noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-11-09 22:12:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

create universal options for hostnames

Browse Source
This commit is contained in:
Noah Masur 2023-07-07 10:16:07 -06:00
parent c0da8391ef
commit 21cbe29bd8
11 changed files with 67 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
flake.nix
View File

@ -125,14 +125,16 @@
mail.imapHost = "imap.purelymail.com"; mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com"; mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "git@github.com:nmasur/dotfiles"; dotfilesRepo = "git@github.com:nmasur/dotfiles";
gitServer = "git.${baseName}"; hostnames = {
metricsServer = "metrics.${baseName}"; git = "git.${baseName}";
prometheusServer = "prom.${baseName}"; metrics = "metrics.${baseName}";
secretsServer = "vault.${baseName}"; prometheus = "prom.${baseName}";
streamServer = "stream.${baseName}"; secrets = "vault.${baseName}";
contentServer = "cloud.${baseName}"; stream = "stream.${baseName}";
bookServer = "books.${baseName}"; content = "cloud.${baseName}";
downloadServer = "download.${baseName}"; books = "books.${baseName}";
download = "download.${baseName}";
};
}; };
# Common overlays to always use # Common overlays to always use

34
modules/common/default.nix
View File

@ -66,6 +66,40 @@
description = "List of unfree packages to allow."; description = "List of unfree packages to allow.";
default = [ ]; default = [ ];
}; };
hostnames = {
git = lib.mkOption {
type = lib.types.str;
description = "Hostname for git server (Gitea).";
};
metrics = lib.mkOption {
type = lib.types.str;
description = "Hostname for metrics server.";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";
};
stream = lib.mkOption {
type = lib.types.str;
description = "Hostname for video/media library (Jellyfin).";
};
content = lib.mkOption {
type = lib.types.str;
description = "Hostname for personal content system (Nextcloud).";
};
books = lib.mkOption {
type = lib.types.str;
description = "Hostname for books library (Calibre-Web).";
};
download = lib.mkOption {
type = lib.types.str;
description = "Hostname for download services.";
};
};
}; };
config = let stateVersion = "23.05"; config = let stateVersion = "23.05";

21
modules/nixos/services/arr.nix
View File

@ -1,13 +1,6 @@
{ config, lib, ... }: { { config, lib, ... }: {
options = { options = { arrs.enable = lib.mkEnableOption "Arr services"; };
arrs.enable = lib.mkEnableOption "Arr services";
downloadServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for download services";
default = null;
};
};
config = lib.mkIf config.arrs.enable { config = lib.mkIf config.arrs.enable {
@ -45,7 +38,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/sonarr*" ]; path = [ "/sonarr*" ];
}]; }];
handle = [{ handle = [{
@ -56,7 +49,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/radarr*" ]; path = [ "/radarr*" ];
}]; }];
handle = [{ handle = [{
@ -67,7 +60,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/prowlarr*" ]; path = [ "/prowlarr*" ];
}]; }];
handle = [{ handle = [{
@ -78,7 +71,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/bazarr*" ]; path = [ "/bazarr*" ];
}]; }];
handle = [{ handle = [{
@ -89,7 +82,7 @@
{ {
group = "download"; group = "download";
match = [{ match = [{
host = [ config.arrServer ]; host = [ config.hostnames.download ];
path = [ "/sabnzbd*" ]; path = [ "/sabnzbd*" ];
}]; }];
handle = [{ handle = [{
@ -99,7 +92,7 @@
} }
{ {
group = "download"; group = "download";
match = [{ host = [ config.arrServer ]; }]; match = [{ host = [ config.hostnames.download ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:5055"; }]; upstreams = [{ dial = "localhost:5055"; }];

7
modules/nixos/services/calibre.nix
View File

@ -7,11 +7,6 @@ let
in { in {
options = { options = {
bookServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for Calibre library";
default = null;
};
backups.calibre = lib.mkOption { backups.calibre = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
description = "Whether to backup Calibre library"; description = "Whether to backup Calibre library";
@ -32,7 +27,7 @@ in {
}; };
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.bookServer ]; }]; match = [{ host = [ config.hostnames.books ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8083"; }]; upstreams = [{ dial = "localhost:8083"; }];

16
modules/nixos/services/gitea.nix
View File

@ -4,16 +4,6 @@ let giteaPath = "/var/lib/gitea"; # Default service directory
in { in {
options = {
gitServer = lib.mkOption {
description = "Hostname for git server (Gitea).";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.services.gitea.enable { config = lib.mkIf config.services.gitea.enable {
services.gitea = { services.gitea = {
database.type = "sqlite3"; database.type = "sqlite3";
@ -21,7 +11,7 @@ in {
repository = { repository = {
DEFAULT_PUSH_CREATE_PRIVATE = true; DEFAULT_PUSH_CREATE_PRIVATE = true;
DISABLE_HTTP_GIT = false; DISABLE_HTTP_GIT = false;
ACCESS_CONTROL_ALLOW_ORIGIN = config.gitServer; ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true; ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_BRANCH = "main"; DEFAULT_BRANCH = "main";
@ -29,7 +19,7 @@ in {
server = { server = {
HTTP_PORT = 3001; HTTP_PORT = 3001;
HTTP_ADDRESS = "127.0.0.1"; HTTP_ADDRESS = "127.0.0.1";
ROOT_URL = "https://${config.gitServer}/"; ROOT_URL = "https://${config.hostnames.git}/";
SSH_PORT = 22; SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false; DISABLE_SSH = false;
@ -47,7 +37,7 @@ in {
users.users.${config.user}.extraGroups = [ "gitea" ]; users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.gitServer ]; }]; match = [{ host = [ config.hostnames.git ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:3001"; }]; upstreams = [{ dial = "localhost:3001"; }];

