Split constants into separate lib file
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.chatterbox = {
|
||||
@@ -128,7 +128,7 @@ in
|
||||
"2001:db8::/32"
|
||||
"ff00::/8"
|
||||
"fec0::/10"
|
||||
] ++ (with lib.my.colony.prefixes; [ all.v4 all.v6 ]);
|
||||
] ++ (with lib.my.c.colony.prefixes; [ all.v4 all.v6 ]);
|
||||
url_preview_ip_range_whitelist =
|
||||
with allAssignments.middleman.internal;
|
||||
[ ipv4.address ipv6.address ];
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.colony-psql = {
|
||||
@@ -66,7 +66,7 @@ in
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
|
||||
authentication = with lib.my.colony.prefixes; ''
|
||||
authentication = with lib.my.c.colony.prefixes; ''
|
||||
local all postgres peer map=local
|
||||
|
||||
host all all ${all.v4} md5
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.jackflix = {
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
let
|
||||
inherit (lib) mkMerge mkIf;
|
||||
inherit (lib.my) networkdAssignment;
|
||||
inherit (lib.my.c.colony) prefixes;
|
||||
|
||||
wg = {
|
||||
keyFile = "jackflix/airvpn-privkey";
|
||||
@@ -102,23 +103,23 @@ in
|
||||
}
|
||||
|
||||
{
|
||||
From = lib.my.colony.prefixes.all.v4;
|
||||
From = prefixes.all.v4;
|
||||
Table = "main";
|
||||
Priority = 100;
|
||||
}
|
||||
{
|
||||
To = lib.my.colony.prefixes.all.v4;
|
||||
To = prefixes.all.v4;
|
||||
Table = "main";
|
||||
Priority = 100;
|
||||
}
|
||||
|
||||
{
|
||||
From = lib.my.colony.prefixes.all.v6;
|
||||
From = prefixes.all.v6;
|
||||
Table = "main";
|
||||
Priority = 100;
|
||||
}
|
||||
{
|
||||
To = lib.my.colony.prefixes.all.v6;
|
||||
To = prefixes.all.v6;
|
||||
Table = "main";
|
||||
Priority = 100;
|
||||
}
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c) pubDomain;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.middleman = {
|
||||
@@ -79,8 +80,8 @@ in
|
||||
port = 8082;
|
||||
};
|
||||
login = {
|
||||
title = "${lib.my.pubDomain} login";
|
||||
default_redirect = "https://${lib.my.pubDomain}";
|
||||
title = "${pubDomain} login";
|
||||
default_redirect = "https://${pubDomain}";
|
||||
default_method = "google_oauth";
|
||||
names = {
|
||||
google_oauth = "Google account";
|
||||
@@ -88,7 +89,7 @@ in
|
||||
};
|
||||
};
|
||||
cookie = {
|
||||
domain = ".${lib.my.pubDomain}";
|
||||
domain = ".${pubDomain}";
|
||||
secure = true;
|
||||
};
|
||||
audit_log = {
|
||||
@@ -109,14 +110,14 @@ in
|
||||
};
|
||||
google_oauth = {
|
||||
client_id = "545475967061-cag4g1qf0pk33g3pdbom4v69562vboc8.apps.googleusercontent.com";
|
||||
redirect_url = "https://sso.${lib.my.pubDomain}/login";
|
||||
redirect_url = "https://sso.${pubDomain}/login";
|
||||
user_id_method = "user-id";
|
||||
};
|
||||
};
|
||||
};
|
||||
includes = {
|
||||
endpoint = "http://localhost:8082";
|
||||
baseURL = "https://sso.${lib.my.pubDomain}";
|
||||
baseURL = "https://sso.${pubDomain}";
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -173,10 +174,10 @@ in
|
||||
EXEC_PATH=${script}
|
||||
'';
|
||||
};
|
||||
"${lib.my.pubDomain}" = {
|
||||
"${pubDomain}" = {
|
||||
extraDomainNames = [
|
||||
"*.${lib.my.pubDomain}"
|
||||
"*.s3.${lib.my.pubDomain}"
|
||||
"*.${pubDomain}"
|
||||
"*.s3.${pubDomain}"
|
||||
];
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
|
||||
