diff --git a/hosts/srv-monitor/default.nix b/hosts/srv-monitor/default.nix index f2a1a9b..dfeb10f 100644 --- a/hosts/srv-monitor/default.nix +++ b/hosts/srv-monitor/default.nix @@ -17,66 +17,70 @@ boot.loader.grub.enable = true; - services = { - resolved.enable = true; - tailscale = { - enable = true; - ssh.enable = true; - }; - - gatus = { - enable = true; - domain = "status.${config.custom.services.tailscale.domain}"; - domainsToMonitor = config.meta.domains.globalList; - endpoints = { - "alerts" = { - group = "Monitoring"; - path = "/v1/health"; - extraConditions = [ "[BODY].healthy == true" ]; - }; - "grafana".group = "Monitoring"; - "logs".group = "Monitoring"; - "git ssh" = { - protocol = "ssh"; - domain = "git.sstork.dev"; - }; - "speedtest".protocol = "http"; + services = + let + tailscaleDomain = config.custom.services.tailscale.domain; + in + { + resolved.enable = true; + tailscale = { + enable = true; + ssh.enable = true; }; - }; - ntfy = { - enable = true; - domain = "alerts.${config.custom.services.tailscale.domain}"; - }; - - grafana = { - enable = true; - domain = "grafana.${config.custom.services.tailscale.domain}"; - }; - - victorialogs = { - enable = true; - domain = "logs.${config.custom.services.tailscale.domain}"; - }; - - caddy.virtualHosts = - let - inherit (config.custom) services; - in - { - gatus = { - inherit (services.gatus) domain port; - }; - ntfy = { - inherit (services.ntfy) domain port; - }; - grafana = { - inherit (services.grafana) domain port; - }; - victorialogs = { - inherit (services.victorialogs) domain port; + gatus = { + enable = true; + domain = "status.${tailscaleDomain}"; + domainsToMonitor = config.meta.domains.globalList; + endpoints = { + "alerts" = { + group = "Monitoring"; + path = "/v1/health"; + extraConditions = [ "[BODY].healthy == true" ]; + }; + "grafana".group = "Monitoring"; + "logs".group = "Monitoring"; + "git ssh" = { + protocol = "ssh"; + domain = "git.sstork.dev"; + }; + "speedtest".protocol = "http"; }; }; - }; + + ntfy = { + enable = true; + domain = "alerts.${tailscaleDomain}"; + }; + + grafana = { + enable = true; + domain = "grafana.${tailscaleDomain}"; + }; + + victorialogs = { + enable = true; + domain = "logs.${tailscaleDomain}"; + }; + + caddy.virtualHosts = + let + inherit (config.custom) services; + in + { + gatus = { + inherit (services.gatus) domain port; + }; + ntfy = { + inherit (services.ntfy) domain port; + }; + grafana = { + inherit (services.grafana) domain port; + }; + victorialogs = { + inherit (services.victorialogs) domain port; + }; + }; + }; }; } diff --git a/hosts/srv-private/default.nix b/hosts/srv-private/default.nix index c9cfa81..6a8bd03 100644 --- a/hosts/srv-private/default.nix +++ b/hosts/srv-private/default.nix @@ -15,58 +15,62 @@ boot.loader.systemd-boot.enable = true; - services = { - resolved.enable = true; - tailscale = { - enable = true; - ssh.enable = true; - exitNode.enable = true; - }; - - syncthing = { - enable = true; - isServer = true; - doBackups = true; - deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; - gui.domain = "syncthing.${config.custom.services.tailscale.domain}"; - }; - - filebrowser = { - enable = true; - doBackups = true; - domain = "files.${config.custom.services.tailscale.domain}"; - }; - - radicale = { - enable = true; - doBackups = true; - domain = "calendar.${config.custom.services.tailscale.domain}"; - }; - - actualbudget = { - enable = true; - doBackups = true; - domain = "budget.${config.custom.services.tailscale.domain}"; - }; - - caddy.virtualHosts = - let - inherit (config.custom) services; - in - { - syncthing-gui = { - inherit (services.syncthing.gui) domain port; - }; - filebrowser = { - inherit (services.filebrowser) domain port; - }; - radicale = { - inherit (services.radicale) domain port; - }; - actualbudget = { - inherit (services.actualbudget) domain port; - }; + services = + let + tailscaleDomain = config.custom.services.tailscale.domain; + in + { + resolved.enable = true; + tailscale = { + enable = true; + ssh.enable = true; + exitNode.enable = true; }; - }; + + syncthing = { + enable = true; + isServer = true; + doBackups = true; + deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD"; + gui.domain = "syncthing.