mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-09 22:12:56 +00:00
create universal options for hostnames
This commit is contained in:
parent
c0da8391ef
commit
21cbe29bd8
18
flake.nix
18
flake.nix
@ -125,14 +125,16 @@
|
|||||||
mail.imapHost = "imap.purelymail.com";
|
mail.imapHost = "imap.purelymail.com";
|
||||||
mail.smtpHost = "smtp.purelymail.com";
|
mail.smtpHost = "smtp.purelymail.com";
|
||||||
dotfilesRepo = "git@github.com:nmasur/dotfiles";
|
dotfilesRepo = "git@github.com:nmasur/dotfiles";
|
||||||
gitServer = "git.${baseName}";
|
hostnames = {
|
||||||
metricsServer = "metrics.${baseName}";
|
git = "git.${baseName}";
|
||||||
prometheusServer = "prom.${baseName}";
|
metrics = "metrics.${baseName}";
|
||||||
secretsServer = "vault.${baseName}";
|
prometheus = "prom.${baseName}";
|
||||||
streamServer = "stream.${baseName}";
|
secrets = "vault.${baseName}";
|
||||||
contentServer = "cloud.${baseName}";
|
stream = "stream.${baseName}";
|
||||||
bookServer = "books.${baseName}";
|
content = "cloud.${baseName}";
|
||||||
downloadServer = "download.${baseName}";
|
books = "books.${baseName}";
|
||||||
|
download = "download.${baseName}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Common overlays to always use
|
# Common overlays to always use
|
||||||
|
@ -66,6 +66,40 @@
|
|||||||
description = "List of unfree packages to allow.";
|
description = "List of unfree packages to allow.";
|
||||||
default = [ ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
|
hostnames = {
|
||||||
|
git = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for git server (Gitea).";
|
||||||
|
};
|
||||||
|
metrics = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for metrics server.";
|
||||||
|
};
|
||||||
|
prometheus = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for Prometheus server.";
|
||||||
|
};
|
||||||
|
secrets = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for passwords and secrets (Vaultwarden).";
|
||||||
|
};
|
||||||
|
stream = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for video/media library (Jellyfin).";
|
||||||
|
};
|
||||||
|
content = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for personal content system (Nextcloud).";
|
||||||
|
};
|
||||||
|
books = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for books library (Calibre-Web).";
|
||||||
|
};
|
||||||
|
download = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Hostname for download services.";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = let stateVersion = "23.05";
|
config = let stateVersion = "23.05";
|
||||||
|
@ -1,13 +1,6 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
options = { arrs.enable = lib.mkEnableOption "Arr services"; };
|
||||||
arrs.enable = lib.mkEnableOption "Arr services";
|
|
||||||
downloadServer = lib.mkOption {
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
description = "Hostname for download services";
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf config.arrs.enable {
|
config = lib.mkIf config.arrs.enable {
|
||||||
|
|
||||||
@ -45,7 +38,7 @@
|
|||||||
{
|
{
|
||||||
group = "download";
|
group = "download";
|
||||||
match = [{
|
match = [{
|
||||||
host = [ config.arrServer ];
|
host = [ config.hostnames.download ];
|
||||||
path = [ "/sonarr*" ];
|
path = [ "/sonarr*" ];
|
||||||
}];
|
}];
|
||||||
handle = [{
|
handle = [{
|
||||||
@ -56,7 +49,7 @@
|
|||||||
{
|
{
|
||||||
group = "download";
|
group = "download";
|
||||||
match = [{
|
match = [{
|
||||||
host = [ config.arrServer ];
|
host = [ config.hostnames.download ];
|
||||||
path = [ "/radarr*" ];
|
path = [ "/radarr*" ];
|
||||||
}];
|
}];
|
||||||
handle = [{
|
handle = [{
|
||||||
@ -67,7 +60,7 @@
|
|||||||
{
|
{
|
||||||
group = "download";
|
group = "download";
|
||||||
match = [{
|
match = [{
|
||||||
host = [ config.arrServer ];
|
host = [ config.hostnames.download ];
|
||||||
path = [ "/prowlarr*" ];
|
path = [ "/prowlarr*" ];
|
||||||
}];
|
}];
|
||||||
handle = [{
|
handle = [{
|
||||||
@ -78,7 +71,7 @@
|
|||||||
{
|
{
|
||||||
group = "download";
|
group = "download";
|
||||||
match = [{
|
match = [{
|
||||||
host = [ config.arrServer ];
|
host = [ config.hostnames.download ];
|
||||||
path = [ "/bazarr*" ];
|
path = [ "/bazarr*" ];
|
||||||
}];
|
}];
|
||||||
handle = [{
|
handle = [{
|
||||||
@ -89,7 +82,7 @@
|
|||||||
{
|
{
|
||||||
group = "download";
|
group = "download";
|
||||||
match = [{
|
match = [{
|
||||||
host = [ config.arrServer ];
|
host = [ config.hostnames.download ];
|
||||||
path = [ "/sabnzbd*" ];
|
path = [ "/sabnzbd*" ];
|
||||||
}];
|
}];
|
||||||
handle = [{
|
handle = [{
|
||||||
@ -99,7 +92,7 @@
|
|||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
group = "download";
|
||||||
