dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Split constants into separate lib file

Browse Source
This commit is contained in:
Jack O'Sullivan
2023-11-02 13:41:50 +00:00
parent 0659809c22
commit 2dbc8b398b
30 changed files with 269 additions and 261 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/boxes/kelder/containers/acquisition/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.kelder) domain prefixes;
inherit (lib.my.c.kelder) domain prefixes;
in
{
nixos.systems.kelder-acquisition = {
@@ -44,7 +44,7 @@ in
};
users = {
groups.media.gid = lib.my.kelder.groups.media;
groups.media.gid = lib.my.c.kelder.groups.media;
users = {
"${config.my.user.config.name}".extraGroups = [ "media" ];

4
nixos/boxes/kelder/containers/acquisition/networking.nix
View File

@@ -104,12 +104,12 @@ in
}
{
From = lib.my.kelder.prefixes.all.v4;
From = lib.my.c.kelder.prefixes.all.v4;
Table = "main";
Priority = 100;
}
{
To = lib.my.kelder.prefixes.all.v4;
To = lib.my.c.kelder.prefixes.all.v4;
Table = "main";
Priority = 100;
}

12
nixos/boxes/kelder/containers/spoder/default.nix
View File

@@ -2,7 +2,7 @@
let
inherit (lib) mkForce mkMerge;
inherit (lib.my) net;
inherit (lib.my.kelder) domain prefixes;
inherit (lib.my.c.kelder) domain prefixes;
in
{
nixos.systems.kelder-spoder = {
@@ -54,9 +54,9 @@ in
dnsResolver = "8.8.8.8";
};
certs = {
"${lib.my.kelder.domain}" = {
"${domain}" = {
extraDomainNames = [
"*.${lib.my.kelder.domain}"
"*.${domain}"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."kelder/cloudflare-credentials.conf".path;
@@ -65,7 +65,7 @@ in
};
users = {
groups.storage.gid = lib.my.kelder.groups.storage;
groups.storage.gid = lib.my.c.kelder.groups.storage;
users = {
nginx.extraGroups = [ "acme" ];
@@ -93,11 +93,11 @@ in
enable = true;
package = pkgs.nextcloud27;
datadir = "/mnt/storage/nextcloud";
hostName = "cloud.${lib.my.kelder.domain}";
hostName = "cloud.${domain}";
https = true;
enableBrokenCiphersForSSE = false;
config = {
extraTrustedDomains = [ "cloud-local.${lib.my.kelder.domain}" ];
extraTrustedDomains = [ "cloud-local.${domain}" ];
adminpassFile = config.age.secrets."kelder/nextcloud-root.txt".path;
defaultPhoneRegion = "IE";
};

