Update ports used and relevant traefik configs
This commit is contained in:
parent
7370df89ef
commit
c73d69cce5
|
@ -6,6 +6,5 @@
|
||||||
serverAliveCountMax = 3;
|
serverAliveCountMax = 3;
|
||||||
controlMaster = "auto";
|
controlMaster = "auto";
|
||||||
controlPersist = "1s";
|
controlPersist = "1s";
|
||||||
matchBlocks = {"git.*".user = "git";};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
imports = [./common.nix];
|
imports = [./common.nix];
|
||||||
programs.ssh.matchBlocks = {
|
programs.ssh.matchBlocks = {
|
||||||
"vanguard" = {user = "xenia";};
|
"vanguard" = {user = "xenia";};
|
||||||
"git.xenia.me.uk" = lib.hm.dag.entryBefore ["git.*"] {user = "gitea";};
|
"git.xenia.me.uk" = {user = "gitea";};
|
||||||
"vanguard *xenia.me.uk" = lib.hm.dag.entryAfter ["vanguard"] {
|
"vanguard *xenia.me.uk" = lib.hm.dag.entryAfter ["vanguard" "git.xenia.me.uk"] {
|
||||||
hostname = "192.168.1.166";
|
hostname = "192.168.1.166";
|
||||||
port = 2222;
|
port = 2222;
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
imports = [./common.nix];
|
imports = [./common.nix];
|
||||||
home.packages = with pkgs; [sshfs];
|
home.packages = with pkgs; [sshfs];
|
||||||
programs.ssh.matchBlocks = {
|
programs.ssh.matchBlocks = {
|
||||||
|
"git.ccfe.ac.uk" = {user = "git";};
|
||||||
"batch" = {
|
"batch" = {
|
||||||
user = "cxsbatch";
|
user = "cxsbatch";
|
||||||
hostname = "heimdall115.jetdata.eu";
|
hostname = "heimdall115.jetdata.eu";
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
services.traefik.dynamicConfigOptions.http = {
|
services.traefik.dynamicConfigOptions.http = {
|
||||||
routers.adguard = {
|
routers.adguard = {
|
||||||
rule = "Host(`guard.xenia.me.uk`)";
|
rule = "Host(`guard.xenia.me.uk`)";
|
||||||
|
entryPoints = ["http" "https"];
|
||||||
service = "adguard-webinterface";
|
service = "adguard-webinterface";
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,7 +6,10 @@
|
||||||
server = {
|
server = {
|
||||||
ROOT_URL = "https://git.xenia.me.uk";
|
ROOT_URL = "https://git.xenia.me.uk";
|
||||||
DOMAIN = "git.xenia.me.uk";
|
DOMAIN = "git.xenia.me.uk";
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
SSH_DOMAIN = "git.xenia.me.uk";
|
||||||
SSH_PORT = 2222;
|
SSH_PORT = 2222;
|
||||||
|
SSH_LISTEN_PORT = 30922;
|
||||||
};
|
};
|
||||||
service.DISABLE_REGISTRATION = true;
|
service.DISABLE_REGISTRATION = true;
|
||||||
ui = {
|
ui = {
|
||||||
|
@ -15,19 +18,35 @@
|
||||||
};
|
};
|
||||||
appName = "Gitea";
|
appName = "Gitea";
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [80 443 2222];
|
services.traefik.dynamicConfigOptions = {
|
||||||
services.traefik.dynamicConfigOptions.http = {
|
http = {
|
||||||
routers.gitea = {
|
routers.gitea = {
|
||||||
rule = "Host(`git.xenia.me.uk`)";
|
rule = "Host(`git.xenia.me.uk`)";
|
||||||
|
entryPoints = ["http" "https"];
|
||||||
service = "gitea-websecure";
|
service = "gitea-websecure";
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
|
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
|
||||||
};
|
};
|
||||||
|
tcp = {
|
||||||
|
routers.gitea-ssh = {
|
||||||
|
rule = "HostSNI(`git.xenia.me.uk`)";
|
||||||
|
entryPoints = ["ssh"];
|
||||||
|
service = "gitea-sshservice";
|
||||||
|
tls = {certResolver = "default";};
|
||||||
|
};
|
||||||
|
routers.gitea-ssh-local = {
|
||||||
|
rule = "ClientIP(`192.168.0.0/16`)";
|
||||||
|
entryPoints = ["ssh"];
|
||||||
|
service = "gitea-sshservice";
|
||||||
|
};
|
||||||
|
services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
|
||||||
|
};
|
||||||
|
};
|
||||||
services.fail2ban.jails.gitea = ''
|
services.fail2ban.jails.gitea = ''
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = sshd
|
filter = sshd
|
