tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

orginase services

Browse source
This commit is contained in:
Tristan 2024-02-17 15:50:18 +00:00
parent 7caa83908d
commit e5f9966329
7 changed files with 80 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -56,11 +56,6 @@
alpine = mkConf [ alpine = mkConf [
./hardware/alpine.nix ./hardware/alpine.nix
./nixos/services/anki.nix
./nixos/services/forgejo.nix
./nixos/services/vaultwarden.nix
./nixos/services/jellyfin.nix
./nixos/services/mpd.nix
] []; ] [];
vm-sway = vm-sway =

47
hardware/alpine.nix
View file

@ -9,6 +9,13 @@
in { in {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../nixos/services/anki.nix
../nixos/services/forgejo.nix
../nixos/services/vaultwarden.nix
../nixos/services/jellyfin.nix
../nixos/services/mpd.nix
../nixos/services/prometheus.nix
../nixos/services/grafana.nix
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
@ -126,26 +133,22 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"*.tristans.cloud" = {
globalRedirect = "tristans.cloud";
};
"tristans.cloud" = { "tristans.cloud" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/srv/www/tristans.cloud"; root = "/srv/www/tristans.cloud";
}; };
"*.thebeanbakery.xyz" = {
globalRedirect = "thebeanbakery.xyz";
};
"thebeanbakery.xyz" = { "thebeanbakery.xyz" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/srv/www/thebeanbakery.xyz"; root = "/srv/www/thebeanbakery.xyz";
}; };
"git.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
"vault.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
"auth.tristans.cloud" = { "auth.tristans.cloud" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -159,23 +162,6 @@ in {
''; '';
}; };
}; };
"movies.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
'';
};
};
}; };
}; };
security.acme = { security.acme = {
@ -197,4 +183,11 @@ in {
musicDirectory = "/mnt/storage/media/Music"; musicDirectory = "/mnt/storage/media/Music";
}; };
services.grafana.settings.server = {
domain = "monitor.tristans.cloud";
http_port = 3001; # forgejo and grafana default to 3000
};
services.forgejo.settings.server.DOMAIN = "git.tristans.cloud";
} }

12
nixos/services/forgejo.nix
View file

@ -1,3 +1,7 @@
{config, ...}:
let
cfg = config.services.forgejo;
in
{ {
services.forgejo = { services.forgejo = {
enable = true; enable = true;
@ -5,8 +9,7 @@
lfs.enable = true; lfs.enable = true;
settings = { settings = {
server = { server = {
DOMAIN = "git.tristans.cloud"; ROOT_URL = "https://${cfg.settings.server.DOMAIN}";
ROOT_URL = "https://git.tristans.cloud";
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
@ -16,4 +19,9 @@
}; };
}; };
}; };
services.nginx.virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
};
} }

18
nixos/services/grafana.nix Normal file
View file

@ -0,0 +1,18 @@
{config, ...}:
let
cfg = config.services.grafana;
in
{
services.grafana = {
enable = true;
};
services.nginx.virtualHosts = {
${cfg.settings.server.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString cfg.settings.server.http_port}";
};
};
};
}

17
nixos/services/jellyfin.nix
View file

@ -2,4 +2,21 @@
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
}; };
services.nginx.virtualHosts."movies.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
'';
};
};
} }

5
nixos/services/prometheus.nix Normal file
View file

@ -0,0 +1,5 @@
{
services.prometheus = {
enable = true;
};
}

10
nixos/services/vaultwarden.nix
View file

@ -1,5 +1,15 @@
{config, ...}:
let
cfg = config.services.vaultwarden;
domain = "vault.tristans.cloud";
in
{ {
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
}; };
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString cfg.config.ROCKET_PORT}";
};
} }