@@ -194,7 +195,7 @@ in
|
||||
};
|
||||
|
||||
programs = {
|
||||
ssh.knownHostsFiles = [ lib.my.sshHostKeys.mail-vm ];
|
||||
ssh.knownHostsFiles = [ lib.my.c.sshHostKeys.mail-vm ];
|
||||
};
|
||||
|
||||
services = {
|
||||
@@ -265,7 +266,7 @@ in
|
||||
proxy_send_timeout 60s;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
${lib.my.nginx.proxyHeaders}
|
||||
${lib.my.c.nginx.proxyHeaders}
|
||||
|
||||
# caching
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=4g;
|
||||
|
||||
@@ -2,6 +2,8 @@
|
||||
let
|
||||
inherit (builtins) mapAttrs toJSON;
|
||||
inherit (lib) mkMerge mkDefault genAttrs flatten concatStringsSep;
|
||||
inherit (lib.my.c) pubDomain;
|
||||
inherit (lib.my.c.nginx) proxyHeaders;
|
||||
|
||||
dualStackListen' = l: map (addr: l // { inherit addr; }) [ "0.0.0.0" "[::]" ];
|
||||
dualStackListen = ll: flatten (map dualStackListen' ll);
|
||||
@@ -80,7 +82,7 @@ in
|
||||
}
|
||||
wellKnown
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
"localhost" = {
|
||||
forceSSL = false;
|
||||
@@ -98,12 +100,12 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
"sso.${lib.my.pubDomain}" = {
|
||||
"sso.${pubDomain}" = {
|
||||
locations."/".proxyPass = config.my.nginx-sso.includes.endpoint;
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"netdata-colony.${lib.my.pubDomain}" =
|
||||
"netdata-colony.${pubDomain}" =
|
||||
let
|
||||
hosts = [
|
||||
"vm"
|
||||
@@ -119,10 +121,10 @@ in
|
||||
"~ /(?<behost>${matchHosts})$".return = "301 https://$host/$behost/";
|
||||
"~ /(?<behost>${matchHosts})/(?<ndpath>.*)" = mkMerge [
|
||||
{
|
||||
proxyPass = "http://$behost.${config.networking.domain}:19999/$ndpath$is_args$args";
|
||||
proxyPass = "http://$behost.${config.networking.pubDomain}:19999/$ndpath$is_args$args";
|
||||
extraConfig = ''
|
||||
proxy_pass_request_headers on;
|
||||
${lib.my.nginx.proxyHeaders}
|
||||
${proxyHeaders}
|
||||
proxy_set_header Connection "keep-alive";
|
||||
proxy_store off;
|
||||
|
||||
@@ -134,14 +136,14 @@ in
|
||||
(ssoLoc "generic")
|
||||
];
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
}
|
||||
(ssoServer "generic")
|
||||
];
|
||||
|
||||
"pass.${lib.my.pubDomain}" =
|
||||
"pass.${pubDomain}" =
|
||||
let
|
||||
upstream = "http://vaultwarden-ctr.${config.networking.domain}";
|
||||
upstream = "http://vaultwarden-ctr.${config.networking.pubDomain}";
|
||||
in
|
||||
{
|
||||
locations = {
|
||||
@@ -149,11 +151,11 @@ in
|
||||
"/notifications/hub" = {
|
||||
proxyPass = upstream;
|
||||
proxyWebsockets = true;
|
||||
extraConfig = lib.my.nginx.proxyHeaders;
|
||||
extraConfig = proxyHeaders;
|
||||
};
|
||||
"/notifications/hub/negotiate".proxyPass = upstream;
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"matrix.nul.ie" = {
|
||||
@@ -171,15 +173,15 @@ in
|
||||
];
|
||||
locations = mkMerge [
|
||||
{
|
||||
"/".proxyPass = "http://chatterbox-ctr.${config.networking.domain}:8008";
|
||||
"= /".return = "301 https://element.${lib.my.pubDomain}";
|
||||
"/".proxyPass = "http://chatterbox-ctr.${config.networking.pubDomain}:8008";
|
||||
"= /".return = "301 https://element.${pubDomain}";
|
||||
}
|
||||
wellKnown
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"element.${lib.my.pubDomain}" =
|
||||
"element.${pubDomain}" =
|
||||
let
|
||||
headers = ''
