pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Clean up and add services

Browse source 
Remove jupyter service and qbittorrent traefik route

Add ntfy-sh (enabled) and initial grafana (not enabled) expressions

Change services to call own traefik expression, rather than needing to
be called explicitly
This commit is contained in:
Evie Litherland-Smith 2023-10-21 17:55:11 +01:00
parent 8421a5eeb5
commit a1c28e779a
17 changed files with 115 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
flake.nix
View file

@ -229,17 +229,11 @@
in systemConfig { in systemConfig {
inherit hostName user system; inherit hostName user system;
systemModules = [ ./system/default.nix ]; systemModules = [ ./system/default.nix ];
serviceModules = [ serviceModules = default.serviceModules ++ [
# ./services/adguardhome/default.nix ./services/adguardhome/default.nix
./services/gitea/default.nix ./services/gitea/default.nix
./services/nextcloud/default.nix ./services/nextcloud/default.nix
./services/sshd/default.nix ./services/ntfy-sh/default.nix
./services/syncthing/default.nix
# ./services/terraria/windy_limbo_of_melancholy.nix
# ./services/traefik/adguardhome.nix
./services/traefik/gitea.nix
./services/traefik/nextcloud.nix
# ./services/traefik/qbittorrent.nix
]; ];
homeModules = [ ./home/default.nix ]; homeModules = [ ./home/default.nix ];
}; };

9
services/adguardhome/default.nix
View file

@ -1,4 +1,7 @@
{...}: { { ... }:
{
imports = [ ../traefik/adguardhome.nix ];
services.adguardhome = { services.adguardhome = {
enable = true; enable = true;
mutableSettings = true; mutableSettings = true;
@ -6,7 +9,7 @@
openFirewall = true; openFirewall = true;
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [53]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [53]; allowedUDPPorts = [ 53 ];
}; };
} }

8
services/fail2ban/default.nix
View file

@ -1,7 +1,9 @@
{...}: { { config, lib, pkgs, ... }:
{
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
ignoreIP = ["127.0.0.1/8" "::1" "192.168.1.0/16"]; ignoreIP = [ "127.0.0.1/8" "::1" "192.168.1.0/16" ];
bantime-increment = {enable = true;}; bantime-increment = { enable = true; };
}; };
} }

6
services/fail2ban/traefik.nix
View file

@ -1,5 +1,7 @@
{...}: { { config, lib, pkgs, ... }:
imports = [./default.nix];
{
imports = [ ./default.nix ];
services.fail2ban.jails.traefik = '' services.fail2ban.jails.traefik = ''
enabled = true enabled = true
filter = traefik-auth filter = traefik-auth

8
services/gitea/default.nix
View file

@ -1,4 +1,7 @@
{...}: { { ... }:
{
imports = [ ../traefik/gitea.nix ];
services.gitea = { services.gitea = {
enable = true; enable = true;
settings = { settings = {
@ -9,7 +12,8 @@
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
ui = { ui = {
THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender"; THEMES =
"auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
}; };
}; };
appName = "Gitea"; appName = "Gitea";

14
services/grafana/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
{
services.grafana = {
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3100;
domain = "grafana.xenia.me.uk";
};
};
};
}

11
services/jupyter/default.nix
View file

@ -1,11 +0,0 @@
{...}: {
users.users.jupyter.group = "jupyter";
users.groups.jupyter = {};
services.jupyter = {
enable = true;
notebookConfig = ''
c.FileCheckpoints.checkpoint_dir = c.ServerApp.root_dir + ".ipynb_checkpoints"
c.ServerApp.open_browser = False
'';
};
}

7
services/jupyter/lab.nix
View file

@ -1,7 +0,0 @@
{pkgs, ...}: {
imports = [./default.nix];
services.jupyter = {
command = "jupyter-lab";
package = pkgs.python3Packages.jupyterlab;
};
}

5
services/nextcloud/default.nix
View file

@ -1,4 +1,7 @@
{ pkgs, config, ... }: { { pkgs, config, ... }:
{
imports = [ ../traefik/nextcloud.nix ];
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud27;

14
services/ntfy-sh/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
{
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.xenia.me.uk";
listen-http = ":8800";
behind-proxy = true;
enable-signup = false;
enable-metrics = true;
};
};
}

6
services/sshd/default.nix
View file

@ -1,7 +1,9 @@
{...}: { { config, lib, pkgs, ... }:
{
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [22]; ports = [ 22 ];
settings = { settings = {
UseDns = true; UseDns = true;
PermitRootLogin = "no"; PermitRootLogin = "no";

13
services/traefik/adguardhome.nix
View file

@ -1,12 +1,15 @@
{...}: { { config, lib, pkgs, ... }:
imports = [./default.nix];
{
imports = [ ./default.nix ];
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.adguard = { routers.adguard = {
rule = "Host(`guard.xenia.me.uk`)"; rule = "Host(`guard.xenia.me.uk`)";
entryPoints = ["http" "https"]; entryPoints = [ "http" "https" ];
service = "adguard-webinterface"; service = "adguard-webinterface";
tls = {certResolver = "default";}; tls = { certResolver = "default"; };
}; };
services.adguard-webinterface.loadBalancer.servers = [{url = "http://localhost:3001";}]; services.adguard-webinterface.loadBalancer.servers =
[{ url = "http://localhost:3001"; }];
}; };
} }

