helvetica/puter
1
0
Fork 0
Code Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2024-09-15 14:16:32 +02:00
parent be422948c7
commit 290f2dadc3
19 changed files with 203 additions and 130 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/abacus/acme.nix Normal file
View file

@ -0,0 +1,6 @@
{
security.acme = {
defaults.email = "lukas@wrz.one";
acceptTerms = true;
};
}

7
hosts/abacus/fs.nix Normal file
View file

@ -0,0 +1,7 @@
{config, ...}: {
fileSystems.${config.services.navidrome.settings.MusicFolder} = {
label = "music";
fsType = "ext4";
options = ["noatime"];
};
}

17
hosts/abacus/default.nix → hosts/abacus/hardware.nix
View file

@ -1,15 +1,5 @@
{modulesPath, ...}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./backup.nix
./microbin.nix
./miniflux.nix
./nginx.nix
./static
./syncthing.nix
./vaultwarden.nix
];
imports = ["${modulesPath}/profiles/qemu-guest.nix"];
nixpkgs.hostPlatform = "aarch64-linux";
@ -35,9 +25,4 @@
};
firewall.allowedTCPPorts = [80 443];
};
security.acme = {
defaults.email = "lukas@wrz.one";
acceptTerms = true;
};
}

13
hosts/abacus/microbin.nix
View file

@ -1,4 +1,8 @@
{config, ...}: let
{
config,
lib,
...
}: let
inherit (config.networking) domain;
virtualHostName = "bin.${domain}";
in {
@ -8,7 +12,7 @@ in {
enable = true;
passwordFile = config.age.secrets.microbin.path;
settings = {
MICROBIN_BIND = "127.0.0.1";
MICROBIN_BIND = "localhost";
MICROBIN_PORT = 8020;
MICROBIN_READONLY = true;
@ -31,6 +35,9 @@ in {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.microbin.settings.MICROBIN_BIND}:${builtins.toString config.services.microbin.settings.MICROBIN_PORT}";
locations."/".proxyPass = "http://${lib.formatHostPort {
host = config.services.microbin.settings.MICROBIN_BIND;
port = config.services.microbin.settings.MICROBIN_PORT;
}}";
};
}

27
hosts/abacus/navidrome.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
...
}: let
inherit (config.networking) domain;
virtualHostName = "navi.${domain}";
in {
services.navidrome = {
enable = true;
settings = {
Address = "localhost";
Port = 8050;
MusicFolder = "/srv/music";
};
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${lib.formatHostPort {
host = config.services.navidrome.settings.Address;
port = config.services.navidrome.settings.Port;
}}";
};
}

31
hosts/abacus/static.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
...
}: let
inherit (config.networking) domain;
parent = "/var/www";
sites = [
domain
"log.${domain}"
];
in
lib.mkMerge (map (
virtualHostName: let
root = "${parent}/${virtualHostName}";
in {
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
inherit root;
};
systemd.tmpfiles.settings."10-static-sites".${root}.d = {
user = "lukas";
group = "users";
mode = "0755";
};
}
)
sites)

12
hosts/abacus/static/default.nix
View file

@ -1,12 +0,0 @@
{
imports = [
./log.nix
./main.nix
];
systemd.tmpfiles.settings."10-static-sites"."/var/www".d = {
user = "root";
group = "root";
mode = "0755";
};
}

18
hosts/abacus/static/log.nix
View file

@ -1,18 +0,0 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "log.${domain}";
root = "/var/www/${virtualHostName}";
in {
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
inherit root;
};
systemd.tmpfiles.settings."10-static-sites".${root}.d = {
user = "lukas";
group = "users";
mode = "0755";
};
}

18
hosts/abacus/static/main.nix
View file

@ -1,18 +0,0 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = domain;
root = "/var/www/${virtualHostName}";
in {
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
inherit root;
};
systemd.tmpfiles.settings."10-static-sites".${root}.d = {
user = "lukas";
group = "users";
mode = "0755";
};
}

13
hosts/abacus/vaultwarden.nix
View file

@ -1,4 +1,8 @@
{config, ...}: let
{
config,
lib,
...
}: let
inherit (config.networking) domain;
virtualHostName = "vault.${domain}";
backupDir = "/srv/backup/vaultwarden";
@ -20,7 +24,7 @@ in {
ENABLE_WEBSOCKET = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_ADDRESS = "localhost";
ROCKET_PORT = 8000;
};
@ -34,7 +38,10 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}";
proxyPass = "http://${lib.formatHostPort {
host = config.services.vaultwarden.config.ROCKET_ADDRESS;
port = config.services.vaultwarden.config.ROCKET_PORT;
}}";
proxyWebsockets = true;
};
};