Move server directory and syncthing into services directory

Separate service setup from traefik config for each, prep for future
server separation
This commit is contained in:
Evie Litherland-Smith 2023-05-26 08:52:46 +01:00
parent afb64c2c8c
commit 320d76f972
23 changed files with 128 additions and 106 deletions

View file

@ -6,12 +6,7 @@
./hardware/bluetooth.nix ./hardware/bluetooth.nix
./locales/en_GB.nix ./locales/en_GB.nix
./desktop/hyprland.nix ./desktop/hyprland.nix
./syncthing/Vanguard.nix ./services/Vanguard.nix
./server/sshd.nix
./server/adguardhome.nix
./server/gitea.nix
./server/qbittorrent.nix
# ./server/nextcloud.nix
]; ];
networking.hostName = "Vanguard"; # Define your hostname. networking.hostName = "Vanguard"; # Define your hostname.

View file

@ -1,31 +0,0 @@
{
pkgs,
config,
...
}: {
imports = [./traefik.nix ./fail2ban.nix];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud26;
hostName = "cloud.xenia.me.uk";
config = {
adminuser = "xenia";
adminpassFile = "/secrets/nextcloud_admin.txt";
};
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
{
addr = "localhost";
port = 8000;
}
];
services.traefik.dynamicConfigOptions.http = {
routers.nextcloud = {
rule = "Host(`cloud.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "nextcloud-webinterface";
tls = {certResolver = "default";};
};
services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];
};
}

16
services/Vanguard.nix Normal file
View file

@ -0,0 +1,16 @@
{...}: {
imports = [
./adguardhome
./traefik/adguardhome.nix
./gitea
./traefik/gitea.nix
# ./nextcloud
./traefik/nextcloud.nix
./qbittorrent
./traefik/qbittorrent.nix
./sshd
./traefik/sshd.nix
./syncthing/Vanguard.nix
./traefik/syncthing.nix
];
}

View file

@ -0,0 +1,12 @@
{...}: {
services.adguardhome = {
enable = true;
mutableSettings = true;
settings.bind_port = 3001;
openFirewall = true;
};
networking.firewall = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
}

View file

@ -0,0 +1,9 @@
{...}: {
imports = [./default.nix];
services.fail2ban.jails.gitea = ''
enabled = true
filter = sshd
ports = 30922
backend = systemd
'';
}

View file

@ -0,0 +1,17 @@
{...}: {
imports = [./default.nix];
services.fail2ban.jails = {
traefik-http = ''
enabled = true
filter = traefik-auth
ports = http,https,2222
backend = systemd
'';
traefik-ssh = ''
enabled = true
filter = sshd
ports = 2222
backend = systemd
'';
};
}

View file

@ -0,0 +1,21 @@
{...}: {
imports = [ ../fail2ban/gitea.nix ];
services.gitea = {
enable = true;
settings = {
server = {
ROOT_URL = "https://git.xenia.me.uk";
DOMAIN = "git.xenia.me.uk";
START_SSH_SERVER = true;
SSH_DOMAIN = "git.xenia.me.uk";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 30922;
};
service.DISABLE_REGISTRATION = true;
ui = {
THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
};
};
appName = "Gitea";
};
}

View file

@ -0,0 +1,21 @@
{
pkgs,
config,
...
}: {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud26;
hostName = "cloud.xenia.me.uk";
config = {
adminuser = "xenia";
adminpassFile = "/etc/nextcloud/admin_secret.txt";
};
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName}.listen = [
{
addr = "localhost";
port = 8000;
}
];
}

13
services/sshd/default.nix Normal file
View file

@ -0,0 +1,13 @@
{...}: {
services.openssh = {
enable = true;
ports = [22];
settings = {
UseDns = true;
PermitRootLogin = "no";
PasswordAuthentication = false;
GatewayPorts = "yes";
LogLevel = "VERBOSE";
};
};
}

View file

@ -1,15 +1,5 @@
{...}: { {...}: {
imports = [./traefik.nix]; imports = [./default.nix];
services.adguardhome = {
enable = true;
mutableSettings = true;
settings.bind_port = 3001;
openFirewall = true;
};
networking.firewall = {
allowedTCPPorts = [53];
allowedUDPPorts = [53];
};
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.adguard = { routers.adguard = {
rule = "Host(`guard.xenia.me.uk`)"; rule = "Host(`guard.xenia.me.uk`)";

View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [./fail2ban.nix]; imports = [../fail2ban/traefik.nix];
services.traefik = { services.traefik = {
enable = true; enable = true;
staticConfigOptions = { staticConfigOptions = {

View file

@ -1,23 +1,5 @@
{...}: { {...}: {
imports = [./traefik.nix ./fail2ban.nix]; imports = [./default.nix];
services.gitea = {
enable = true;
settings = {
server = {
ROOT_URL = "https://git.xenia.me.uk";
DOMAIN = "git.xenia.me.uk";
START_SSH_SERVER = true;
SSH_DOMAIN = "git.xenia.me.uk";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 30922;
};
service.DISABLE_REGISTRATION = true;
ui = {
THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
};
};
appName = "Gitea";
};
services.traefik.dynamicConfigOptions = { services.traefik.dynamicConfigOptions = {
http = { http = {
routers.gitea = { routers.gitea = {
@ -43,10 +25,4 @@
services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}]; services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
}; };
}; };
services.fail2ban.jails.gitea = ''
enabled = true
filter = sshd
ports = 30922
backend = systemd
'';
} }

View file

@ -0,0 +1,12 @@
{...}: {
imports = [./default.nix];
services.traefik.dynamicConfigOptions.http = {
routers.nextcloud = {
rule = "Host(`cloud.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "nextcloud-webinterface";
tls = {certResolver = "default";};
};
services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}];
};
}

View file

@ -1,5 +1,5 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [./traefik.nix]; imports = [./default.nix];
environment.systemPackages = [pkgs.qbittorrent]; environment.systemPackages = [pkgs.qbittorrent];
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.qbittorrent = { routers.qbittorrent = {

View file

@ -1,15 +1,5 @@
{...}: { {...}: {
services.openssh = { imports = [./default.nix];
enable = true;
ports = [22];
settings = {
UseDns = true;
PermitRootLogin = "no";
PasswordAuthentication = false;
GatewayPorts = "yes";
LogLevel = "VERBOSE";
};
};
services.traefik.dynamicConfigOptions.tcp = { services.traefik.dynamicConfigOptions.tcp = {
routers.ssh = { routers.ssh = {
rule = "ClientIP(`192.168.0.0/16`)"; rule = "ClientIP(`192.168.0.0/16`)";

View file

@ -1,4 +1,5 @@
{...}: { {...}: {
imports = [./default.nix];
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.syncthing = { routers.syncthing = {
rule = "Host(`syncthing.xenia.me.uk`)"; rule = "Host(`syncthing.xenia.me.uk`)";

View file

@ -1,20 +0,0 @@
{pkgs, ...}: {
systemd.timers."nixos-pull-config" = {
wantedBy = ["timers.target"];
description = "Timer to update /etc/nixos/config/ repository";
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "hello-world.service";
};
};
systemd.services."nixos-pull-config" = {
script = ''
${pkgs.git}/bin/git pull -C /etc/nixos/config/ --ff-only --no-edit
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}