mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-26 07:15:37 +00:00
create universal options for hostnames
This commit is contained in:
parent
c0da8391ef
commit
21cbe29bd8
18
flake.nix
18
flake.nix
@ -125,14 +125,16 @@
|
||||
mail.imapHost = "imap.purelymail.com";
|
||||
mail.smtpHost = "smtp.purelymail.com";
|
||||
dotfilesRepo = "git@github.com:nmasur/dotfiles";
|
||||
gitServer = "git.${baseName}";
|
||||
metricsServer = "metrics.${baseName}";
|
||||
prometheusServer = "prom.${baseName}";
|
||||
secretsServer = "vault.${baseName}";
|
||||
streamServer = "stream.${baseName}";
|
||||
contentServer = "cloud.${baseName}";
|
||||
bookServer = "books.${baseName}";
|
||||
downloadServer = "download.${baseName}";
|
||||
hostnames = {
|
||||
git = "git.${baseName}";
|
||||
metrics = "metrics.${baseName}";
|
||||
prometheus = "prom.${baseName}";
|
||||
secrets = "vault.${baseName}";
|
||||
stream = "stream.${baseName}";
|
||||
content = "cloud.${baseName}";
|
||||
books = "books.${baseName}";
|
||||
download = "download.${baseName}";
|
||||
};
|
||||
};
|
||||
|
||||
# Common overlays to always use
|
||||
|
@ -66,6 +66,40 @@
|
||||
description = "List of unfree packages to allow.";
|
||||
default = [ ];
|
||||
};
|
||||
hostnames = {
|
||||
git = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for git server (Gitea).";
|
||||
};
|
||||
metrics = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for metrics server.";
|
||||
};
|
||||
prometheus = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for Prometheus server.";
|
||||
};
|
||||
secrets = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for passwords and secrets (Vaultwarden).";
|
||||
};
|
||||
stream = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for video/media library (Jellyfin).";
|
||||
};
|
||||
content = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for personal content system (Nextcloud).";
|
||||
};
|
||||
books = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for books library (Calibre-Web).";
|
||||
};
|
||||
download = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Hostname for download services.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = let stateVersion = "23.05";
|
||||
|
@ -1,13 +1,6 @@
|
||||
{ config, lib, ... }: {
|
||||
|
||||
options = {
|
||||
arrs.enable = lib.mkEnableOption "Arr services";
|
||||
downloadServer = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Hostname for download services";
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
options = { arrs.enable = lib.mkEnableOption "Arr services"; };
|
||||
|
||||
config = lib.mkIf config.arrs.enable {
|
||||
|
||||
@ -45,7 +38,7 @@
|
||||
{
|
||||
group = "download";
|
||||
match = [{
|
||||
host = [ config.arrServer ];
|
||||
host = [ config.hostnames.download ];
|
||||
path = [ "/sonarr*" ];
|
||||
}];
|
||||
handle = [{
|
||||
@ -56,7 +49,7 @@
|
||||
{
|
||||
group = "download";
|
||||
match = [{
|
||||
host = [ config.arrServer ];
|
||||
host = [ config.hostnames.download ];
|
||||
path = [ "/radarr*" ];
|
||||
}];
|
||||
handle = [{
|
||||
@ -67,7 +60,7 @@
|
||||
{
|
||||
group = "download";
|
||||
match = [{
|
||||
host = [ config.arrServer ];
|
||||
host = [ config.hostnames.download ];
|
||||
path = [ "/prowlarr*" ];
|
||||
}];
|
||||
handle = [{
|
||||
@ -78,7 +71,7 @@
|
||||
{
|
||||
group = "download";
|
||||
match = [{
|
||||
host = [ config.arrServer ];
|
||||
host = [ config.hostnames.download ];
|
||||
path = [ "/bazarr*" ];
|
||||
}];
|
||||
handle = [{
|
||||
@ -89,7 +82,7 @@
|
||||
{
|
||||
group = "download";
|
||||
match = [{
|
||||
host = [ config.arrServer ];
|
||||
host = [ config.hostnames.download ];
|
||||
path = [ "/sabnzbd*" ];
|
||||
}];
|
||||
handle = [{
|
||||
@ -99,7 +92,7 @@
|
||||
}
|
||||
{
|
||||
group = "download";
|
||||
match = [{ host = [ config.arrServer ]; }];
|
||||
match = [{ host = [ config.hostnames.download ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:5055"; }];
|
||||
|
@ -7,11 +7,6 @@ let
|
||||
in {
|
||||
|
||||
options = {
|
||||
bookServer = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Hostname for Calibre library";
|
||||
default = null;
|
||||
};
|
||||
backups.calibre = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = "Whether to backup Calibre library";
|
||||
@ -32,7 +27,7 @@ in {
|
||||
};
|
||||
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.bookServer ]; }];
|
||||
match = [{ host = [ config.hostnames.books ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8083"; }];
|
||||
|
@ -4,16 +4,6 @@ let giteaPath = "/var/lib/gitea"; # Default service directory
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
|
||||
gitServer = lib.mkOption {
|
||||
description = "Hostname for git server (Gitea).";
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf config.services.gitea.enable {
|
||||
services.gitea = {
|
||||
database.type = "sqlite3";
|
||||
@ -21,7 +11,7 @@ in {
|
||||
repository = {
|
||||
DEFAULT_PUSH_CREATE_PRIVATE = true;
|
||||
DISABLE_HTTP_GIT = false;
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN = config.gitServer;
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
|
||||
ENABLE_PUSH_CREATE_USER = true;
|
||||
ENABLE_PUSH_CREATE_ORG = true;
|
||||
DEFAULT_BRANCH = "main";
|
||||
@ -29,7 +19,7 @@ in {
|
||||
server = {
|
||||
HTTP_PORT = 3001;
|
||||
HTTP_ADDRESS = "127.0.0.1";
