SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 17:31:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:92d61afc401500944a81385dcdb4a7ba2e45f1c2
Branches Tags
SebastianStork:main
SebastianStork:develop
..
compare: SebastianStork:7b8435a5553ff7b4fe1a33052f14b67f78f19572
Branches Tags
SebastianStork:main
SebastianStork:develop

No commits in common. "92d61afc401500944a81385dcdb4a7ba2e45f1c2" and "7b8435a5553ff7b4fe1a33052f14b67f78f19572" have entirely different histories.
92d61afc40 ... 7b8435a555

6 changed files with 79 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/vps-monitor/default.nix
View file

@ -40,14 +40,6 @@
nebula.enable = true; nebula.enable = true;
sshd.enable = true; sshd.enable = true;
dns.enable = true; dns.enable = true;
caddy.virtualHosts."alerts.sprouted.cloud" = {
inherit (config.custom.web-services.ntfy) port;
extraConfig = ''
@putpost method PUT POST
respond @putpost "Access denied" 403 { close }
'';
};
}; };
web-services = web-services =
@ -67,7 +59,7 @@
ntfy = { ntfy = {
enable = true; enable = true;
domain = "alerts.${privateDomain}"; domain = "alerts.sprouted.cloud";
}; };
grafana = { grafana = {

149
hosts/vps-public/default.nix
View file

@ -13,90 +13,77 @@
ports.validate = true; ports.validate = true;
}; };
custom = custom = {
let persistence.enable = true;
sproutedDomain = "sprouted.cloud";
in
{
persistence.enable = true;
sops.enable = true; sops.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
networking = { networking = {
overlay.address = "10.254.250.4"; overlay.address = "10.254.250.4";
underlay = { underlay = {
interface = "enp1s0"; interface = "enp1s0";
address = "167.235.73.246"; address = "167.235.73.246";
isPublic = true; isPublic = true;
};
isServer = true;
}; };
isServer = true;
services = {
gc = {
enable = true;
onlyCleanRoots = true;
};
nebula.enable = true;
sshd.enable = true;
caddy.virtualHosts."dav.${sproutedDomain}" = {
inherit (config.custom.web-services.radicale) port;
extraConfig = ''
respond /.web/ "Access denied" 403 {
close
}
'';
};
};
web-services =
let
privateDomain = config.custom.networking.overlay.domain;
sstorkDomain = "sstork.dev";
in
{
personal-blog = {
enable = true;
domain = sstorkDomain;
};
forgejo = {
enable = true;
domain = "git.${sstorkDomain}";
doBackups = true;
};
outline = {
enable = true;
domain = "wiki.${sproutedDomain}";
doBackups = true;
};
it-tools = {
enable = true;
domain = "tools.${sproutedDomain}";
};
privatebin = {
enable = true;
domain = "pastebin.${sproutedDomain}";
branding.name = "SproutedBin";
};
radicale = {
enable = true;
domain = "dav.${privateDomain}";
doBackups = true;
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${privateDomain}";
};
};
}; };
services = {
gc = {
enable = true;
onlyCleanRoots = true;
};
nebula.enable = true;
sshd.enable = true;
};
web-services =
let
sstorkDomain = "sstork.dev";
sproutedDomain = "sprouted.cloud";
in
{
personal-blog = {
enable = true;
domain = sstorkDomain;
};
forgejo = {
enable = true;
domain = "git.${sstorkDomain}";
doBackups = true;
};
outline = {
enable = true;
domain = "wiki.${sproutedDomain}";
doBackups = true;
};
it-tools = {
enable = true;
domain = "tools.${sproutedDomain}";
};
privatebin = {
enable = true;
domain = "pastebin.${sproutedDomain}";
branding.name = "SproutedBin";
};
radicale = {
enable = true;
domain = "dav.${sproutedDomain}";
doBackups = true;
};
alloy = {
enable = true;
domain = "alloy.${config.networking.hostName}.${config.custom.networking.overlay.domain}";
};
};
};
} }

15
modules/system/networking.nix
View file

@ -21,15 +21,18 @@ in
overlay = { overlay = {
networkAddress = lib.mkOption { networkAddress = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "10.254.250.0";
readOnly = true;
}; };
prefixLength = lib.mkOption { prefixLength = lib.mkOption {
type = lib.types.nullOr (lib.types.ints.between 0 32); type = lib.types.ints.between 0 32;
default = null; default = 24;
readOnly = true;
}; };
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "splitleaf.de";
readOnly = true;
}; };
address = lib.mkOption { address = lib.mkOption {
@ -38,11 +41,11 @@ in
}; };
interface = lib.mkOption { interface = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "nebula";
}; };
systemdUnit = lib.mkOption { systemdUnit = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = ""; default = "nebula@mesh.service";
}; };
dnsServers = lib.mkOption { dnsServers = lib.mkOption {

6
modules/system/services/caddy.nix
View file

@ -23,7 +23,6 @@ let
domain, domain,
port, port,
files, files,
extraConfig,
... ...
}: }:
lib.nameValuePair domain { lib.nameValuePair domain {
@ -44,7 +43,6 @@ let
encode encode
file_server file_server
'') '')
(lib.optionalString (extraConfig != null) extraConfig)
]; ];
}; };
in in
@ -75,10 +73,6 @@ in
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
}; };
extraConfig = lib.mkOption {
type = lib.types.nullOr lib.types.lines;
default = null;
};
}; };
} }
) )

8
modules/system/services/nebula/default.nix
View file

@ -30,14 +30,6 @@ in
message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable."; message = "'${netCfg.hostname}' is a Nebula lighthouse, but underlay.isPublic is not set. Lighthouses must be publicly reachable.";
}; };
custom.networking.overlay = {
networkAddress = "10.254.250.0";
prefixLength = 24;
domain = "splitleaf.de";
interface = "nebula";
systemdUnit = "nebula@mesh.service";
};
meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort; meta.ports.udp = lib.optional netCfg.underlay.isPublic publicPort;
sops.secrets."nebula/host-key" = { sops.secrets."nebula/host-key" = {

2
modules/system/web-services/gatus.nix
View file

@ -113,7 +113,7 @@ in
connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS
alerting.ntfy = { alerting.ntfy = {
topic = "uptime"; topic = "uptime";
url = "https://alerts.${config.custom.networking.overlay.domain}"; url = "https://alerts.sprouted.cloud";
click = "https://${cfg.domain}"; click = "https://${cfg.domain}";
default-alert = { default-alert = {
enable = true; enable = true;