match = [{ host = [ config.arrServer ]; }];
|
match = [{ host = [ config.hostnames.download ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:5055"; }];
|
upstreams = [{ dial = "localhost:5055"; }];
|
||||||
|
@ -7,11 +7,6 @@ let
|
|||||||
in {
|
in {
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
bookServer = lib.mkOption {
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
description = "Hostname for Calibre library";
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
backups.calibre = lib.mkOption {
|
backups.calibre = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
description = "Whether to backup Calibre library";
|
description = "Whether to backup Calibre library";
|
||||||
@ -32,7 +27,7 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.bookServer ]; }];
|
match = [{ host = [ config.hostnames.books ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:8083"; }];
|
upstreams = [{ dial = "localhost:8083"; }];
|
||||||
|
@ -4,16 +4,6 @@ let giteaPath = "/var/lib/gitea"; # Default service directory
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
gitServer = lib.mkOption {
|
|
||||||
description = "Hostname for git server (Gitea).";
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf config.services.gitea.enable {
|
config = lib.mkIf config.services.gitea.enable {
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
database.type = "sqlite3";
|
database.type = "sqlite3";
|
||||||
@ -21,7 +11,7 @@ in {
|
|||||||
repository = {
|
repository = {
|
||||||
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
||||||
DISABLE_HTTP_GIT = false;
|
DISABLE_HTTP_GIT = false;
|
||||||
ACCESS_CONTROL_ALLOW_ORIGIN = config.gitServer;
|
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
|
||||||
ENABLE_PUSH_CREATE_USER = true;
|
ENABLE_PUSH_CREATE_USER = true;
|
||||||
ENABLE_PUSH_CREATE_ORG = true;
|
ENABLE_PUSH_CREATE_ORG = true;
|
||||||
DEFAULT_BRANCH = "main";
|
DEFAULT_BRANCH = "main";
|
||||||
@ -29,7 +19,7 @@ in {
|
|||||||
server = {
|
server = {
|
||||||
HTTP_PORT = 3001;
|
HTTP_PORT = 3001;
|
||||||
HTTP_ADDRESS = "127.0.0.1";
|
HTTP_ADDRESS = "127.0.0.1";
|
||||||
ROOT_URL = "https://${config.gitServer}/";
|
ROOT_URL = "https://${config.hostnames.git}/";
|
||||||
SSH_PORT = 22;
|
SSH_PORT = 22;
|
||||||
START_SSH_SERVER = false; # Use sshd instead
|
START_SSH_SERVER = false; # Use sshd instead
|
||||||
DISABLE_SSH = false;
|
DISABLE_SSH = false;
|
||||||
@ -47,7 +37,7 @@ in {
|
|||||||
users.users.${config.user}.extraGroups = [ "gitea" ];
|
users.users.${config.user}.extraGroups = [ "gitea" ];
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.gitServer ]; }];
|
match = [{ host = [ config.hostnames.git ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:3001"; }];
|
upstreams = [{ dial = "localhost:3001"; }];
|
||||||
|
@ -1,22 +1,16 @@
|
|||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
options.metricsServer = lib.mkOption {
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
description = "Hostname of the metrics server.";
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf config.services.grafana.enable {
|
config = lib.mkIf config.services.grafana.enable {
|
||||||
|
|
||||||
services.grafana.settings.server = {
|
services.grafana.settings.server = {
|
||||||
domain = config.metricsServer;
|
domain = config.hostnames.metrics;
|
||||||
http_addr = "127.0.0.1";
|
http_addr = "127.0.0.1";
|
||||||
http_port = 3000;
|
http_port = 3000;
|
||||||
protocol = "http";
|
protocol = "http";
|
||||||
};
|
};
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.metricsServer ]; }];
|
match = [{ host = [ config.hostnames.metrics ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:3000"; }];
|
upstreams = [{ dial = "localhost:3000"; }];
|
||||||
|
@ -1,20 +1,12 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
|
||||||
streamServer = lib.mkOption {
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
description = "Hostname for Jellyfin library";
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf config.services.jellyfin.enable {
|
config = lib.mkIf config.services.jellyfin.enable {
|
||||||
|
|
||||||
services.jellyfin.group = "media";
|
services.jellyfin.group = "media";
|
||||||
users.users.jellyfin = { isSystemUser = true; };
|
users.users.jellyfin = { isSystemUser = true; };
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.streamServer ]; }];
|
match = [{ host = [ config.hostnames.stream ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:8096"; }];
|
upstreams = [{ dial = "localhost:8096"; }];
|
||||||
|
@ -1,15 +1,5 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
contentServer = lib.mkOption {
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
description = "Hostname for personal content system (Nextcloud)";