|
||||
ROOT_URL = "https://${config.gitServer}/";
|
||||
ROOT_URL = "https://${config.hostnames.git}/";
|
||||
SSH_PORT = 22;
|
||||
START_SSH_SERVER = false; # Use sshd instead
|
||||
DISABLE_SSH = false;
|
||||
@ -47,7 +37,7 @@ in {
|
||||
users.users.${config.user}.extraGroups = [ "gitea" ];
|
||||
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.gitServer ]; }];
|
||||
match = [{ host = [ config.hostnames.git ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:3001"; }];
|
||||
|
@ -1,22 +1,16 @@
|
||||
{ config, lib, ... }: {
|
||||
|
||||
options.metricsServer = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Hostname of the metrics server.";
|
||||
default = null;
|
||||
};
|
||||
|
||||
config = lib.mkIf config.services.grafana.enable {
|
||||
|
||||
services.grafana.settings.server = {
|
||||
domain = config.metricsServer;
|
||||
domain = config.hostnames.metrics;
|
||||
http_addr = "127.0.0.1";
|
||||
http_port = 3000;
|
||||
protocol = "http";
|
||||
};
|
||||
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.metricsServer ]; }];
|
||||
match = [{ host = [ config.hostnames.metrics ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:3000"; }];
|
||||
|
@ -1,20 +1,12 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
options = {
|
||||
streamServer = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Hostname for Jellyfin library";
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.services.jellyfin.enable {
|
||||
|
||||
services.jellyfin.group = "media";
|
||||
users.users.jellyfin = { isSystemUser = true; };
|
||||
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.streamServer ]; }];
|
||||
match = [{ host = [ config.hostnames.stream ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8096"; }];
|
||||
|
@ -1,15 +1,5 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
options = {
|
||||
|
||||
contentServer = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Hostname for personal content system (Nextcloud)";
|
||||
default = null;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf config.services.nextcloud.enable {
|
||||
|
||||
services.nextcloud = {
|
||||
@ -20,7 +10,7 @@
|
||||
maxUploadSize = "50G";
|
||||
config = {
|
||||
adminpassFile = config.secrets.nextcloud.dest;
|
||||
extraTrustedDomains = [ config.contentServer ];
|
||||
extraTrustedDomains = [ config.hostnames.content ];
|
||||
};
|
||||
};
|
||||
|
||||
@ -32,7 +22,7 @@
|
||||
|
||||
# Point Caddy to Nginx
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.contentServer ]; }];
|
||||
match = [{ host = [ config.hostnames.content ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8080"; }];
|
||||
|
@ -1,11 +1,5 @@
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
options.prometheusServer = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Hostname of the Prometheus server.";
|
||||
default = null;
|
||||
};
|
||||
|
||||
config = let
|
||||
|
||||
# If hosting Grafana, host local Prometheus and listen for inbound jobs. If
|
||||
@ -20,7 +14,8 @@
|
||||
job_name = "local";
|
||||
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
|
||||
}];
|
||||
webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}";
|
||||
webExternalUrl =
|
||||
lib.mkIf isServer "https://${config.hostnames.prometheus}";
|
||||
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
|
||||
webConfigFile = lib.mkIf isServer
|
||||
((pkgs.formats.yaml { }).generate "webconfig.yml" {
|
||||
@ -33,7 +28,7 @@
|
||||
});
|
||||
remoteWrite = lib.mkIf (!isServer) [{
|
||||
name = config.networking.hostName;
|
||||
url = "https://${config.prometheusServer}";
|
||||
url = "https://${config.hostnames.prometheus}";
|
||||
basic_auth = {
|
||||
# Uses password hashed with bcrypt above
|
||||
username = "prometheus";
|
||||
@ -56,7 +51,7 @@
|
||||
};
|
||||
|
||||
caddy.routes = lib.mkIf isServer [{
|
||||
match = [{ host = [ config.prometheusServer ]; }];
|
||||
match = [{ host = [ config.hostnames.prometheus ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:9090"; }];
|
||||
|
@ -42,7 +42,7 @@
|
||||
|
||||
# Create reverse proxy for web UI
|
||||
caddy.routes = lib.mkAfter [{
|
||||
group = if (config.arrServer == config.transmissionServer) then
|
||||
group = if (config.hostnames.download == config.transmissionServer) then
|
||||
"download"
|
||||
else
|
||||
"transmission";
|
||||
|
@ -4,20 +4,10 @@ let vaultwardenPath = "/var/lib/bitwarden_rs"; # Default service directory
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
|
||||
secretsServer = lib.mkOption {
|
||||
description = "Hostname for passwords and secrets (Vaultwarden).";
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = null;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf config.services.vaultwarden.enable {
|
||||
services.vaultwarden = {
|
||||
config = {
|
||||
DOMAIN = "https://${config.secretsServer}";
|
||||
DOMAIN = "https://${config.hostnames.secrets}";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
SIGNUPS_VERIFY = true;
|
||||
INVITATIONS_ALLOWED = true;
|
||||
@ -46,7 +36,7 @@ in {
|
||||
networking.firewall.allowedTCPPorts = [ 3012 ];
|
||||
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.secretsServer ]; }];
|
||||
match = [{ host = [ config.hostnames.secrets ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8222"; }];
|
||||
|
Loading…
Reference in New Issue
Block a user