52
nixos/boxes/kelder/containers/spoder/nginx.nix
View File

@@ -2,6 +2,8 @@
let
inherit (builtins) mapAttrs;
inherit (lib) mkMerge mkIf mkDefault;
inherit (lib.my.c.nginx) proxyHeaders;
inherit (lib.my.c.kelder) domain;
in
{
config = {
@@ -73,7 +75,7 @@ in
proxy_send_timeout 60s;
proxy_http_version 1.1;
${lib.my.nginx.proxyHeaders}
${proxyHeaders}
# caching
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=4g;
@@ -135,15 +137,15 @@ in
};
};
"monitor.${lib.my.kelder.domain}" = withAuth {
serverAliases = [ "monitor-local.${lib.my.kelder.domain}" ];
extraConfig = localRedirect "monitor-local.${lib.my.kelder.domain}";
"monitor.${domain}" = withAuth {
serverAliases = [ "monitor-local.${domain}" ];
extraConfig = localRedirect "monitor-local.${domain}";
locations = {
"/" = {
proxyPass = "http://${allAssignments.kelder.ctrs.ipv4.address}:19999";
extraConfig = ''
proxy_pass_request_headers on;
${lib.my.nginx.proxyHeaders}
${proxyHeaders}
proxy_set_header Connection "keep-alive";
proxy_store off;
@@ -155,8 +157,8 @@ in
};
};
"kontent.${lib.my.kelder.domain}" = {
serverAliases = [ "kontent-local.${lib.my.kelder.domain}" ];
"kontent.${domain}" = {
serverAliases = [ "kontent-local.${domain}" ];
locations = {
"/".proxyPass = "${acquisition}:8096";
"= /".return = "302 $scheme://$host/web/";
@@ -164,47 +166,47 @@ in
"/socket" = {
proxyPass = "${acquisition}:8096/socket";
proxyWebsockets = true;
extraConfig = lib.my.nginx.proxyHeaders;
extraConfig = proxyHeaders;
};
};
};
"torrents.${lib.my.kelder.domain}" = withAuth {
serverAliases = [ "torrents-local.${lib.my.kelder.domain}" ];
extraConfig = localRedirect "torrents-local.${lib.my.kelder.domain}";
"torrents.${domain}" = withAuth {
serverAliases = [ "torrents-local.${domain}" ];
extraConfig = localRedirect "torrents-local.${domain}";
locations."/".proxyPass = "${acquisition}:9091";
};
"jackett.${lib.my.kelder.domain}" = withAuth {
serverAliases = [ "jackett-local.${lib.my.kelder.domain}" ];
extraConfig = localRedirect "jackett-local.${lib.my.kelder.domain}";
"jackett.${domain}" = withAuth {
serverAliases = [ "jackett-local.${domain}" ];
extraConfig = localRedirect "jackett-local.${domain}";
locations."/".proxyPass = "${acquisition}:9117";
};
"radarr.${lib.my.kelder.domain}" = withAuth {
serverAliases = [ "radarr-local.${lib.my.kelder.domain}" ];
extraConfig = localRedirect "radarr-local.${lib.my.kelder.domain}";
"radarr.${domain}" = withAuth {
serverAliases = [ "radarr-local.${domain}" ];
extraConfig = localRedirect "radarr-local.${domain}";
locations."/" = {
proxyPass = "${acquisition}:7878";
proxyWebsockets = true;
extraConfig = lib.my.nginx.proxyHeaders;
extraConfig = proxyHeaders;
};
};
"sonarr.${lib.my.kelder.domain}" = withAuth {
serverAliases = [ "sonarr-local.${lib.my.kelder.domain}" ];
extraConfig = localRedirect "sonarr-local.${lib.my.kelder.domain}";
"sonarr.${domain}" = withAuth {
serverAliases = [ "sonarr-local.${domain}" ];
extraConfig = localRedirect "sonarr-local.${domain}";
locations."/" = {
proxyPass = "${acquisition}:8989";
proxyWebsockets = true;
extraConfig = lib.my.nginx.proxyHeaders;
extraConfig = proxyHeaders;
};
};
"cloud.${lib.my.kelder.domain}" = {
serverAliases = [ "cloud-local.${lib.my.kelder.domain}" ];
"cloud.${domain}" = {
serverAliases = [ "cloud-local.${domain}" ];
};
};
defaultsFor = mapAttrs (n: _: {
onlySSL = mkDefault true;
useACMEHost = mkDefault lib.my.kelder.domain;
useACMEHost = mkDefault domain;
kTLS = mkDefault true;
http2 = mkDefault true;
});

15
nixos/boxes/kelder/default.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.kelder) domain prefixes;
inherit (lib.my.c.kelder) domain prefixes;
in
{
imports = [ ./containers ];
@@ -14,7 +14,7 @@ in
assignments = {
estuary = {
ipv4 ={
address = net.cidr.host 0 lib.my.colony.prefixes.vip2;
address = net.cidr.host 0 lib.my.c.colony.prefixes.vip2;
mask = 32;
gateway = null;
};
@@ -85,7 +85,7 @@ in
};
users = {
groups = with lib.my.kelder.groups; {
groups = with lib.my.c.kelder.groups; {
storage.gid = storage;
media.gid = media;
};
@@ -150,7 +150,7 @@ in
};
networking = {
domain = lib.my.kelder.domain;
inherit domain;
};
system.nixos.distroName = "KelderOS";
@@ -180,7 +180,7 @@ in
{
wireguardPeerConfig = {
PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU=";
Endpoint = "estuary-vm.${lib.my.colony.domain}:${toString lib.my.kelder.vpn.port}";
Endpoint = "estuary-vm.${lib.my.c.colony.domain}:${toString lib.my.c.kelder.vpn.port}";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
@@ -270,7 +270,6 @@ in
config.name = "kontent";
};
#deploy.generate.system.mode = "boot";
#deploy.node.hostname = "10.16.9.21";
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFvUdJshXkqmchEgkZDn5rgtZ1NO9vbd6Px+S6YioWi";
@@ -311,7 +310,7 @@ in
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr ${assignments.estuary.ipv4.address} ct state new ct mark set ${toString dnatMark}
ip saddr ${lib.my.kelder.prefixes.all.v4} ct mark != 0 meta mark set ct mark
ip saddr ${lib.my.c.kelder.prefixes.all.v4} ct mark != 0 meta mark set ct mark
}
chain output {
type filter hook output priority mangle; policy accept;
@@ -320,7 +319,7 @@ in
}
table inet nat {
chain postrouting {
ip saddr ${lib.my.kelder.prefixes.all.v4} oifname et1g0 masquerade
ip saddr ${lib.my.c.kelder.prefixes.all.v4} oifname et1g0 masquerade
}
}
'';