Initial add of gitea, add traefik for network routing

2023-05-11 11:54:42 +01:00 · 2023-05-11 11:54:42 +01:00 · 0c57e7722f
parent 3aa74091ea
commit 0c57e7722f
6 changed files with 36 additions and 21 deletions
--- a/Vanguard.nix
+++ b/Vanguard.nix
@ -10,6 +10,7 @@
    ./desktop/steam.nix
    ./syncthing/Vanguard.nix
    ./server/adguardhome.nix
+    ./server/gitea.nix
  ];

  networking.hostName = "Vanguard"; # Define your hostname.
--- a/server/adguardhome.nix
+++ b/server/adguardhome.nix
@ -1,11 +1,18 @@
 { ... }:
 {
-  imports = [ ./nginx ];
+  imports = [ ./traefik.nix ];
  services.adguardhome = {
    enable = true;
    mutableSettings = true;
+    settings.bind_port = 3001;
+    openFirewall = true;
+  };
+  networking.firewall = {
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [ 53 ];
+  };
+  services.traefik.dynamicConfigOptions.http = {
+    routers.adguard = { rule = "Host(`guard.xenia.me.uk`)"; service = "adguard-webinterface"; };
+    services.adguard-webinterface.loadBalancer.servers = [{ url = "http://localhost:3001"; }];
  };
-  services.nginx.virtualHosts."guard.xenia.me.uk" = import ./nginx/sites/adguardhome.nix;
-  networking.firewall.allowedTCPPorts = [ 53 3000 ];
-  networking.firewall.allowedUDPPorts = [ 53 ];
 }
--- a/server/gitea.nix
+++ b/server/gitea.nix
@ -0,0 +1,10 @@
+{ ... }:
+{
+  imports = [ ./traefik.nix ];
+  services.gitea.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.traefik.dynamicConfigOptions.http = {
+    routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; };
+    services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }];
+  };
+}
--- a/server/nginx/default.nix
+++ b/server/nginx/default.nix
@ -1,12 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  services.nginx = {
-    enable = true;
-    package = pkgs.nginxMainline;
-    recommendedTlsSettings = lib.mkDefault true;
-    recommendedProxySettings = lib.mkDefault true;
-    recommendedOptimisation = lib.mkDefault true;
-    recommendedGzipSettings = lib.mkDefault true;
-  };
-  networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; };
-}
--- a/server/nginx/sites/adguardhome.nix
+++ b/server/nginx/sites/adguardhome.nix
@ -1,5 +0,0 @@
-{
-  listen = [{ addr = "0.0.0.0"; port = 80; }];
-  serverName = "guard.xenia.me.uk";
-  locations = { "/" = { proxyPass = "http://localhost:3000"; }; };
-}
--- a/server/traefik.nix
+++ b/server/traefik.nix
@ -0,0 +1,14 @@
+{ ... }:
+{
+  services.traefik = {
+    enable = true;
+    staticConfigOptions = {
+      api = { insecure = true; };
+      entryPoints = {
+        http = { address = ":80"; };
+        web = { address = ":30000"; };
+      };
+    };
+  };
+  networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 30000 ]; };
+}