10
modules/nixos/services/grafana.nix
View File

@ -1,22 +1,16 @@
{ config, lib, ... }: { { config, lib, ... }: {
options.metricsServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname of the metrics server.";
default = null;
};
config = lib.mkIf config.services.grafana.enable { config = lib.mkIf config.services.grafana.enable {
services.grafana.settings.server = { services.grafana.settings.server = {
domain = config.metricsServer; domain = config.hostnames.metrics;
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
http_port = 3000; http_port = 3000;
protocol = "http"; protocol = "http";
}; };
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.metricsServer ]; }]; match = [{ host = [ config.hostnames.metrics ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:3000"; }]; upstreams = [{ dial = "localhost:3000"; }];

10
modules/nixos/services/jellyfin.nix
View File

@ -1,20 +1,12 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options = {
streamServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for Jellyfin library";
default = null;
};
};
config = lib.mkIf config.services.jellyfin.enable { config = lib.mkIf config.services.jellyfin.enable {
services.jellyfin.group = "media"; services.jellyfin.group = "media";
users.users.jellyfin = { isSystemUser = true; }; users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.streamServer ]; }]; match = [{ host = [ config.hostnames.stream ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8096"; }]; upstreams = [{ dial = "localhost:8096"; }];

14
modules/nixos/services/nextcloud.nix
View File

@ -1,15 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options = {
contentServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for personal content system (Nextcloud)";
default = null;
};
};
config = lib.mkIf config.services.nextcloud.enable { config = lib.mkIf config.services.nextcloud.enable {
services.nextcloud = { services.nextcloud = {
@ -20,7 +10,7 @@
maxUploadSize = "50G"; maxUploadSize = "50G";
config = { config = {
adminpassFile = config.secrets.nextcloud.dest; adminpassFile = config.secrets.nextcloud.dest;
extraTrustedDomains = [ config.contentServer ]; extraTrustedDomains = [ config.hostnames.content ];
}; };
}; };
@ -32,7 +22,7 @@
# Point Caddy to Nginx # Point Caddy to Nginx
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.contentServer ]; }]; match = [{ host = [ config.hostnames.content ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8080"; }]; upstreams = [{ dial = "localhost:8080"; }];

13
modules/nixos/services/prometheus.nix
View File

@ -1,11 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options.prometheusServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname of the Prometheus server.";
default = null;
};
config = let config = let
# If hosting Grafana, host local Prometheus and listen for inbound jobs. If # If hosting Grafana, host local Prometheus and listen for inbound jobs. If
@ -20,7 +14,8 @@
job_name = "local"; job_name = "local";
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }]; static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
}]; }];
webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}"; webExternalUrl =
lib.mkIf isServer "https://${config.hostnames.prometheus}";
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/ # Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
webConfigFile = lib.mkIf isServer webConfigFile = lib.mkIf isServer
((pkgs.formats.yaml { }).generate "webconfig.yml" { ((pkgs.formats.yaml { }).generate "webconfig.yml" {
@ -33,7 +28,7 @@
}); });
remoteWrite = lib.mkIf (!isServer) [{ remoteWrite = lib.mkIf (!isServer) [{
name = config.networking.hostName; name = config.networking.hostName;
url = "https://${config.prometheusServer}"; url = "https://${config.hostnames.prometheus}";
basic_auth = { basic_auth = {
# Uses password hashed with bcrypt above # Uses password hashed with bcrypt above
username = "prometheus"; username = "prometheus";
@ -56,7 +51,7 @@
}; };
caddy.routes = lib.mkIf isServer [{ caddy.routes = lib.mkIf isServer [{
match = [{ host = [ config.prometheusServer ]; }]; match = [{ host = [ config.hostnames.prometheus ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:9090"; }]; upstreams = [{ dial = "localhost:9090"; }];

2
modules/nixos/services/transmission.nix
View File

@ -42,7 +42,7 @@
# Create reverse proxy for web UI # Create reverse proxy for web UI
caddy.routes = lib.mkAfter [{ caddy.routes = lib.mkAfter [{
group = if (config.arrServer == config.transmissionServer) then group = if (config.hostnames.download == config.transmissionServer) then
"download" "download"
else else
"transmission"; "transmission";

14
modules/nixos/services/vaultwarden.nix
View File

@ -4,20 +4,10 @@ let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
in { in {
options = {
secretsServer = lib.mkOption {
description = "Hostname for passwords and secrets (Vaultwarden).";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.services.vaultwarden.enable { config = lib.mkIf config.services.vaultwarden.enable {
services.vaultwarden = { services.vaultwarden = {
config = { config = {
DOMAIN = "https://${config.secretsServer}"; DOMAIN = "https://${config.hostnames.secrets}";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true; SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true; INVITATIONS_ALLOWED = true;
@ -46,7 +36,7 @@ in {
networking.firewall.allowedTCPPorts = [ 3012 ]; networking.firewall.allowedTCPPorts = [ 3012 ];
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.secretsServer ]; }]; match = [{ host = [ config.hostnames.secrets ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8222"; }]; upstreams = [{ dial = "localhost:8222"; }];