SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 18:41:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Avoid repitition of domain names

Browse source
This commit is contained in:
SebastianStork 2025-09-19 21:08:19 +02:00
parent cc211d016b
commit 39edb229af
3 changed files with 206 additions and 194 deletions
Download patch file Download diff file Expand all files Collapse all files

118
hosts/srv-monitor/default.nix
View file

@ -17,66 +17,70 @@
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
services = { services =
resolved.enable = true; let
tailscale = { tailscaleDomain = config.custom.services.tailscale.domain;
enable = true; in
ssh.enable = true; {
}; resolved.enable = true;
tailscale = {
gatus = { enable = true;
enable = true; ssh.enable = true;
domain = "status.${config.custom.services.tailscale.domain}";
domainsToMonitor = config.meta.domains.globalList;
endpoints = {
"alerts" = {
group = "Monitoring";
path = "/v1/health";
extraConditions = [ "[BODY].healthy == true" ];
};
"grafana".group = "Monitoring";
"logs".group = "Monitoring";
"git ssh" = {
protocol = "ssh";
domain = "git.sstork.dev";
};
"speedtest".protocol = "http";
}; };
};
ntfy = { gatus = {
enable = true; enable = true;
domain = "alerts.${config.custom.services.tailscale.domain}"; domain = "status.${tailscaleDomain}";
}; domainsToMonitor = config.meta.domains.globalList;
endpoints = {
grafana = { "alerts" = {
enable = true; group = "Monitoring";
domain = "grafana.${config.custom.services.tailscale.domain}"; path = "/v1/health";
}; extraConditions = [ "[BODY].healthy == true" ];
};
victorialogs = { "grafana".group = "Monitoring";
enable = true; "logs".group = "Monitoring";
domain = "logs.${config.custom.services.tailscale.domain}"; "git ssh" = {
}; protocol = "ssh";
domain = "git.sstork.dev";
caddy.virtualHosts = };
let "speedtest".protocol = "http";
inherit (config.custom) services;
in
{
gatus = {
inherit (services.gatus) domain port;
};
ntfy = {
inherit (services.ntfy) domain port;
};
grafana = {
inherit (services.grafana) domain port;
};
victorialogs = {
inherit (services.victorialogs) domain port;
}; };
}; };
};
ntfy = {
enable = true;
domain = "alerts.${tailscaleDomain}";
};
grafana = {
enable = true;
domain = "grafana.${tailscaleDomain}";
};
victorialogs = {
enable = true;
domain = "logs.${tailscaleDomain}";
};
caddy.virtualHosts =
let
inherit (config.custom) services;
in
{
gatus = {
inherit (services.gatus) domain port;
};
ntfy = {
inherit (services.ntfy) domain port;
};
grafana = {
inherit (services.grafana) domain port;
};
victorialogs = {
inherit (services.victorialogs) domain port;
};
};
};
}; };
} }

108
hosts/srv-private/default.nix
View file

@ -15,58 +15,62 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
services = { services =
resolved.enable = true; let
tailscale = { tailscaleDomain = config.custom.services.tailscale.domain;
enable = true; in
ssh.enable = true; {
exitNode.enable = true; resolved.enable = true;
}; tailscale = {
enable = true;
syncthing = { ssh.enable = true;
enable = true; exitNode.enable = true;
isServer = true;
doBackups = true;
deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
gui.domain = "syncthing.${config.custom.services.tailscale.domain}";
};
filebrowser = {
enable = true;
doBackups = true;
domain = "files.${config.custom.services.tailscale.domain}";
};
radicale = {
enable = true;
doBackups = true;
domain = "calendar.${config.custom.services.tailscale.domain}";
};
actualbudget = {
enable = true;
doBackups = true;
domain = "budget.${config.custom.services.tailscale.domain}";
};
caddy.virtualHosts =
let
inherit (config.custom) services;
in
{
syncthing-gui = {
inherit (services.syncthing.gui) domain port;
};
filebrowser = {
inherit (services.filebrowser) domain port;
};
radicale = {
inherit (services.radicale) domain port;
};
actualbudget = {
inherit (services.actualbudget) domain port;
};
}; };
};
syncthing = {
enable = true;
isServer = true;
doBackups = true;
deviceId = "5R2MH7T-Q2ZZS2P-ZMSQ2UJ-B6VBHES-XYLNMZ6-7FYC27L-4P7MGJ2-FY4ITQD";
gui.domain = "syncthing.${tailscaleDomain}";
};
filebrowser = {
enable = true;
doBackups = true;
domain = "files.${tailscaleDomain}";
};
radicale = {
enable = true;
doBackups = true;
domain = "calendar.${tailscaleDomain}";
};
actualbudget = {
enable = true;
doBackups = true;
domain = "budget.${tailscaleDomain}";
};
caddy.virtualHosts =
let
inherit (config.custom) services;
in
{
syncthing-gui = {
inherit (services.syncthing.gui) domain port;
};
filebrowser = {
inherit (services.filebrowser) domain port;
};
radicale = {
inherit (services.radicale) domain port;
};
actualbudget = {
inherit (services.actualbudget) domain port;
};
};
};
}; };
} }

