Initial add of gitea, add traefik for network routing

2023-05-11 11:54:42 +01:00 · 2023-05-11 11:54:42 +01:00 · 0c57e7722f
parent 3aa74091ea
commit 0c57e7722f
6 changed files with 36 additions and 21 deletions
--- a/Vanguard.nix
+++ b/Vanguard.nix
@ -10,6 +10,7 @@
    ./desktop/steam.nix
    ./syncthing/Vanguard.nix
    ./server/adguardhome.nix
    ./server/gitea.nix
  ];
  networking.hostName = "Vanguard"; # Define your hostname.
--- a/server/adguardhome.nix
+++ b/server/adguardhome.nix
@ -1,11 +1,18 @@
 { ... }:
 {
-  imports = [ ./nginx ];
+  imports = [ ./traefik.nix ];
  services.adguardhome = {
    enable = true;
    mutableSettings = true;
    settings.bind_port = 3001;
    openFirewall = true;
  };
  networking.firewall = {
    allowedTCPPorts = [ 53 ];
    allowedUDPPorts = [ 53 ];
  };
  services.traefik.dynamicConfigOptions.http = {
    routers.adguard = { rule = "Host(`guard.xenia.me.uk`)"; service = "adguard-webinterface"; };
    services.adguard-webinterface.loadBalancer.servers = [{ url = "http://localhost:3001"; }];
  };
  services.nginx.virtualHosts."guard.xenia.me.uk" = import ./nginx/sites/adguardhome.nix;
  networking.firewall.allowedTCPPorts = [ 53 3000 ];
  networking.firewall.allowedUDPPorts = [ 53 ];
 }
--- a/server/gitea.nix
+++ b/server/gitea.nix
@ -0,0 +1,10 @@
 { ... }:
 {
  imports = [ ./traefik.nix ];
  services.gitea.enable = true;
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  services.traefik.dynamicConfigOptions.http = {
    routers.gitea = { rule = "Host(`git.xenia.me.uk`)"; service = "gitea-websecure"; };
    services.gitea-websecure.loadBalancer.servers = [{ url = "http://localhost:3000"; }];
  };
 }
--- a/server/nginx/default.nix
+++ b/server/nginx/default.nix
@ -1,12 +0,0 @@
 { pkgs, lib, ... }:
 {
  services.nginx = {
    enable = true;
    package = pkgs.nginxMainline;
    recommendedTlsSettings = lib.mkDefault true;
    recommendedProxySettings = lib.mkDefault true;
    recommendedOptimisation = lib.mkDefault true;
    recommendedGzipSettings = lib.mkDefault true;
  };
  networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; };
 }
--- a/server/nginx/sites/adguardhome.nix
+++ b/server/nginx/sites/adguardhome.nix
@ -1,5 +0,0 @@
 {
  listen = [{ addr = "0.0.0.0"; port = 80; }];
  serverName = "guard.xenia.me.uk";
  locations = { "/" = { proxyPass = "http://localhost:3000"; }; };
 }
--- a/server/traefik.nix
+++ b/server/traefik.nix
@ -0,0 +1,14 @@
 { ... }:
 {
  services.traefik = {
    enable = true;
    staticConfigOptions = {
      api = { insecure = true; };
      entryPoints = {
        http = { address = ":80"; };
        web = { address = ":30000"; };
      };
    };
  };
  networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 30000 ]; };
 }