, lib, ... }: { { config, lib, ... }: {
options = { options = { arrs.enable = lib.mkEnableOption "Arr services"; };
arrs.enable = lib.mkEnableOption "Arr services";
downloadServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for download services";
default = null;
};
};
config = lib.mkIf config.arrs.enable { config = lib.mkIf config.arrs.enable {
@ -45,7 +38,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/sonarr*" ]; path = [ "/sonarr*" ];
}]; }];
handle = [{ handle = [{
@ -56,7 +49,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/radarr*" ]; path = [ "/radarr*" ];
}]; }];
handle = [{ handle = [{
@ -67,7 +60,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/prowlarr*" ]; path = [ "/prowlarr*" ];
}]; }];
handle = [{ handle = [{
@ -78,7 +71,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/bazarr*" ]; path = [ "/bazarr*" ];
}]; }];
handle = [{ handle = [{
@ -89,7 +82,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/sabnzbd*" ]; path = [ "/sabnzbd*" ];
}]; }];
handle = [{ handle = [{
@ -99,7 +92,7 @@
} }
{ {
group = "download"; group = "download";
match = [{ host = [ config.arrServer ]; }]; match = [{ host = [ config.hostnames.download ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:5055"; }]; upstreams = [{ dial = "localhost:5055"; }];

View File

@ -7,11 +7,6 @@ let
in { in {
options = { options = {
bookServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for Calibre library";
default = null;
};
backups.calibre = lib.mkOption { backups.calibre = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
description = "Whether to backup Calibre library"; description = "Whether to backup Calibre library";
@ -32,7 +27,7 @@ in {
}; };
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.bookServer ]; }]; match = [{ host = [ config.hostnames.books ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8083"; }]; upstreams = [{ dial = "localhost:8083"; }];

View File

@ -4,16 +4,6 @@ let giteaPath = "/var/lib/gitea"; # Default service directory
in { in {
options = {
gitServer = lib.mkOption {
description = "Hostname for git server (Gitea).";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.services.gitea.enable { config = lib.mkIf config.services.gitea.enable {
services.gitea = { services.gitea = {
database.type = "sqlite3"; database.type = "sqlite3";
@ -21,7 +11,7 @@ in {
repository = { repository = {
DEFAULT_PUSH_CREATE_PRIVATE = true; DEFAULT_PUSH_CREATE_PRIVATE = true;
DISABLE_HTTP_GIT = false; DISABLE_HTTP_GIT = false;
ACCESS_CONTROL_ALLOW_ORIGIN = config.gitServer; ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true; ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_BRANCH = "main"; DEFAULT_BRANCH = "main";
@ -29,7 +19,7 @@ in {
server = { server = {
HTTP_PORT = 3001; HTTP_PORT = 3001;
HTTP_ADDRESS = "127.0.0.1"; HTTP_ADDRESS = "127.0.0.1";
ROOT_URL = "https://${config.gitServer}/"; ROOT_URL = "https://${config.hostnames.git}/";
SSH_PORT = 22; SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false; DISABLE_SSH = false;
@ -47,7 +37,7 @@ in {
users.users.${config.user}.extraGroups = [ "gitea" ]; users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.gitServer ]; }]; match = [{ host = [ config.hostnames.git ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:3001"; }]; upstreams = [{ dial = "localhost:3001"; }];

View File

@ -1,22 +1,16 @@
{ config, lib, ... }: { { config, lib, ... }: {
options.metricsServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname of the metrics server.";
default = null;
};
config = lib.mkIf config.services.grafana.enable { config = lib.mkIf config.services.grafana.enable {
services.grafana.settings.server = { services.grafana.settings.server = {
domain = config.metricsServer; domain = config.hostnames.metrics;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
http_port = 3000; http_port = 3000;
protocol = "http"; protocol = "http";
}; };
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.metricsServer ]; }]; match = [{ host = [ config.hostnames.metrics ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:3000"; }]; upstreams = [{ dial = "localhost:3000"; }];