174
hosts/srv-public/default.nix
View file

@ -15,94 +15,98 @@
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
services = { services =
resolved.enable = true; let
tailscale = { sproutedDomain = "sprouted.cloud";
enable = true; in
ssh.enable = true; {
}; resolved.enable = true;
tailscale = {
crowdsec = { enable = true;
enable = true; ssh.enable = true;
sources = {
iptables = true;
sshd = true;
caddy = true;
}; };
bouncers.firewall = true;
};
forgejo = { crowdsec = {
enable = true; enable = true;
doBackups = true; sources = {
domain = "git.sstork.dev"; iptables = true;
ssh.enable = true; sshd = true;
}; caddy = true;
hedgedoc = {
enable = true;
doBackups = true;
domain = "docs.sprouted.cloud";
};
outline = {
enable = true;
domain = "outline.sprouted.cloud";
};
it-tools = {
enable = true;
domain = "tools.sprouted.cloud";
};
stirling-pdf = {
enable = true;
domain = "pdf.sprouted.cloud";
};
privatebin = {
enable = true;
domain = "pastebin.sprouted.cloud";
};
openspeedtest = {
enable = true;
domain = "speedtest.sprouted.cloud";
};
caddy.virtualHosts =
let
inherit (config.custom) services;
in
{
forgejo = {
inherit (services.forgejo) domain port;
};
hedgedoc = {
inherit (services.hedgedoc) domain port;
};
outline = {
inherit (services.outline) domain port;
};
it-tools = {
inherit (services.it-tools) domain port;
};
stirling-pdf = {
inherit (services.stirling-pdf) domain port;
};
privatebin = {
inherit (services.privatebin) domain port;
};
openspeedtest = {
inherit (services.openspeedtest) domain port;
tls = false;
extraReverseProxyConfig = ''
request_buffers 35MiB
response_buffers 35MiB
flush_interval -1
'';
}; };
bouncers.firewall = true;
}; };
};
forgejo = {
enable = true;
doBackups = true;
domain = "git.sstork.dev";
ssh.enable = true;
};
hedgedoc = {
enable = true;
doBackups = true;
domain = "docs.${sproutedDomain}";
};
outline = {
enable = true;
domain = "outline.${sproutedDomain}";
};
it-tools = {
enable = true;
domain = "tools.${sproutedDomain}";
};
stirling-pdf = {
enable = true;
domain = "pdf.${sproutedDomain}";
};
privatebin = {
enable = true;
domain = "pastebin.${sproutedDomain}";
};
openspeedtest = {
enable = true;
domain = "speedtest.${sproutedDomain}";
};
caddy.virtualHosts =
let
inherit (config.custom) services;
in
{
forgejo = {
inherit (services.forgejo) domain port;
};
hedgedoc = {
inherit (services.hedgedoc) domain port;
};
outline = {
inherit (services.outline) domain port;
};
it-tools = {
inherit (services.it-tools) domain port;
};
stirling-pdf = {
inherit (services.stirling-pdf) domain port;
};
privatebin = {
inherit (services.privatebin) domain port;
};
openspeedtest = {
inherit (services.openspeedtest) domain port;
tls = false;
extraReverseProxyConfig = ''
request_buffers 35MiB
response_buffers 35MiB
flush_interval -1
'';
};
};
};
}; };
} }