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf config.services.nextcloud.enable {
|
config = lib.mkIf config.services.nextcloud.enable {
|
||||||
|
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
@ -20,7 +10,7 @@
|
|||||||
maxUploadSize = "50G";
|
maxUploadSize = "50G";
|
||||||
config = {
|
config = {
|
||||||
adminpassFile = config.secrets.nextcloud.dest;
|
adminpassFile = config.secrets.nextcloud.dest;
|
||||||
extraTrustedDomains = [ config.contentServer ];
|
extraTrustedDomains = [ config.hostnames.content ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -32,7 +22,7 @@
|
|||||||
|
|
||||||
# Point Caddy to Nginx
|
# Point Caddy to Nginx
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.contentServer ]; }];
|
match = [{ host = [ config.hostnames.content ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:8080"; }];
|
upstreams = [{ dial = "localhost:8080"; }];
|
||||||
|
@ -1,11 +1,5 @@
|
|||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
options.prometheusServer = lib.mkOption {
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
description = "Hostname of the Prometheus server.";
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = let
|
config = let
|
||||||
|
|
||||||
# If hosting Grafana, host local Prometheus and listen for inbound jobs. If
|
# If hosting Grafana, host local Prometheus and listen for inbound jobs. If
|
||||||
@ -20,7 +14,8 @@
|
|||||||
job_name = "local";
|
job_name = "local";
|
||||||
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
|
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
|
||||||
}];
|
}];
|
||||||
webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}";
|
webExternalUrl =
|
||||||
|
lib.mkIf isServer "https://${config.hostnames.prometheus}";
|
||||||
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
|
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
|
||||||
webConfigFile = lib.mkIf isServer
|
webConfigFile = lib.mkIf isServer
|
||||||
((pkgs.formats.yaml { }).generate "webconfig.yml" {
|
((pkgs.formats.yaml { }).generate "webconfig.yml" {
|
||||||
@ -33,7 +28,7 @@
|
|||||||
});
|
});
|
||||||
remoteWrite = lib.mkIf (!isServer) [{
|
remoteWrite = lib.mkIf (!isServer) [{
|
||||||
name = config.networking.hostName;
|
name = config.networking.hostName;
|
||||||
url = "https://${config.prometheusServer}";
|
url = "https://${config.hostnames.prometheus}";
|
||||||
basic_auth = {
|
basic_auth = {
|
||||||
# Uses password hashed with bcrypt above
|
# Uses password hashed with bcrypt above
|
||||||
username = "prometheus";
|
username = "prometheus";
|
||||||
@ -56,7 +51,7 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
caddy.routes = lib.mkIf isServer [{
|
caddy.routes = lib.mkIf isServer [{
|
||||||
match = [{ host = [ config.prometheusServer ]; }];
|
match = [{ host = [ config.hostnames.prometheus ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:9090"; }];
|
upstreams = [{ dial = "localhost:9090"; }];
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
|
|
||||||
# Create reverse proxy for web UI
|
# Create reverse proxy for web UI
|
||||||
caddy.routes = lib.mkAfter [{
|
caddy.routes = lib.mkAfter [{
|
||||||
group = if (config.arrServer == config.transmissionServer) then
|
group = if (config.hostnames.download == config.transmissionServer) then
|
||||||
"download"
|
"download"
|
||||||
else
|
else
|
||||||
"transmission";
|
"transmission";
|
||||||
|
@ -4,20 +4,10 @@ let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
|
|||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
secretsServer = lib.mkOption {
|
|
||||||
description = "Hostname for passwords and secrets (Vaultwarden).";
|
|
||||||
type = lib.types.nullOr lib.types.str;
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf config.services.vaultwarden.enable {
|
config = lib.mkIf config.services.vaultwarden.enable {
|
||||||
services.vaultwarden = {
|
services.vaultwarden = {
|
||||||
config = {
|
config = {
|
||||||
DOMAIN = "https://${config.secretsServer}";
|
DOMAIN = "https://${config.hostnames.secrets}";
|
||||||
SIGNUPS_ALLOWED = false;
|
SIGNUPS_ALLOWED = false;
|
||||||
SIGNUPS_VERIFY = true;
|
SIGNUPS_VERIFY = true;
|
||||||
INVITATIONS_ALLOWED = true;
|
INVITATIONS_ALLOWED = true;
|
||||||
@ -46,7 +36,7 @@ in {
|
|||||||
networking.firewall.allowedTCPPorts = [ 3012 ];
|
networking.firewall.allowedTCPPorts = [ 3012 ];
|
||||||
|
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ host = [ config.secretsServer ]; }];
|
match = [{ host = [ config.hostnames.secrets ]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
handler = "reverse_proxy";
|
handler = "reverse_proxy";
|
||||||
upstreams = [{ dial = "localhost:8222"; }];
|
upstreams = [{ dial = "localhost:8222"; }];
|
||||||
|
Loading…
Reference in New Issue
Block a user