From e5f9966329ff1c440e9873ba7a5f94bcf5046b8e Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 17 Feb 2024 15:50:18 +0000 Subject: [PATCH] orginase services --- flake.nix | 5 ---- hardware/alpine.nix | 47 +++++++++++++++------------------- nixos/services/forgejo.nix | 12 +++++++-- nixos/services/grafana.nix | 18 +++++++++++++ nixos/services/jellyfin.nix | 17 ++++++++++++ nixos/services/prometheus.nix | 5 ++++ nixos/services/vaultwarden.nix | 10 ++++++++ 7 files changed, 80 insertions(+), 34 deletions(-) create mode 100644 nixos/services/grafana.nix create mode 100644 nixos/services/prometheus.nix diff --git a/flake.nix b/flake.nix index 010bfbe..55c78d3 100644 --- a/flake.nix +++ b/flake.nix @@ -56,11 +56,6 @@ alpine = mkConf [ ./hardware/alpine.nix - ./nixos/services/anki.nix - ./nixos/services/forgejo.nix - ./nixos/services/vaultwarden.nix - ./nixos/services/jellyfin.nix - ./nixos/services/mpd.nix ] []; vm-sway = diff --git a/hardware/alpine.nix b/hardware/alpine.nix index a16bb3f..4d4df9c 100644 --- a/hardware/alpine.nix +++ b/hardware/alpine.nix @@ -9,6 +9,13 @@ in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") + ../nixos/services/anki.nix + ../nixos/services/forgejo.nix + ../nixos/services/vaultwarden.nix + ../nixos/services/jellyfin.nix + ../nixos/services/mpd.nix + ../nixos/services/prometheus.nix + ../nixos/services/grafana.nix ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"]; @@ -126,26 +133,22 @@ in { services.nginx = { enable = true; virtualHosts = { + "*.tristans.cloud" = { + globalRedirect = "tristans.cloud"; + }; "tristans.cloud" = { forceSSL = true; enableACME = true; root = "/srv/www/tristans.cloud"; }; + "*.thebeanbakery.xyz" = { + globalRedirect = "thebeanbakery.xyz"; + }; "thebeanbakery.xyz" = { forceSSL = true; enableACME = true; root = "/srv/www/thebeanbakery.xyz"; }; - "git.tristans.cloud" = { - forceSSL = true; - enableACME = true; - locations."~".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; - }; - "vault.tristans.cloud" = { - forceSSL = true; - enableACME = true; - locations."~".proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}"; - }; "auth.tristans.cloud" = { forceSSL = true; enableACME = true; @@ -159,23 +162,6 @@ in { ''; }; }; - "movies.tristans.cloud" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:8096"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - proxy_buffering off; - ''; - }; - }; }; }; security.acme = { @@ -197,4 +183,11 @@ in { musicDirectory = "/mnt/storage/media/Music"; }; + services.grafana.settings.server = { + domain = "monitor.tristans.cloud"; + http_port = 3001; # forgejo and grafana default to 3000 + }; + + services.forgejo.settings.server.DOMAIN = "git.tristans.cloud"; + } diff --git a/nixos/services/forgejo.nix b/nixos/services/forgejo.nix index 1c6df62..2b21a82 100644 --- a/nixos/services/forgejo.nix +++ b/nixos/services/forgejo.nix @@ -1,3 +1,7 @@ +{config, ...}: +let + cfg = config.services.forgejo; +in { services.forgejo = { enable = true; @@ -5,8 +9,7 @@ lfs.enable = true; settings = { server = { - DOMAIN = "git.tristans.cloud"; - ROOT_URL = "https://git.tristans.cloud"; + ROOT_URL = "https://${cfg.settings.server.DOMAIN}"; }; service = { DISABLE_REGISTRATION = true; @@ -16,4 +19,9 @@ }; }; }; + services.nginx.virtualHosts.${cfg.settings.server.DOMAIN} = { + forceSSL = true; + enableACME = true; + locations."~".proxyPass = "http://localhost:${toString cfg.settings.server.HTTP_PORT}"; + }; } diff --git a/nixos/services/grafana.nix b/nixos/services/grafana.nix new file mode 100644 index 0000000..1ffc7d2 --- /dev/null +++ b/nixos/services/grafana.nix @@ -0,0 +1,18 @@ +{config, ...}: +let + cfg = config.services.grafana; +in +{ + services.grafana = { + enable = true; + }; + services.nginx.virtualHosts = { + ${cfg.settings.server.domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString cfg.settings.server.http_port}"; + }; + }; + }; +} diff --git a/nixos/services/jellyfin.nix b/nixos/services/jellyfin.nix index a3273d3..9632115 100644 --- a/nixos/services/jellyfin.nix +++ b/nixos/services/jellyfin.nix @@ -2,4 +2,21 @@ services.jellyfin = { enable = true; }; + services.nginx.virtualHosts."movies.tristans.cloud" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_buffering off; + ''; + }; + }; } diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix new file mode 100644 index 0000000..c7a1feb --- /dev/null +++ b/nixos/services/prometheus.nix @@ -0,0 +1,5 @@ +{ + services.prometheus = { + enable = true; + }; +} diff --git a/nixos/services/vaultwarden.nix b/nixos/services/vaultwarden.nix index ac32b7b..2a37e21 100644 --- a/nixos/services/vaultwarden.nix +++ b/nixos/services/vaultwarden.nix @@ -1,5 +1,15 @@ +{config, ...}: +let + cfg = config.services.vaultwarden; + domain = "vault.tristans.cloud"; +in { services.vaultwarden = { enable = true; }; + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."~".proxyPass = "http://localhost:${toString cfg.config.ROCKET_PORT}"; + }; }