View File

@ -1,20 +1,12 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options = {
streamServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for Jellyfin library";
default = null;
};
};
config = lib.mkIf config.services.jellyfin.enable { config = lib.mkIf config.services.jellyfin.enable {
services.jellyfin.group = "media"; services.jellyfin.group = "media";
users.users.jellyfin = { isSystemUser = true; }; users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.streamServer ]; }]; match = [{ host = [ config.hostnames.stream ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8096"; }]; upstreams = [{ dial = "localhost:8096"; }];

View File

@ -1,15 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options = {
contentServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for personal content system (Nextcloud)";
default = null;
};
};
config = lib.mkIf config.services.nextcloud.enable { config = lib.mkIf config.services.nextcloud.enable {
services.nextcloud = { services.nextcloud = {
@ -20,7 +10,7 @@
maxUploadSize = "50G"; maxUploadSize = "50G";
config = { config = {
adminpassFile = config.secrets.nextcloud.dest; adminpassFile = config.secrets.nextcloud.dest;
extraTrustedDomains = [ config.contentServer ]; extraTrustedDomains = [ config.hostnames.content ];
}; };
}; };
@ -32,7 +22,7 @@
# Point Caddy to Nginx # Point Caddy to Nginx
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.contentServer ]; }]; match = [{ host = [ config.hostnames.content ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8080"; }]; upstreams = [{ dial = "localhost:8080"; }];

View File

@ -1,11 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options.prometheusServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname of the Prometheus server.";
default = null;
};
config = let config = let
# If hosting Grafana, host local Prometheus and listen for inbound jobs. If # If hosting Grafana, host local Prometheus and listen for inbound jobs. If
@ -20,7 +14,8 @@
job_name = "local"; job_name = "local";
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }]; static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
}]; }];
webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}"; webExternalUrl =
lib.mkIf isServer "https://${config.hostnames.prometheus}";
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/ # Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
webConfigFile = lib.mkIf isServer webConfigFile = lib.mkIf isServer
((pkgs.formats.yaml { }).generate "webconfig.yml" { ((pkgs.formats.yaml { }).generate "webconfig.yml" {
@ -33,7 +28,7 @@
}); });
remoteWrite = lib.mkIf (!isServer) [{ remoteWrite = lib.mkIf (!isServer) [{
name = config.networking.hostName; name = config.networking.hostName;
url = "https://${config.prometheusServer}"; url = "https://${config.hostnames.prometheus}";
basic_auth = { basic_auth = {
# Uses password hashed with bcrypt above # Uses password hashed with bcrypt above
username = "prometheus"; username = "prometheus";
@ -56,7 +51,7 @@
}; };
caddy.routes = lib.mkIf isServer [{ caddy.routes = lib.mkIf isServer [{
match = [{ host = [ config.prometheusServer ]; }]; match = [{ host = [ config.hostnames.prometheus ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:9090"; }]; upstreams = [{ dial = "localhost:9090"; }];

View File

@ -42,7 +42,7 @@
# Create reverse proxy for web UI # Create reverse proxy for web UI
caddy.routes = lib.mkAfter [{ caddy.routes = lib.mkAfter [{
group = if (config.arrServer == config.transmissionServer) then group = if (config.hostnames.download == config.transmissionServer) then
"download" "download"
else else
"transmission"; "transmission";

View File

@ -4,20 +4,10 @@ let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
in { in {
options = {
secretsServer = lib.mkOption {
description = "Hostname for passwords and secrets (Vaultwarden).";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.services.vaultwarden.enable { config = lib.mkIf config.services.vaultwarden.enable {
services.vaultwarden = { services.vaultwarden = {
config = { config = {
DOMAIN = "https://${config.secretsServer}"; DOMAIN = "https://${config.hostnames.secrets}";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true; SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true; INVITATIONS_ALLOWED = true;
@ -46,7 +36,7 @@ in {
networking.firewall.allowedTCPPorts = [ 3012 ]; networking.firewall.allowedTCPPorts = [ 3012 ];
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.secretsServer ]; }]; match = [{ host = [ config.hostnames.secrets ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8222"; }]; upstreams = [{ dial = "localhost:8222"; }];