Update ports used and relevant traefik configs
This commit is contained in:
parent
7370df89ef
commit
c73d69cce5
|
@ -6,6 +6,5 @@
|
|||
serverAliveCountMax = 3;
|
||||
controlMaster = "auto";
|
||||
controlPersist = "1s";
|
||||
matchBlocks = {"git.*".user = "git";};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
imports = [./common.nix];
|
||||
programs.ssh.matchBlocks = {
|
||||
"vanguard" = {user = "xenia";};
|
||||
"git.xenia.me.uk" = lib.hm.dag.entryBefore ["git.*"] {user = "gitea";};
|
||||
"vanguard *xenia.me.uk" = lib.hm.dag.entryAfter ["vanguard"] {
|
||||
"git.xenia.me.uk" = {user = "gitea";};
|
||||
"vanguard *xenia.me.uk" = lib.hm.dag.entryAfter ["vanguard" "git.xenia.me.uk"] {
|
||||
hostname = "192.168.1.166";
|
||||
port = 2222;
|
||||
};
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
imports = [./common.nix];
|
||||
home.packages = with pkgs; [sshfs];
|
||||
programs.ssh.matchBlocks = {
|
||||
"git.ccfe.ac.uk" = {user = "git";};
|
||||
"batch" = {
|
||||
user = "cxsbatch";
|
||||
hostname = "heimdall115.jetdata.eu";
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
services.traefik.dynamicConfigOptions.http = {
|
||||
routers.adguard = {
|
||||
rule = "Host(`guard.xenia.me.uk`)";
|
||||
entryPoints = ["http" "https"];
|
||||
service = "adguard-webinterface";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
|
|
|
@ -6,7 +6,10 @@
|
|||
server = {
|
||||
ROOT_URL = "https://git.xenia.me.uk";
|
||||
DOMAIN = "git.xenia.me.uk";
|
||||
START_SSH_SERVER = true;
|
||||
SSH_DOMAIN = "git.xenia.me.uk";
|
||||
SSH_PORT = 2222;
|
||||
SSH_LISTEN_PORT = 30922;
|
||||
};
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
ui = {
|
||||
|
@ -15,19 +18,35 @@
|
|||
};
|
||||
appName = "Gitea";
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [80 443 2222];
|
||||
services.traefik.dynamicConfigOptions.http = {
|
||||
services.traefik.dynamicConfigOptions = {
|
||||
http = {
|
||||
routers.gitea = {
|
||||
rule = "Host(`git.xenia.me.uk`)";
|
||||
entryPoints = ["http" "https"];
|
||||
service = "gitea-websecure";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
|
||||
};
|
||||
tcp = {
|
||||
routers.gitea-ssh = {
|
||||
rule = "HostSNI(`git.xenia.me.uk`)";
|
||||
entryPoints = ["ssh"];
|
||||
service = "gitea-sshservice";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
routers.gitea-ssh-local = {
|
||||
rule = "ClientIP(`192.168.0.0/16`)";
|
||||
entryPoints = ["ssh"];
|
||||
service = "gitea-sshservice";
|
||||
};
|
||||
services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
|
||||
};
|
||||
};
|
||||
services.fail2ban.jails.gitea = ''
|
||||
enabled = true
|
||||
filter = sshd
|
||||
ports = 2222
|
||||
ports = 30922
|
||||
backend = systemd
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
services.traefik.dynamicConfigOptions.http = {
|
||||
routers.nextcloud = {
|
||||
rule = "Host(`cloud.xenia.me.uk`)";
|
||||
entryPoints = ["http" "https"];
|
||||
service = "nextcloud-webinterface";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
|
|
13
server/qbittorrent.nix
Normal file
13
server/qbittorrent.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{pkgs, ...}: {
|
||||
imports = [./traefik.nix];
|
||||
environment.systemPackages = [pkgs.qbittorrent];
|
||||
services.traefik.dynamicConfigOptions.http = {
|
||||
routers.qbittorrent = {
|
||||
rule = "Host(`torrent.xenia.me.uk`)";
|
||||
entryPoints = ["http" "https"];
|
||||
service = "qbittorrent-webinterface";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
|
||||
};
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{...}: {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
ports = [2222];
|
||||
ports = [22];
|
||||
settings = {
|
||||
UseDns = true;
|
||||
PermitRootLogin = "no";
|
||||
|
@ -10,4 +10,12 @@
|
|||
LogLevel = "VERBOSE";
|
||||
};
|
||||
};
|
||||
services.traefik.dynamicConfigOptions.tcp = {
|
||||
routers.ssh = {
|
||||
rule = "ClientIP(`192.168.0.0/16`)";
|
||||
entryPoints = ["ssh"];
|
||||
service = "ssh-redirect";
|
||||
};
|
||||
services.ssh-redirect.loadBalancer.servers = [{address = "localhost:22";}];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,8 +5,15 @@
|
|||
staticConfigOptions = {
|
||||
api = {insecure = true;};
|
||||
entryPoints = {
|
||||
http = {address = ":80";};
|
||||
http = {
|
||||
address = ":80";
|
||||
http.redirections.entryPoint = {
|
||||
to = "https";
|
||||
scheme = "https";
|
||||
};
|
||||
};
|
||||
https = {address = ":443";};
|
||||
ssh = {address = ":2222";};
|
||||
};
|
||||
certificatesResolvers = {
|
||||
default = {
|
||||
|
@ -21,26 +28,29 @@
|
|||
dynamicConfigOptions.http = {
|
||||
routers.traefik = {
|
||||
rule = "Host(`traefik.xenia.me.uk`)";
|
||||
entryPoints = ["http" "https"];
|
||||
service = "traefik-webinterface";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
services.traefik-webinterface.loadBalancer.servers = [{url = "http://localhost:8080";}];
|
||||
routers.qbittorrent = {
|
||||
rule = "Host(`torrent.xenia.me.uk`)";
|
||||
service = "qbittorrent-webinterface";
|
||||
tls = {certResolver = "default";};
|
||||
};
|
||||
services.qbittorrent-webinterface.loadBalancer.servers = [{url = "http://localhost:8090";}];
|
||||
};
|
||||
};
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [80 443 8080 8090];
|
||||
allowedTCPPorts = [80 443 2222];
|
||||
};
|
||||
services.fail2ban.jails.traefik = ''
|
||||
services.fail2ban.jails = {
|
||||
traefik-http = ''
|
||||
enabled = true
|
||||
filter = traefik-auth
|
||||
ports = http,https,8080
|
||||
ports = http,https,2222
|
||||
backend = systemd
|
||||
'';
|
||||
traefik-ssh = ''
|
||||
enabled = true
|
||||
filter = sshd
|
||||
ports = 2222
|
||||
backend = systemd
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue