create universal options for hostnames

This commit is contained in:
Noah Masur 2023-07-07 10:16:07 -06:00
parent c0da8391ef
commit 21cbe29bd8
11 changed files with 67 additions and 92 deletions

View File

@ -125,14 +125,16 @@
mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "git@github.com:nmasur/dotfiles";
gitServer = "git.${baseName}";
metricsServer = "metrics.${baseName}";
prometheusServer = "prom.${baseName}";
secretsServer = "vault.${baseName}";
streamServer = "stream.${baseName}";
contentServer = "cloud.${baseName}";
bookServer = "books.${baseName}";
downloadServer = "download.${baseName}";
hostnames = {
git = "git.${baseName}";
metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
books = "books.${baseName}";
download = "download.${baseName}";
};
};
# Common overlays to always use

View File

@ -66,6 +66,40 @@
description = "List of unfree packages to allow.";
default = [ ];
};
hostnames = {
git = lib.mkOption {
type = lib.types.str;
description = "Hostname for git server (Gitea).";
};
metrics = lib.mkOption {
type = lib.types.str;
description = "Hostname for metrics server.";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";
};
stream = lib.mkOption {
type = lib.types.str;
description = "Hostname for video/media library (Jellyfin).";
};
content = lib.mkOption {
type = lib.types.str;
description = "Hostname for personal content system (Nextcloud).";
};
books = lib.mkOption {
type = lib.types.str;
description = "Hostname for books library (Calibre-Web).";
};
download = lib.mkOption {
type = lib.types.str;
description = "Hostname for download services.";
};
};
};
config = let stateVersion = "23.05";

View File

@ -1,13 +1,6 @@
{ config, lib, ... }: {
options = {
arrs.enable = lib.mkEnableOption "Arr services";
downloadServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for download services";
default = null;
};
};
options = { arrs.enable = lib.mkEnableOption "Arr services"; };
config = lib.mkIf config.arrs.enable {
@ -45,7 +38,7 @@
{
group = "download";
match = [{
host = [ config.arrServer ];
host = [ config.hostnames.download ];
path = [ "/sonarr*" ];
}];
handle = [{
@ -56,7 +49,7 @@
{
group = "download";
match = [{
host = [ config.arrServer ];
host = [ config.hostnames.download ];
path = [ "/radarr*" ];
}];
handle = [{
@ -67,7 +60,7 @@
{
group = "download";
match = [{
host = [ config.arrServer ];
host = [ config.hostnames.download ];
path = [ "/prowlarr*" ];
}];
handle = [{
@ -78,7 +71,7 @@
{
group = "download";
match = [{
host = [ config.arrServer ];
host = [ config.hostnames.download ];
path = [ "/bazarr*" ];
}];
handle = [{
@ -89,7 +82,7 @@
{
group = "download";
match = [{
host = [ config.arrServer ];
host = [ config.hostnames.download ];
path = [ "/sabnzbd*" ];
}];
handle = [{
@ -99,7 +92,7 @@
}
{
group = "download";
match = [{ host = [ config.arrServer ]; }];
match = [{ host = [ config.hostnames.download ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:5055"; }];

View File

@ -7,11 +7,6 @@ let
in {
options = {
bookServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for Calibre library";
default = null;
};
backups.calibre = lib.mkOption {
type = lib.types.bool;
description = "Whether to backup Calibre library";
@ -32,7 +27,7 @@ in {
};
caddy.routes = [{
match = [{ host = [ config.bookServer ]; }];
match = [{ host = [ config.hostnames.books ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8083"; }];

View File

@ -4,16 +4,6 @@ let giteaPath = "/var/lib/gitea"; # Default service directory
in {
options = {
gitServer = lib.mkOption {
description = "Hostname for git server (Gitea).";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.services.gitea.enable {
services.gitea = {
database.type = "sqlite3";
@ -21,7 +11,7 @@ in {
repository = {
DEFAULT_PUSH_CREATE_PRIVATE = true;
DISABLE_HTTP_GIT = false;
ACCESS_CONTROL_ALLOW_ORIGIN = config.gitServer;
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_BRANCH = "main";
@ -29,7 +19,7 @@ in {
server = {
HTTP_PORT = 3001;
HTTP_ADDRESS = "127.0.0.1";
ROOT_URL = "https://${config.gitServer}/";
ROOT_URL = "https://${config.hostnames.git}/";
SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false;
@ -47,7 +37,7 @@ in {
users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [{
match = [{ host = [ config.gitServer ]; }];
match = [{ host = [ config.hostnames.git ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:3001"; }];

