privatevoid.net/depot
1
1
Fork 0
Code Issues 25 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

VEGAS: use port-magic where applicable

Browse source
This commit is contained in:
Max Headroom 2021-11-29 01:38:59 +01:00
parent 09386c252d
commit 61480c42f8
6 changed files with 28 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/VEGAS/services/bitwarden/default.nix
View file

@ -1,15 +1,17 @@
{ config, lib, tools, ... }:
with tools.nginx;
{
reservePortsFor = [ "bitwarden" ];
services.nginx.virtualHosts = mappers.mapSubdomains {
keychain = vhosts.proxy "http://127.0.0.1:${builtins.toString config.services.bitwarden_rs.config.rocketPort}";
keychain = vhosts.proxy "http://127.0.0.1:${config.portsStr.bitwarden}";
};
services.bitwarden_rs = {
enable = true;
backupDir = "/srv/storage/private/bitwarden/backups";
config = {
dataFolder = "/srv/storage/private/bitwarden/data";
rocketPort = 32002;
rocketPort = config.ports.bitwarden;
};
#environmentFile = ""; # TODO: agenix
};

6
hosts/VEGAS/services/fbi/default.nix
View file

@ -1,6 +1,8 @@
{ config, lib, tools, ... }:
with tools.nginx;
{
reservePortsFor = [ "ombi" ];
services = {
radarr = {
enable = true;
@ -10,13 +12,13 @@ with tools.nginx;
};
ombi = {
enable = true;
port = 35000;
port = config.ports.ombi;
};
nginx.virtualHosts = mappers.mapSubdomains {
radarr = vhosts.proxy "http://127.0.0.1:7878";
sonarr = vhosts.proxy "http://127.0.0.1:8989";
fbi-requests = vhosts.proxy "http://127.0.0.1:${builtins.toString config.services.ombi.port}";
fbi-requests = vhosts.proxy "http://127.0.0.1:${config.portsStr.ombi}";
};
};
systemd.services.radarr.serviceConfig.Slice = "mediamanagement.slice";

5
hosts/VEGAS/services/git/default.nix
View file

@ -4,6 +4,8 @@ let
inherit (tools.meta) domain;
in
{
reservePortsFor = [ "gitea" ];
age.secrets = {
giteaDBPassword = {
file = ../../../../secrets/gitea-db-credentials.age;
@ -14,12 +16,13 @@ in
};
services.nginx.virtualHosts = mappers.mapSubdomains {
git = vhosts.proxy "http://127.0.0.1:3000";
git = vhosts.proxy "http://127.0.0.1:${config.portsStr.gitea}";
};
services.gitea = {
enable = true;
appName = "Private Void Gitea";
httpPort = config.ports.gitea;
domain = "git";
rootUrl = "https://git.${domain}";
disableRegistration = true;

13
hosts/VEGAS/services/ipfs/default.nix
View file

@ -4,8 +4,11 @@ let
inherit (tools.meta) domain;
cfg = config.services.ipfs;
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
gwPort = config.portsStr.ipfsGateway;
in
{
reservePortsFor = [ "ipfsGateway" ];
networking.firewall = {
allowedTCPPorts = [ 4001 ];
allowedUDPPorts = [ 4001 ];
@ -16,7 +19,7 @@ in
startWhenNeeded = false;
autoMount = true;
gatewayAddress = "/ip4/127.0.0.1/tcp/48280";
gatewayAddress = "/ip4/127.0.0.1/tcp/${gwPort}";
dataDir = "/srv/storage/ipfs/repo";
localDiscovery = false;
@ -71,7 +74,7 @@ in
services.nginx.virtualHosts = {
"top-level.${domain}".locations = {
"~ ^/ip[fn]s" = {
proxyPass = "http://127.0.0.1:48280";
proxyPass = "http://127.0.0.1:${gwPort}";
extraConfig = ''
add_header X-Content-Type-Options "";
add_header Access-Control-Allow-Origin *;
@ -83,7 +86,7 @@ in
locations = {
"= /".return = "404";
"~ ^/ip[fn]s" = {
proxyPass = "http://127.0.0.1:48280";
proxyPass = "http://127.0.0.1:${gwPort}";
extraConfig = ''
add_header X-Content-Type-Options "";
add_header Access-Control-Allow-Origin *;
@ -94,7 +97,7 @@ in
};
"ipfs.admin.${domain}" = vhosts.basic // {
locations."/api".proxyPass = "http://127.0.0.1:5001";
locations."/ipns/webui.ipfs.${domain}".proxyPass = "http://127.0.0.1:48280/ipns/webui.ipfs.${domain}";
locations."/ipns/webui.ipfs.${domain}".proxyPass = "http://127.0.0.1:${gwPort}/ipns/webui.ipfs.${domain}";
locations."= /".return = "302 /ipns/webui.ipfs.${domain}";
};
};
@ -116,7 +119,7 @@ in
useACMEHost = "ipfs.${domain}";
locations = {
"/" = {
proxyPass = "http://127.0.0.1:48280";
proxyPass = "http://127.0.0.1:${gwPort}";
extraConfig = ''
add_header X-Content-Type-Options "";
add_header Access-Control-Allow-Origin *;

6
hosts/VEGAS/services/object-storage/default.nix
View file

@ -10,6 +10,8 @@ let
minioConsole = pkgs.callPackage ./console.nix {};
in
{
reservePortsFor = [ "minioConsole" ];
age.secrets.minio-root-credentials = {
file = ../../../../secrets/minio-root-credentials.age;
owner = "root";
@ -43,7 +45,7 @@ in
};
"console.object-storage" = vhosts.basic // {
locations = {
"/".proxyPass = "http://127.0.0.1:39090";
"/".proxyPass = "http://127.0.0.1:${config.portsStr.minioConsole}";
};
};
"cdn" = lib.recursiveUpdate (vhosts.proxy "http://${host}:${port}/content-delivery$request_uri") {
@ -55,7 +57,7 @@ in
enable = true;
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${minioConsole}/bin/console server --port 39090";
ExecStart = "${minioConsole}/bin/console server --port ${config.portsStr.minioConsole}";
EnvironmentFile = config.age.secrets.minio-console-secrets.path;
DynamicUser = true;
User = "minio-console";

6
hosts/VEGAS/services/sso/default.nix
View file

@ -5,6 +5,8 @@ let
cfg = config.services.keycloak;
in
{
reservePortsFor = [ "keycloak" ];
imports = [
./identity-management.nix
];
@ -15,7 +17,7 @@ in
mode = "0400";
};
services.nginx.virtualHosts = {
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.bindAddress}:${cfg.httpPort}") {
"${login}" = lib.recursiveUpdate (vhosts.proxy "http://${cfg.bindAddress}:${config.portsStr.keycloak}") {
locations."= /".return = "302 /auth/realms/master/account/";
};
"account.${domain}" = vhosts.redirect "https://${login}/auth/realms/master/account/";
@ -24,7 +26,7 @@ in
enable = true;
frontendUrl = "https://${login}/auth";
bindAddress = "127.0.0.1";
httpPort = "38080";
httpPort = config.portsStr.keycloak;
package = pkgs.keycloak.override { jre = pkgs.jdk11_headless; };
database = {
createLocally = true;