${tailscaleDomain}"; + }; + + filebrowser = { + enable = true; + doBackups = true; + domain = "files.${tailscaleDomain}"; + }; + + radicale = { + enable = true; + doBackups = true; + domain = "calendar.${tailscaleDomain}"; + }; + + actualbudget = { + enable = true; + doBackups = true; + domain = "budget.${tailscaleDomain}"; + }; + + caddy.virtualHosts = + let + inherit (config.custom) services; + in + { + syncthing-gui = { + inherit (services.syncthing.gui) domain port; + }; + filebrowser = { + inherit (services.filebrowser) domain port; + }; + radicale = { + inherit (services.radicale) domain port; + }; + actualbudget = { + inherit (services.actualbudget) domain port; + }; + }; + }; }; } diff --git a/hosts/srv-public/default.nix b/hosts/srv-public/default.nix index 3a8392b..cf42727 100644 --- a/hosts/srv-public/default.nix +++ b/hosts/srv-public/default.nix @@ -15,94 +15,98 @@ boot.loader.grub.enable = true; - services = { - resolved.enable = true; - tailscale = { - enable = true; - ssh.enable = true; - }; - - crowdsec = { - enable = true; - sources = { - iptables = true; - sshd = true; - caddy = true; + services = + let + sproutedDomain = "sprouted.cloud"; + in + { + resolved.enable = true; + tailscale = { + enable = true; + ssh.enable = true; }; - bouncers.firewall = true; - }; - forgejo = { - enable = true; - doBackups = true; - domain = "git.sstork.dev"; - ssh.enable = true; - }; - - hedgedoc = { - enable = true; - doBackups = true; - domain = "docs.sprouted.cloud"; - }; - - outline = { - enable = true; - domain = "outline.sprouted.cloud"; - }; - - it-tools = { - enable = true; - domain = "tools.sprouted.cloud"; - }; - - stirling-pdf = { - enable = true; - domain = "pdf.sprouted.cloud"; - }; - - privatebin = { - enable = true; - domain = "pastebin.sprouted.cloud"; - }; - - openspeedtest = { - enable = true; - domain = "speedtest.sprouted.cloud"; - }; - - caddy.virtualHosts = - let - inherit (config.custom) services; - in - { - forgejo = { - inherit (services.forgejo) domain port; - }; - hedgedoc = { - inherit (services.hedgedoc) domain port; - }; - outline = { - inherit (services.outline) domain port; - }; - it-tools = { - inherit (services.it-tools) domain port; - }; - stirling-pdf = { - inherit (services.stirling-pdf) domain port; - }; - privatebin = { - inherit (services.privatebin) domain port; - }; - openspeedtest = { - inherit (services.openspeedtest) domain port; - tls = false; - extraReverseProxyConfig = '' - request_buffers 35MiB - response_buffers 35MiB - flush_interval -1 - ''; + crowdsec = { + enable = true; + sources = { + iptables = true; + sshd = true; + caddy = true; }; + bouncers.firewall = true; }; - }; + + forgejo = { + enable = true; + doBackups = true; + domain = "git.sstork.dev"; + ssh.enable = true; + }; + + hedgedoc = { + enable = true; + doBackups = true; + domain = "docs.${sproutedDomain}"; + }; + + outline = { + enable = true; + domain = "outline.${sproutedDomain}"; + }; + + it-tools = { + enable = true; + domain = "tools.${sproutedDomain}"; + }; + + stirling-pdf = { + enable = true; + domain = "pdf.${sproutedDomain}"; + }; + + privatebin = { + enable = true; + domain = "pastebin.${sproutedDomain}"; + }; + + openspeedtest = { + enable = true; + domain = "speedtest.${sproutedDomain}"; + }; + + caddy.virtualHosts = + let + inherit (config.custom) services; + in + { + forgejo = { + inherit (services.forgejo) domain port; + }; + hedgedoc = { + inherit (services.hedgedoc) domain port; + }; + outline = { + inherit (services.outline) domain port; + }; + it-tools = { + inherit (services.it-tools) domain port; + }; + stirling-pdf = { + inherit (services.stirling-pdf) domain port; + }; + privatebin = { + inherit (services.privatebin) domain port; + }; + openspeedtest = { + inherit (services.openspeedtest) domain port; + tls = false; + extraReverseProxyConfig = '' + request_buffers 35MiB + response_buffers 35MiB + flush_interval -1 + ''; + }; + }; + }; }; }