23
services/traefik/default.nix
View file

@ -1,9 +1,11 @@
{...}: { { config, lib, pkgs, ... }:
imports = [../fail2ban/traefik.nix];
{
imports = [ ../fail2ban/traefik.nix ];
services.traefik = { services.traefik = {
enable = true; enable = true;
staticConfigOptions = { staticConfigOptions = {
api = {dashboard = true;}; api = { dashboard = true; };
entryPoints = { entryPoints = {
http = { http = {
address = ":80"; address = ":80";
@ -20,7 +22,7 @@
acme = { acme = {
email = "evie@xenia.me.uk"; email = "evie@xenia.me.uk";
storage = "/var/lib/traefik/acme.json"; storage = "/var/lib/traefik/acme.json";
httpChallenge = {entryPoint = "http";}; httpChallenge = { entryPoint = "http"; };
}; };
}; };
}; };
@ -31,19 +33,20 @@
routers = { routers = {
api = { api = {
rule = "Host(`traefik.xenia.me.uk`)"; rule = "Host(`traefik.xenia.me.uk`)";
entryPoints = ["http" "https"]; entryPoints = [ "http" "https" ];
service = "api@internal"; service = "api@internal";
middlewares = ["auth"]; middlewares = [ "auth" ];
tls = {certResolver = "default";}; tls = { certResolver = "default"; };
}; };
api-internal = { api-internal = {
rule = "ClientIP(`192.168.0.0/16`)"; rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["traefik-internal"]; entryPoints = [ "traefik-internal" ];
service = "api@internal"; service = "api@internal";
}; };
}; };
middlewares = { middlewares = {
auth.basicAuth.users = ["xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS."]; auth.basicAuth.users =
[ "xenia:$apr1$LB0wVd6I$BHVPIyh.F5Ewt9/7PqAtS." ];
hsts.headers = { hsts.headers = {
stsSeconds = "31536000"; stsSeconds = "31536000";
stsIncludeSubdomains = true; stsIncludeSubdomains = true;
@ -54,6 +57,6 @@
}; };
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [80 443 8080]; allowedTCPPorts = [ 80 443 8080 ];
}; };
} }

13
services/traefik/gitea.nix
View file

@ -1,14 +1,17 @@
{...}: { { config, lib, pkgs, ... }:
imports = [./default.nix];
{
imports = [ ./default.nix ];
services.traefik.dynamicConfigOptions = { services.traefik.dynamicConfigOptions = {
http = { http = {
routers.gitea = { routers.gitea = {
rule = "Host(`git.xenia.me.uk`)"; rule = "Host(`git.xenia.me.uk`)";
entryPoints = ["http" "https"]; entryPoints = [ "http" "https" ];
service = "gitea-websecure"; service = "gitea-websecure";
tls = {certResolver = "default";}; tls = { certResolver = "default"; };
}; };
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}]; services.gitea-websecure.loadBalancer.servers =
[{ url = "http://localhost:3000"; }];
}; };
}; };
} }

15
services/traefik/nextcloud.nix
View file

@ -1,13 +1,16 @@
{...}: { { config, lib, pkgs, ... }:
imports = [./default.nix];
{
imports = [ ./default.nix ];
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
routers.nextcloud = { routers.nextcloud = {
rule = "Host(`cloud.xenia.me.uk`)"; rule = "Host(`cloud.xenia.me.uk`)";
entryPoints = ["http" "https"]; entryPoints = [ "http" "https" ];
service = "nextcloud-webinterface"; service = "nextcloud-webinterface";
middlewares = ["hsts"]; middlewares = [ "hsts" ];
tls = {certResolver = "default";}; tls = { certResolver = "default"; };
}; };
services.nextcloud-webinterface.loadBalancer.servers = [{url = "http://localhost:8000";}]; services.nextcloud-webinterface.loadBalancer.servers =
[{ url = "http://localhost:8000"; }];
}; };
} }

17
services/traefik/ntfy-sh.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
{
imports = [ ./default.nix ];
services.traefik.dynamicConfigOptions = {
http = {
routers.ntfy-sh = {
rule = "Host(`ntfy.xenia.me.uk`)";
entryPoints = [ "http" "https" ];
service = "ntfy-sh-service";
tls = { certResolver = "default"; };
};
services.ntfy-sh-service.loadBalancer.servers =
[{ url = "http://localhost:8800"; }];
};
};
}

14
services/traefik/qbittorrent.nix
View file

@ -1,14 +0,0 @@
{pkgs, ...}: {
imports = [./default.nix];
environment.systemPackages = [pkgs.qbittorrent];
services.traefik.dynamicConfigOptions.http = {
routers.qbittorrent = {
rule = "Host(`torrent.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "qbittorrent-webinterface";
middlewares = ["auth"];
tls = {certResolver = "default";};
};
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
};
}