|
||||
# TODO: why are these here?
|
||||
@@ -224,66 +226,66 @@ in
|
||||
'';
|
||||
}))
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"torrents.${lib.my.pubDomain}" = mkMerge [
|
||||
"torrents.${pubDomain}" = mkMerge [
|
||||
{
|
||||
locations."/" = mkMerge [
|
||||
{
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.domain}:9091";
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.pubDomain}:9091";
|
||||
}
|
||||
(ssoLoc "generic")
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
}
|
||||
(ssoServer "generic")
|
||||
];
|
||||
|
||||
"jackett.${lib.my.pubDomain}" = mkMerge [
|
||||
"jackett.${pubDomain}" = mkMerge [
|
||||
{
|
||||
locations."/" = mkMerge [
|
||||
{
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.domain}:9117";
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.pubDomain}:9117";
|
||||
}
|
||||
(ssoLoc "generic")
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
}
|
||||
(ssoServer "generic")
|
||||
];
|
||||
"radarr.${lib.my.pubDomain}" = mkMerge [
|
||||
"radarr.${pubDomain}" = mkMerge [
|
||||
{
|
||||
locations."/" = mkMerge [
|
||||
{
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.domain}:7878";
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.pubDomain}:7878";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = lib.my.nginx.proxyHeaders;
|
||||
extraConfig = proxyHeaders;
|
||||
}
|
||||
(ssoLoc "generic")
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
}
|
||||
(ssoServer "generic")
|
||||
];
|
||||
"sonarr.${lib.my.pubDomain}" = mkMerge [
|
||||
"sonarr.${pubDomain}" = mkMerge [
|
||||
{
|
||||
locations."/" = mkMerge [
|
||||
{
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.domain}:8989";
|
||||
proxyPass = "http://jackflix-ctr.${config.networking.pubDomain}:8989";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = lib.my.nginx.proxyHeaders;
|
||||
extraConfig = proxyHeaders;
|
||||
}
|
||||
(ssoLoc "generic")
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
}
|
||||
(ssoServer "generic")
|
||||
];
|
||||
|
||||
"jackflix.${lib.my.pubDomain}" =
|
||||
"jackflix.${pubDomain}" =
|
||||
let
|
||||
upstream = "http://jackflix-ctr.${config.networking.domain}:8096";
|
||||
upstream = "http://jackflix-ctr.${config.networking.pubDomain}:8096";
|
||||
in
|
||||
{
|
||||
extraConfig = ''
|
||||
@@ -300,10 +302,10 @@ in
|
||||
"/socket" = {
|
||||
proxyPass = upstream;
|
||||
proxyWebsockets = true;
|
||||
extraConfig = lib.my.nginx.proxyHeaders;
|
||||
extraConfig = proxyHeaders;
|
||||
};
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"toot.nul.ie" =
|
||||
@@ -312,7 +314,7 @@ in
|
||||
tryFiles = "$uri =404";
|
||||
extraConfig = ''
|
||||
add_header Cache-Control "public, max-age=2419200, must-revalidate";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubpubDomains";
|
||||
'';
|
||||
};
|
||||
in
|
||||
@@ -333,20 +335,20 @@ in
|
||||
"/".tryFiles = "$uri @proxy";
|
||||
|
||||
"^~ /api/v1/streaming" = {
|
||||
proxyPass = "http://toot-ctr.${config.networking.domain}:55000";
|
||||
proxyPass = "http://toot-ctr.${config.networking.pubDomain}:55000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${lib.my.nginx.proxyHeaders}
|
||||
${proxyHeaders}
|
||||
proxy_set_header Proxy "";
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubpubDomains";
|
||||
'';
|
||||
};
|
||||
"@proxy" = {
|
||||
proxyPass = "http://toot-ctr.${config.networking.domain}:55001";
|
||||
proxyPass = "http://toot-ctr.${config.networking.pubDomain}:55001";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
${lib.my.nginx.proxyHeaders}
|
||||
${proxyHeaders}
|
||||
proxy_set_header Proxy "";
|
||||
proxy_pass_header Server;
|
||||