||||||
ports = 2222
|
ports = 30922
|
||||||
backend = systemd
|
backend = systemd
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
services.traefik.dynamicConfigOptions.http = {
|
services.traefik.dynamicConfigOptions.http = {
|
||||||
routers.nextcloud = {
|
routers.nextcloud = {
|
||||||
rule = "Host(`cloud.xenia.me.uk`)";
|
rule = "Host(`cloud.xenia.me.uk`)";
|
||||||
|
entryPoints = ["http" "https"];
|
||||||
service = "nextcloud-webinterface";
|
service = "nextcloud-webinterface";
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
|
|
13
server/qbittorrent.nix
Normal file
13
server/qbittorrent.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
imports = [./traefik.nix];
|
||||||
|
environment.systemPackages = [pkgs.qbittorrent];
|
||||||
|
services.traefik.dynamicConfigOptions.http = {
|
||||||
|
routers.qbittorrent = {
|
||||||
|
rule = "Host(`torrent.xenia.me.uk`)";
|
||||||
|
entryPoints = ["http" "https"];
|
||||||
|
service = "qbittorrent-webinterface";
|
||||||
|
tls = {certResolver = "default";};
|
||||||
|
};
|
||||||
|
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ports = [2222];
|
ports = [22];
|
||||||
settings = {
|
settings = {
|
||||||
UseDns = true;
|
UseDns = true;
|
||||||
PermitRootLogin = "no";
|
PermitRootLogin = "no";
|
||||||
|
@ -10,4 +10,12 @@
|
||||||
LogLevel = "VERBOSE";
|
LogLevel = "VERBOSE";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
services.traefik.dynamicConfigOptions.tcp = {
|
||||||
|
routers.ssh = {
|
||||||
|
rule = "ClientIP(`192.168.0.0/16`)";
|
||||||
|
entryPoints = ["ssh"];
|
||||||
|
service = "ssh-redirect";
|
||||||
|
};
|
||||||
|
services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,8 +5,15 @@
|
||||||
staticConfigOptions = {
|
staticConfigOptions = {
|
||||||
api = {insecure = true;};
|
api = {insecure = true;};
|
||||||
entryPoints = {
|
entryPoints = {
|
||||||
http = {address = ":80";};
|
http = {
|
||||||
|
address = ":80";
|
||||||
|
http.redirections.entryPoint = {
|
||||||
|
to = "https";
|
||||||
|
scheme = "https";
|
||||||
|
};
|
||||||
|
};
|
||||||
https = {address = ":443";};
|
https = {address = ":443";};
|
||||||
|
ssh = {address = ":2222";};
|
||||||
};
|
};
|
||||||
certificatesResolvers = {
|
certificatesResolvers = {
|
||||||
default = {
|
default = {
|
||||||
|
@ -21,26 +28,29 @@
|
||||||
dynamicConfigOptions.http = {
|
dynamicConfigOptions.http = {
|
||||||
routers.traefik = {
|
routers.traefik = {
|
||||||
rule = "Host(`traefik.xenia.me.uk`)";
|
rule = "Host(`traefik.xenia.me.uk`)";
|
||||||
|
entryPoints = ["http" "https"];
|
||||||
service = "traefik-webinterface";
|
service = "traefik-webinterface";
|
||||||
tls = {certResolver = "default";};
|
tls = {certResolver = "default";};
|
||||||
};
|
};
|
||||||
services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
|
services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
|
||||||
routers.qbittorrent = {
|
|
||||||
rule = "Host(`torrent.xenia.me.uk`)";
|
|
||||||
service = "qbittorrent-webinterface";
|
|
||||||
tls = {certResolver = "default";};
|
|
||||||
};
|
|
||||||
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [80 443 8080 8090];
|
allowedTCPPorts = [80 443 2222];
|
||||||
};
|
};
|
||||||
services.fail2ban.jails.traefik = ''
|
services.fail2ban.jails = {
|
||||||
|
traefik-http = ''
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = traefik-auth
|
filter = traefik-auth
|
||||||
ports = http,https,8080
|
ports = http,https,2222
|
||||||
backend = systemd
|
backend = systemd
|
||||||
'';
|
'';
|
||||||
|
traefik-ssh = ''
|
||||||
|
enabled = true
|
||||||
|
filter = sshd
|
||||||
|
ports = 2222
|
||||||
|
backend = systemd
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue