pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update ports used and relevant traefik configs

Browse source
This commit is contained in:
Evie Litherland-Smith 2023-05-25 17:05:25 +01:00
parent 7370df89ef
commit c73d69cce5
9 changed files with 78 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
home/ssh/common.nix
View file

@ -6,6 +6,5 @@
serverAliveCountMax = 3;
controlMaster = "auto";
controlPersist = "1s";
matchBlocks = {"git.*".user = "git";};
};
}

4
home/ssh/personal.nix
View file

@ -2,8 +2,8 @@
imports = [./common.nix];
programs.ssh.matchBlocks = {
"vanguard" = {user = "xenia";};
"git.xenia.me.uk" = lib.hm.dag.entryBefore ["git.*"] {user = "gitea";};
"vanguard *xenia.me.uk" = lib.hm.dag.entryAfter ["vanguard"] {
"git.xenia.me.uk" = {user = "gitea";};
"vanguard *xenia.me.uk" = lib.hm.dag.entryAfter ["vanguard" "git.xenia.me.uk"] {
hostname = "192.168.1.166";
port = 2222;
};

1
home/ssh/work.nix
View file

@ -6,6 +6,7 @@
imports = [./common.nix];
home.packages = with pkgs; [sshfs];
programs.ssh.matchBlocks = {
"git.ccfe.ac.uk" = {user = "git";};
"batch" = {
user = "cxsbatch";
hostname = "heimdall115.jetdata.eu";

1
server/adguardhome.nix
View file

@ -13,6 +13,7 @@
services.traefik.dynamicConfigOptions.http = {
routers.adguard = {
rule = "Host(`guard.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "adguard-webinterface";
tls = {certResolver = "default";};
};

35
server/gitea.nix
View file

@ -6,7 +6,10 @@
server = {
ROOT_URL = "https://git.xenia.me.uk";
DOMAIN = "git.xenia.me.uk";
START_SSH_SERVER = true;
SSH_DOMAIN = "git.xenia.me.uk";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 30922;
};
service.DISABLE_REGISTRATION = true;
ui = {
@ -15,19 +18,35 @@
};
appName = "Gitea";
};
networking.firewall.allowedTCPPorts = [80 443 2222];
services.traefik.dynamicConfigOptions.http = {
routers.gitea = {
rule = "Host(`git.xenia.me.uk`)";
service = "gitea-websecure";
tls = {certResolver = "default";};
services.traefik.dynamicConfigOptions = {
http = {
routers.gitea = {
rule = "Host(`git.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "gitea-websecure";
tls = {certResolver = "default";};
};
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
};
tcp = {
routers.gitea-ssh = {
rule = "HostSNI(`git.xenia.me.uk`)";
entryPoints = ["ssh"];
service = "gitea-sshservice";
tls = {certResolver = "default";};
};
routers.gitea-ssh-local = {
rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["ssh"];
service = "gitea-sshservice";
};
services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
};
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
};
services.fail2ban.jails.gitea = ''
enabled = true
filter = sshd
ports = 2222
ports = 30922
backend = systemd
'';
}

1
server/nextcloud.nix
View file

@ -22,6 +22,7 @@
services.traefik.dynamicConfigOptions.http = {
routers.nextcloud = {
rule = "Host(`cloud.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "nextcloud-webinterface";
tls = {certResolver = "default";};
};

13
server/qbittorrent.nix Normal file
View file

@ -0,0 +1,13 @@
{pkgs, ...}: {
imports = [./traefik.nix];
environment.systemPackages = [pkgs.qbittorrent];
services.traefik.dynamicConfigOptions.http = {
routers.qbittorrent = {
rule = "Host(`torrent.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "qbittorrent-webinterface";
tls = {certResolver = "default";};
};
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
};
}

10
server/sshd.nix
View file

@ -1,7 +1,7 @@
{...}: {
services.openssh = {
enable = true;
ports = [2222];
ports = [22];
settings = {
UseDns = true;
PermitRootLogin = "no";
@ -10,4 +10,12 @@
LogLevel = "VERBOSE";
};
};
services.traefik.dynamicConfigOptions.tcp = {
routers.ssh = {
rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["ssh"];
service = "ssh-redirect";
};
services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}];
};
}

38
server/traefik.nix
View file

@ -5,8 +5,15 @@
staticConfigOptions = {
api = {insecure = true;};
entryPoints = {
http = {address = ":80";};
http = {
address = ":80";
http.redirections.entryPoint = {
to = "https";
scheme = "https";
};
};
https = {address = ":443";};
ssh = {address = ":2222";};
};
certificatesResolvers = {
default = {
@ -21,26 +28,29 @@
dynamicConfigOptions.http = {
routers.traefik = {
rule = "Host(`traefik.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "traefik-webinterface";
tls = {certResolver = "default";};
};
services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
routers.qbittorrent = {
rule = "Host(`torrent.xenia.me.uk`)";
service = "qbittorrent-webinterface";
tls = {certResolver = "default";};
};
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 8080 8090];
allowedTCPPorts = [80 443 2222];
};
services.fail2ban.jails = {
traefik-http = ''
enabled = true
filter = traefik-auth
ports = http,https,2222
backend = systemd
'';
traefik-ssh = ''
enabled = true
filter = sshd
ports = 2222
backend = systemd
'';
};
services.fail2ban.jails.traefik = ''
enabled = true
filter = traefik-auth
ports = http,https,8080
backend = systemd
'';
}