diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix index f4d95e4..a86ae4f 100644 --- a/hosts/vps-monitor/default.nix +++ b/hosts/vps-monitor/default.nix @@ -40,14 +40,6 @@ nebula.enable = true; sshd.enable = true; dns.enable = true; - - caddy.virtualHosts."alerts.sprouted.cloud" = { - inherit (config.custom.web-services.ntfy) port; - extraConfig = '' - @putpost method PUT POST - respond @putpost "Access denied" 403 { close } - ''; - }; }; web-services = @@ -67,7 +59,7 @@ ntfy = { enable = true; - domain = "alerts.${privateDomain}"; + domain = "alerts.sprouted.cloud"; }; grafana = { diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix index bbbfa13..329e0e3 100644 --- a/hosts/vps-public/default.nix +++ b/hosts/vps-public/default.nix @@ -13,90 +13,77 @@ ports.validate = true; }; - custom = - let - sproutedDomain = "sprouted.cloud"; - in - { - persistence.enable = true; + custom = { + persistence.enable = true; - sops.enable = true; + sops.enable = true; - boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.enable = true; - networking = { - overlay.address = "10.254.250.4"; - underlay = { - interface = "enp1s0"; - address = "167.235.73.246"; - isPublic = true; - }; - isServer = true; + networking = { + overlay.address = "10.254.250.4"; + underlay = { + interface = "enp1s0"; + address = "167.235.73.246"; + isPublic = true; }; - - services = { - gc = { - enable = true; - onlyCleanRoots = true; - }; - - nebula.enable = true; - sshd.enable = true; - - caddy.virtualHosts."dav.${sproutedDomain}" = { - inherit (config.custom.web-services.radicale) port; - extraConfig = '' - respond /.web/ "Access denied" 403 { - close - } - ''; - }; - }; - - web-services = - let - privateDomain = config.custom.networking.overlay.domain; - sstorkDomain = "sstork.dev"; - in - { - personal-blog = { - enable = true; - domain = sstorkDomain; - }; - - forgejo = { - enable = true; - domain = "git.${sstorkDomain}"; - doBackups = true; - }; - - outline = { - enable = true; - domain = "wiki.${sproutedDomain}"; - doBackups = true; - }; - - it-tools = { - enable = true; - domain = "tools.${sproutedDomain}"; - }; - - privatebin = { - enable = true; - domain = "pastebin.${sproutedDomain}"; - branding.name = "SproutedBin"; - }; - - radicale = { - enable = true; - domain = "dav.${privateDomain}"; - doBackups = true; - }; - - alloy = { - enable = true; - domain = "alloy.${config.networking.hostName}.${privateDomain}"; - }; - }; + isServer = true; }; + + services = { + gc = { + enable = true; + onlyCleanRoots = true; + }; + + nebula.enable = true; + sshd.enable = true; + }; + + web-services = + let + sstorkDomain = "sstork.dev"; + sproutedDomain = "sprouted.cloud"; + in + { + personal-blog = { + enable = true; + domain = sstorkDomain; + }; + + forgejo = { + enable = true; + domain = "git.${sstorkDomain}"; + doBackups = true; + }; + + outline = { + enable = true; + domain = "wiki.${sproutedDomain}"; + doBackups = true; + }; + + it-tools = { + enable = true; + domain = "tools.${sproutedDomain}"; + }; + + privatebin = { + enable = true; + domain = "pastebin.${sproutedDomain}"; + branding.name = "SproutedBin"; + }; + + radicale = { + enable = true; + domain = "dav.${sproutedDomain}"; + doBackups = true; + }; + + alloy = { + enable = true; + domain = "alloy.${config.networking.hostName}.${config.custom.networking.overlay.domain}"; + }; + }; + }; } diff --git a/modules/system/networking.nix b/modules/system/networking.nix index 2284e56..bf52aec 100644 --- a/modules/system/networking.nix +++ b/modules/system/networking.nix @@ -21,15 +21,18 @@ in overlay = { networkAddress = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "10.254.250.0"; + readOnly = true; }; prefixLength = lib.mkOption { - type = lib.types.nullOr (lib.types.ints.between 0 32); - default = null; + type = lib.types.ints.between 0 32; + default = 24; + readOnly = true; }; domain = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "splitleaf.de"; + readOnly = true; }; address = lib.mkOption { @@ -38,11 +41,11 @@ in }; interface = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "nebula"; }; systemdUnit = lib.mkOption { type = lib.types.nonEmptyStr; - default = ""; + default = "nebula@mesh.service"; }; dnsServers = lib.mkOption { diff --git a/modules/system/services/caddy.nix b/modules/system/services/caddy.nix index 99f0200..6be5904 100644 --- a/modules/system/services/caddy.nix +++ b/modules/system/services/caddy.nix @@ -23,7 +23,6 @@ let domain, port, files, - extraConfig, ... }: lib.nameValuePair domain { @@ -44,7 +43,6 @@ let encode file_server '') - (lib.optionalString (extraConfig != null) extraConfig) ]; }; in @@ -75,10 +73,6 @@ in type = lib.types.nullOr lib.types.path; default = null; }; - extraConfig = lib.mkOption { - type = lib.types.nullOr lib.types.lines; - default = null; - }; }; } ) diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix index 423f5f6..330c6a3 100644 --- a/modules/system/services/nebula/default.nix +++ b/modules/system/services/nebula/default.nix @@ -30,14 +30,6 @@ in message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable."; }; - custom.networking.overlay = { - networkAddress = "10.254.250.0"; - prefixLength = 24; - domain = "splitleaf.de"; - interface = "nebula"; - systemdUnit = "nebula@mesh.service"; - }; - meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort; sops.secrets."nebula/host-key" = { diff --git a/modules/system/web-services/gatus.nix b/modules/system/web-services/gatus.nix index d8dd96b..12105c6 100644 --- a/modules/system/web-services/gatus.nix +++ b/modules/system/web-services/gatus.nix @@ -113,7 +113,7 @@ in connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS alerting.ntfy = { topic = "uptime"; - url = "https://alerts.${config.custom.networking.overlay.domain}"; + url = "https://alerts.sprouted.cloud"; click = "https://${cfg.domain}"; default-alert = { enable = true;