|
||||
@@ -359,19 +361,19 @@ in
|
||||
};
|
||||
}
|
||||
];
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"share.${lib.my.pubDomain}" = {
|
||||
"share.${pubDomain}" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://object-ctr.${config.networking.domain}:9090";
|
||||
proxyPass = "http://object-ctr.${config.networking.pubDomain}:9090";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = lib.my.nginx.proxyHeaders;
|
||||
extraConfig = proxyHeaders;
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"stuff.${lib.my.pubDomain}" = {
|
||||
"stuff.${pubDomain}" = {
|
||||
locations."/" = {
|
||||
basicAuthFile = config.age.secrets."middleman/htpasswd".path;
|
||||
root = "/mnt/media/stuff";
|
||||
@@ -380,13 +382,13 @@ in
|
||||
fancyindex_show_dotfiles on;
|
||||
'';
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
};
|
||||
|
||||
minio =
|
||||
let
|
||||
host = "object-ctr.${config.networking.domain}";
|
||||
host = "object-ctr.${config.networking.pubDomain}";
|
||||
s3Upstream = "http://${host}:9000";
|
||||
extraConfig = ''
|
||||
chunked_transfer_encoding off;
|
||||
@@ -401,7 +403,7 @@ in
|
||||
'';
|
||||
in
|
||||
{
|
||||
"minio.${lib.my.pubDomain}" = {
|
||||
"minio.${pubDomain}" = {
|
||||
inherit extraConfig;
|
||||
locations = {
|
||||
"/" = {
|
||||
@@ -410,19 +412,19 @@ in
|
||||
"/ws" = {
|
||||
proxyPass = "http://${host}:9001";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = lib.my.nginx.proxyHeaders;
|
||||
extraConfig = proxyHeaders;
|
||||
};
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
"s3.${lib.my.pubDomain}" = {
|
||||
serverAliases = [ "*.s3.${lib.my.pubDomain}" ];
|
||||
"s3.${pubDomain}" = {
|
||||
serverAliases = [ "*.s3.${pubDomain}" ];
|
||||
inherit extraConfig;
|
||||
locations."/".proxyPass = s3Upstream;
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
};
|
||||
|
||||
"nix-cache.${lib.my.pubDomain}" = {
|
||||
"nix-cache.${pubDomain}" = {
|
||||
extraConfig = ''
|
||||
${extraConfig}
|
||||
proxy_set_header Host "nix-cache.s3.nul.ie";
|
||||
@@ -434,14 +436,14 @@ in
|
||||
extraConfig = nixCacheHeaders;
|
||||
};
|
||||
};
|
||||
useACMEHost = lib.my.pubDomain;
|
||||
useACMEHost = pubDomain;
|
||||
onlySSL = false;
|
||||
};
|
||||
};
|
||||
|
||||
defaultsFor = mapAttrs (n: _: {
|
||||
onlySSL = mkDefault true;
|
||||
useACMEHost = mkDefault "${config.networking.domain}";
|
||||
useACMEHost = mkDefault "${config.networking.pubDomain}";
|
||||
kTLS = mkDefault true;
|
||||
http2 = mkDefault true;
|
||||
});
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.object = {
|
||||
@@ -92,7 +92,7 @@ in
|
||||
configOverridesFile = config.age.secrets."object/sharry.conf".path;
|
||||
|
||||
config = {
|
||||
base-url = "https://share.${lib.my.pubDomain}";
|
||||
base-url = "https://share.${lib.my.c.pubDomain}";
|
||||
bind.address = "::";
|
||||
alias-member-enabled = true;
|
||||
webapp = {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.toot = {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib.my) net;
|
||||
inherit (lib.my.colony) domain prefixes;
|
||||
inherit (lib.my.c.colony) domain prefixes;
|
||||
in
|
||||
{
|
||||
nixos.systems.vaultwarden = {
|
||||
@@ -62,7 +62,7 @@ in
|
||||
};
|
||||
|
||||
programs.ssh.knownHostsFiles = [
|
||||
lib.my.sshKeyFiles.rsyncNet
|
||||
lib.my.c.sshKeyFiles.rsyncNet
|
||||
];
|
||||
|
||||
services = {
|
||||
@@ -79,7 +79,7 @@ in
|
||||
|
||||
SIGNUPS_ALLOWED = false;
|
||||
|
||||
DOMAIN = "https://pass.${lib.my.pubDomain}";
|
||||
DOMAIN = "https://pass.${lib.my.c.pubDomain}";
|
||||
|
||||
ROCKET_ADDRESS = "::";
|
||||
ROCKET_PORT = 80;
|
||||
|
||||
Reference in New Issue
Block a user