View File

@ -1,22 +1,16 @@
{ config, lib, ... }: {
options.metricsServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname of the metrics server.";
default = null;
};
config = lib.mkIf config.services.grafana.enable {
services.grafana.settings.server = {
domain = config.metricsServer;
domain = config.hostnames.metrics;
http_addr = "127.0.0.1";
http_port = 3000;
protocol = "http";
};
caddy.routes = [{
match = [{ host = [ config.metricsServer ]; }];
match = [{ host = [ config.hostnames.metrics ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:3000"; }];

View File

@ -1,20 +1,12 @@
{ config, pkgs, lib, ... }: {
options = {
streamServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for Jellyfin library";
default = null;
};
};
config = lib.mkIf config.services.jellyfin.enable {
services.jellyfin.group = "media";
users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [{
match = [{ host = [ config.streamServer ]; }];
match = [{ host = [ config.hostnames.stream ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8096"; }];

View File

@ -1,15 +1,5 @@
{ config, pkgs, lib, ... }: {
options = {
contentServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname for personal content system (Nextcloud)";
default = null;
};
};
config = lib.mkIf config.services.nextcloud.enable {
services.nextcloud = {
@ -20,7 +10,7 @@
maxUploadSize = "50G";
config = {
adminpassFile = config.secrets.nextcloud.dest;
extraTrustedDomains = [ config.contentServer ];
extraTrustedDomains = [ config.hostnames.content ];
};
};
@ -32,7 +22,7 @@
# Point Caddy to Nginx
caddy.routes = [{
match = [{ host = [ config.contentServer ]; }];
match = [{ host = [ config.hostnames.content ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8080"; }];

View File

@ -1,11 +1,5 @@
{ config, pkgs, lib, ... }: {
options.prometheusServer = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Hostname of the Prometheus server.";
default = null;
};
config = let
# If hosting Grafana, host local Prometheus and listen for inbound jobs. If
@ -20,7 +14,8 @@
job_name = "local";
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
}];
webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}";
webExternalUrl =
lib.mkIf isServer "https://${config.hostnames.prometheus}";
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
webConfigFile = lib.mkIf isServer
((pkgs.formats.yaml { }).generate "webconfig.yml" {
@ -33,7 +28,7 @@
});
remoteWrite = lib.mkIf (!isServer) [{
name = config.networking.hostName;
url = "https://${config.prometheusServer}";
url = "https://${config.hostnames.prometheus}";
basic_auth = {
# Uses password hashed with bcrypt above
username = "prometheus";
@ -56,7 +51,7 @@
};
caddy.routes = lib.mkIf isServer [{
match = [{ host = [ config.prometheusServer ]; }];
match = [{ host = [ config.hostnames.prometheus ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:9090"; }];

View File

@ -42,7 +42,7 @@
# Create reverse proxy for web UI
caddy.routes = lib.mkAfter [{
group = if (config.arrServer == config.transmissionServer) then
group = if (config.hostnames.download == config.transmissionServer) then
"download"
else
"transmission";

View File

@ -4,20 +4,10 @@ let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
in {
options = {
secretsServer = lib.mkOption {
description = "Hostname for passwords and secrets (Vaultwarden).";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkIf config.services.vaultwarden.enable {
services.vaultwarden = {
config = {
DOMAIN = "https://${config.secretsServer}";
DOMAIN = "https://${config.hostnames.secrets}";
SIGNUPS_ALLOWED = false;
SIGNUPS_VERIFY = true;
INVITATIONS_ALLOWED = true;
@ -46,7 +36,7 @@ in {
networking.firewall.allowedTCPPorts = [ 3012 ];
caddy.routes = [{
match = [{ host = [ config.secretsServer ]; }];
match = [{ host = [ config.hostnames.secrets ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8222"; }];