orginase services
This commit is contained in:
parent
7caa83908d
commit
e5f9966329
7 changed files with 80 additions and 34 deletions
|
|
@ -56,11 +56,6 @@
|
|||
|
||||
alpine = mkConf [
|
||||
./hardware/alpine.nix
|
||||
./nixos/services/anki.nix
|
||||
./nixos/services/forgejo.nix
|
||||
./nixos/services/vaultwarden.nix
|
||||
./nixos/services/jellyfin.nix
|
||||
./nixos/services/mpd.nix
|
||||
] [];
|
||||
|
||||
vm-sway =
|
||||
|
|
|
|||
|
|
@ -9,6 +9,13 @@
|
|||
in {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
../nixos/services/anki.nix
|
||||
../nixos/services/forgejo.nix
|
||||
../nixos/services/vaultwarden.nix
|
||||
../nixos/services/jellyfin.nix
|
||||
../nixos/services/mpd.nix
|
||||
../nixos/services/prometheus.nix
|
||||
../nixos/services/grafana.nix
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
|
||||
|
|
@ -126,26 +133,22 @@ in {
|
|||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"*.tristans.cloud" = {
|
||||
globalRedirect = "tristans.cloud";
|
||||
};
|
||||
"tristans.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/srv/www/tristans.cloud";
|
||||
};
|
||||
"*.thebeanbakery.xyz" = {
|
||||
globalRedirect = "thebeanbakery.xyz";
|
||||
};
|
||||
"thebeanbakery.xyz" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
root = "/srv/www/thebeanbakery.xyz";
|
||||
};
|
||||
"git.tristans.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."~".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
|
||||
};
|
||||
"vault.tristans.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."~".proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||
};
|
||||
"auth.tristans.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
|
@ -159,23 +162,6 @@ in {
|
|||
'';
|
||||
};
|
||||
};
|
||||
"movies.tristans.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8096";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme = {
|
||||
|
|
@ -197,4 +183,11 @@ in {
|
|||
musicDirectory = "/mnt/storage/media/Music";
|
||||
};
|
||||
|
||||
services.grafana.settings.server = {
|
||||
domain = "monitor.tristans.cloud";
|
||||
http_port = 3001; # forgejo and grafana default to 3000
|
||||
};
|
||||
|
||||
services.forgejo.settings.server.DOMAIN = "git.tristans.cloud";
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
{config, ...}:
|
||||
let
|
||||
cfg = config.services.forgejo;
|
||||
in
|
||||
{
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
|
@ -5,8 +9,7 @@
|
|||
lfs.enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "git.tristans.cloud";
|
||||
ROOT_URL = "https://git.tristans.cloud";
|
||||
ROOT_URL = "https://${cfg.settings.server.DOMAIN}";
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
|
|
@ -16,4 +19,9 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts.${cfg.settings.server.DOMAIN} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."~".proxyPass = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
18
nixos/services/grafana.nix
Normal file
18
nixos/services/grafana.nix
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
{config, ...}:
|
||||
let
|
||||
cfg = config.services.grafana;
|
||||
in
|
||||
{
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx.virtualHosts = {
|
||||
${cfg.settings.server.domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString cfg.settings.server.http_port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -2,4 +2,21 @@
|
|||
services.jellyfin = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx.virtualHosts."movies.tristans.cloud" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8096";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
5
nixos/services/prometheus.nix
Normal file
5
nixos/services/prometheus.nix
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,5 +1,15 @@
|
|||
{config, ...}:
|
||||
let
|
||||
cfg = config.services.vaultwarden;
|
||||
domain = "vault.tristans.cloud";
|
||||
in
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."~".proxyPass = "http://localhost:${toString cfg.config.ROCKET_PORT}";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue