hosts: reduce repition with let bindings
replaces (most) values that are repeatedly used w/ a let binding so they can be updated from one place.
This commit is contained in:
parent
2e1655a890
commit
ccd69ee47e
11 changed files with 180 additions and 152 deletions
|
@ -103,36 +103,38 @@
|
|||
};
|
||||
customDNS = {
|
||||
customTTL = "1h";
|
||||
mapping = {
|
||||
mapping = let
|
||||
yukiIp = "192.168.1.98";
|
||||
in {
|
||||
# infra
|
||||
|
||||
"truenas.internal.flake.sh" = "192.168.1.199";
|
||||
"hass.internal.flake.sh" = "192.168.1.98";
|
||||
"dashboard.internal.flake.sh" = "192.168.1.98";
|
||||
"hass.internal.flake.sh" = "${yukiIp}";
|
||||
"dashboard.internal.flake.sh" = "${yukiIp}";
|
||||
"udm.internal.flake.sh" = "192.168.1.1";
|
||||
"pve.internal.flake.sh" = "192.168.1.37";
|
||||
"pbs.internal.flake.sh" = "192.168.1.38";
|
||||
|
||||
# media
|
||||
|
||||
"jellyfin.internal.flake.sh" = "192.168.1.98";
|
||||
"jellyseerr.internal.flake.sh" = "192.168.1.98";
|
||||
"sonarr.internal.flake.sh" = "192.168.1.98";
|
||||
"radarr.internal.flake.sh" = "192.168.1.98";
|
||||
"readarr.internal.flake.sh" = "192.168.1.98";
|
||||
"lidarr.internal.flake.sh" = "192.168.1.98";
|
||||
"whisparr.internal.flake.sh" = "192.168.1.98";
|
||||
"bazarr.internal.flake.sh" = "192.168.1.98";
|
||||
"prowlarr.internal.flake.sh" = "192.168.1.98";
|
||||
"stash.internal.flake.sh" = "192.168.1.98";
|
||||
"jellyfin.internal.flake.sh" = "${yukiIp}";
|
||||
"jellyseerr.internal.flake.sh" = "${yukiIp}";
|
||||
"sonarr.internal.flake.sh" = "${yukiIp}";
|
||||
"radarr.internal.flake.sh" = "${yukiIp}";
|
||||
"readarr.internal.flake.sh" = "${yukiIp}";
|
||||
"lidarr.internal.flake.sh" = "${yukiIp}";
|
||||
"whisparr.internal.flake.sh" = "${yukiIp}";
|
||||
"bazarr.internal.flake.sh" = "${yukiIp}";
|
||||
"prowlarr.internal.flake.sh" = "${yukiIp}";
|
||||
"stash.internal.flake.sh" = "${yukiIp}";
|
||||
"nextcloud.internal.flake.sh" = "192.168.1.199";
|
||||
|
||||
# misc
|
||||
|
||||
"wallos.internal.flake.sh" = "192.168.1.98";
|
||||
"wallos.internal.flake.sh" = "${yukiIp}";
|
||||
"synology.internal.flake.sh" = "192.168.1.71";
|
||||
"paperless.internal.flake.sh" = "192.168.1.98";
|
||||
"rss.internal.flake.sh" = "192.168.1.98";
|
||||
"paperless.internal.flake.sh" = "${yukiIp}";
|
||||
"rss.internal.flake.sh" = "${yukiIp}";
|
||||
};
|
||||
};
|
||||
redis = {
|
||||
|
|
|
@ -13,13 +13,15 @@
|
|||
mode = "0600";
|
||||
restartUnits = ["minio.service"];
|
||||
};
|
||||
services.minio = {
|
||||
services.minio = let
|
||||
dataDir = "/var/lib/slab/minio";
|
||||
in {
|
||||
enable = true;
|
||||
region = "us-east-1";
|
||||
consoleAddress = "0.0.0.0:9006";
|
||||
listenAddress = "0.0.0.0:9005";
|
||||
rootCredentialsFile = config.sops.secrets.minio.path;
|
||||
dataDir = ["/var/lib/slab/minio/data"];
|
||||
configDir = "/var/lib/slab/minio/config";
|
||||
dataDir = ["${dataDir}/data"];
|
||||
configDir = "${dataDir}/config";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,16 +8,18 @@
|
|||
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
|
||||
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
|
||||
};
|
||||
settings = {
|
||||
settings = let
|
||||
pqdn = "notohh.dev";
|
||||
in {
|
||||
log.level = "debug";
|
||||
theme = "dark";
|
||||
default_2fa_method = "totp";
|
||||
default_redirection_url = "https://passport.notohh.dev/";
|
||||
default_redirection_url = "https://passport.${pqdn}/";
|
||||
authentication_backend = {
|
||||
file.path = "/var/lib/authelia-default/user.yml";
|
||||
};
|
||||
session = {
|
||||
domain = "notohh.dev";
|
||||
domain = pqdn;
|
||||
expiration = 3600;
|
||||
inactivity = 300;
|
||||
};
|
||||
|
@ -38,7 +40,7 @@
|
|||
default_policy = "deny";
|
||||
rules = [
|
||||
{
|
||||
domain = "notohh.dev";
|
||||
domain = pqdn;
|
||||
policy = "bypass";
|
||||
}
|
||||
];
|
||||
|
@ -51,13 +53,15 @@
|
|||
notifier.filesystem = {
|
||||
filename = "/var/lib/authelia-default/notif.txt";
|
||||
};
|
||||
storage.postgres = {
|
||||
storage.postgres = let
|
||||
dbInfo = "authelia";
|
||||
in {
|
||||
host = "192.168.1.211";
|
||||
port = 5432;
|
||||
database = "authelia";
|
||||
database = dbInfo;
|
||||
schema = "public";
|
||||
username = "authelia";
|
||||
password = "authelia";
|
||||
username = dbInfo;
|
||||
password = dbInfo;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,7 +2,11 @@
|
|||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
}: let
|
||||
sshPort = 2222;
|
||||
dbHost = "192.168.1.211";
|
||||
dbLogin = "forgejo";
|
||||
in {
|
||||
sops.secrets.smtp2go-pwd = {owner = "forgejo";};
|
||||
networking.firewall.allowedTCPPorts = [2222];
|
||||
services.forgejo = {
|
||||
|
@ -27,8 +31,8 @@
|
|||
LANDING_PAGE = "/explore/repos";
|
||||
START_SSH_SERVER = true;
|
||||
SSH_DOMAIN = "git.flake.sh";
|
||||
SSH_PORT = 2222;
|
||||
SSH_LISTEN_PORT = 2222;
|
||||
SSH_PORT = sshPort;
|
||||
SSH_LISTEN_PORT = sshPort;
|
||||
SSH_LISTEN_HOST = "100.121.201.47";
|
||||
};
|
||||
session = {
|
||||
|
@ -39,15 +43,15 @@
|
|||
};
|
||||
database = {
|
||||
DB_TYPE = lib.mkForce "postgres";
|
||||
HOST = "192.168.1.211:5432";
|
||||
NAME = "forgejo";
|
||||
USER = "forgejo";
|
||||
PASSWD = "forgejo";
|
||||
HOST = "${dbHost}:5432";
|
||||
NAME = dbLogin;
|
||||
USER = dbLogin;
|
||||
PASSWD = dbLogin;
|
||||
};
|
||||
cache = {
|
||||
ENABLED = true;
|
||||
ADAPTER = lib.mkForce "redis";
|
||||
HOST = "redis://:forgejo@100.94.214.100:6379";
|
||||
HOST = "redis://:forgejo@${dbHost}:6379";
|
||||
};
|
||||
metrics = {
|
||||
ENABLED = true;
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
_: {
|
||||
_: let
|
||||
prometheusPort = "9090";
|
||||
dbLogin = "grafana";
|
||||
in {
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -17,8 +20,8 @@ _: {
|
|||
database = {
|
||||
type = "postgres";
|
||||
host = "192.168.1.211:5432";
|
||||
name = "grafana";
|
||||
user = "grafana";
|
||||
name = dbLogin;
|
||||
user = dbLogin;
|
||||
ssl_mode = "disable";
|
||||
};
|
||||
panels = {
|
||||
|
@ -32,49 +35,49 @@ _: {
|
|||
{
|
||||
name = "Prometheus";
|
||||
type = "prometheus";
|
||||
url = "http://localhost:9090";
|
||||
url = "http://localhost:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-kariru";
|
||||
type = "prometheus";
|
||||
url = "http://100.126.229.95:9090";
|
||||
url = "http://100.126.229.95:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-yuki";
|
||||
type = "prometheus";
|
||||
url = "http://100.108.113.89:9090";
|
||||
url = "http://100.108.113.89:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-arashi";
|
||||
type = "prometheus";
|
||||
url = "http://100.94.214.100:9090";
|
||||
url = "http://100.94.214.100:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-sora";
|
||||
type = "prometheus";
|
||||
url = "http://100.104.42.96:9090";
|
||||
url = "http://100.104.42.96:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-tsuru";
|
||||
type = "prometheus";
|
||||
url = "http://100.82.146.40:9090";
|
||||
url = "http://100.82.146.40:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-kaze";
|
||||
type = "prometheus";
|
||||
url = "http://100.69.79.81:9090";
|
||||
url = "http://100.69.79.81:${prometheusPort}";
|
||||
orgId = 1;
|
||||
}
|
||||
{
|
||||
name = "Prometheus-haru";
|
||||
type = "prometheus";
|
||||
url = "http://100.73.192.45:9090";
|
||||
url = "http://100.73.192.45:${prometheusPort}";
|
||||
orgId = 1;
|
||||
jsonData = {
|
||||
graphiteVersion = "1.1";
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
networking.firewall.allowedTCPPorts = [8888];
|
||||
services.atuin = {
|
||||
enable = true;
|
||||
openRegistration = true;
|
||||
openRegistration = false;
|
||||
openFirewall = true;
|
||||
host = "100.104.42.96";
|
||||
port = 8888;
|
||||
|
|
|
@ -14,6 +14,6 @@
|
|||
# ./terraria.nix
|
||||
# ./factorio.nix
|
||||
# ./minecraft.nix
|
||||
./foundryvtt.nix
|
||||
# ./foundryvtt.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -47,26 +47,14 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
routers = {
|
||||
routers = let
|
||||
pqdn = "flake.sh";
|
||||
in {
|
||||
api = {
|
||||
rule = "PathPrefix(`/api/`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "api@internal";
|
||||
};
|
||||
uptime-kuma = {
|
||||
rule = "Host(`status.flake.sh`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "uptime-kuma";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
conduit = {
|
||||
rule = "Host(`matrix.flake.sh`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "conduit";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
authelia = {
|
||||
rule = "Host(`passport.notohh.dev`)";
|
||||
entrypoints = ["websecure"];
|
||||
|
@ -74,112 +62,132 @@
|
|||
tls.domains = [{main = "*.notohh.dev";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
uptime-kuma = {
|
||||
rule = "Host(`status.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "uptime-kuma";
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
conduit = {
|
||||
rule = "Host(`matrix.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "conduit";
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
foundryvtt = {
|
||||
rule = "Host(`foundry.flake.sh`)";
|
||||
rule = "Host(`foundry.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "foundryvtt";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
forgejo = {
|
||||
rule = "Host(`git.flake.sh`)";
|
||||
rule = "Host(`git.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "forgejo";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
middlewares = "cors";
|
||||
};
|
||||
rustypaste = {
|
||||
rule = "Host(`i.flake.sh`)";
|
||||
rule = "Host(`i.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "rustypaste";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
grafana = {
|
||||
rule = "Host(`metrics.flake.sh`)";
|
||||
rule = "Host(`metrics.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "grafana";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
hedgedoc = {
|
||||
rule = "Host(`scratch.flake.sh`)";
|
||||
rule = "Host(`scratch.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "hedgedoc";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
vaultwarden = {
|
||||
rule = "Host(`vault.flake.sh`)";
|
||||
rule = "Host(`vault.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "vaultwarden";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
neko = {
|
||||
rule = "Host(`neko.flake.sh`)";
|
||||
rule = "Host(`neko.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "neko";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
justlog = {
|
||||
rule = "Host(`logs.flake.sh`)";
|
||||
rule = "Host(`logs.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "justlog";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
ntfy = {
|
||||
rule = "Host(`ntfy.flake.sh`)";
|
||||
rule = "Host(`ntfy.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "ntfy-sh";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
attic = {
|
||||
rule = "Host(`cache.flake.sh`)";
|
||||
rule = "Host(`cache.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "attic";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
minio = {
|
||||
rule = "Host(`s3.flake.sh`)";
|
||||
rule = "Host(`s3.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "minio";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
middlewares = "cors-allow-all";
|
||||
};
|
||||
woodpecker = {
|
||||
rule = "Host(`ci.flake.sh`)";
|
||||
rule = "Host(`ci.${pqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "woodpecker";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.domains = [{main = "*.${pqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
};
|
||||
services = {
|
||||
forgejo.loadBalancer = {
|
||||
passHostHeader = true;
|
||||
servers = [{url = "http://100.121.201.47:3200";}];
|
||||
};
|
||||
uptime-kuma.loadBalancer.servers = [{url = "http://100.104.42.96:4000";}];
|
||||
conduit.loadBalancer.servers = [{url = "http://100.121.201.47:6167";}];
|
||||
authelia.loadBalancer.servers = [{url = "http://100.121.201.47:9091";}];
|
||||
foundryvtt.loadBalancer.servers = [{url = "http://100.104.42.96:30000";}];
|
||||
rustypaste.loadBalancer.servers = [{url = "http://100.121.201.47:8000";}];
|
||||
grafana.loadBalancer.servers = [{url = "http://100.121.201.47:3100";}];
|
||||
hedgedoc.loadBalancer.servers = [{url = "http://100.121.201.47:3300";}];
|
||||
vaultwarden.loadBalancer.servers = [{url = "http://100.121.201.47:8222";}];
|
||||
searxng.loadBalancer.servers = [{url = "http://100.121.201.47:8100";}];
|
||||
neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
|
||||
justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
|
||||
ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}];
|
||||
attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}];
|
||||
services = let
|
||||
sakuraIp = "100.121.201.47:";
|
||||
soraIp = "100.104.42.96:";
|
||||
in {
|
||||
# sora
|
||||
uptime-kuma.loadBalancer.servers = [{url = "http://${soraIp}4000";}];
|
||||
foundryvtt.loadBalancer.servers = [{url = "http://${soraIp}30000";}];
|
||||
ntfy-sh.loadBalancer.servers = [{url = "http://${soraIp}8090";}];
|
||||
attic.loadBalancer.servers = [{url = "http://${soraIp}8200";}];
|
||||
|
||||
# sakura
|
||||
forgejo.loadBalancer.servers = [{url = "http://${sakuraIp}3200";}];
|
||||
conduit.loadBalancer.servers = [{url = "http://${sakuraIp}6167";}];
|
||||
authelia.loadBalancer.servers = [{url = "http://${sakuraIp}9091";}];
|
||||
rustypaste.loadBalancer.servers = [{url = "http://${sakuraIp}8000";}];
|
||||
grafana.loadBalancer.servers = [{url = "http://${sakuraIp}3100";}];
|
||||
hedgedoc.loadBalancer.servers = [{url = "http://${sakuraIp}3300";}];
|
||||
vaultwarden.loadBalancer.servers = [{url = "http://${sakuraIp}8222";}];
|
||||
searxng.loadBalancer.servers = [{url = "http://${sakuraIp}8100";}];
|
||||
justlog.loadBalancer.servers = [{url = "http://${sakuraIp}8025";}];
|
||||
|
||||
# kaze
|
||||
minio.loadBalancer.servers = [{url = "http://100.69.79.81:9005";}];
|
||||
|
||||
# tsuru
|
||||
woodpecker.loadBalancer.servers = [{url = "http://100.82.146.40:8200";}];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
distrobox
|
||||
vscode-fhs
|
||||
obsidian-wayland
|
||||
supersonic-wayland
|
||||
jellyfin-mpv-shim
|
||||
virt-manager
|
||||
imv
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
_: {
|
||||
_: let
|
||||
storagePath = "/home/notoh/docker/stash";
|
||||
in {
|
||||
virtualisation.oci-containers.containers.stash = {
|
||||
image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; # v0.24.3
|
||||
ports = ["9999:9999"];
|
||||
|
@ -11,12 +13,12 @@ _: {
|
|||
};
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"/home/notoh/docker/stash/.config:/root/.stash"
|
||||
"/home/notoh/docker/stash/data:/data"
|
||||
"/home/notoh/docker/stash/.metadata:/metadata"
|
||||
"/home/notoh/docker/stash/cache:/cache"
|
||||
"/home/notoh/docker/stash/generated:/generated"
|
||||
"/home/notoh/docker/stash/blobs:/blobs"
|
||||
"${storagePath}/.config:/root/.stash"
|
||||
"${storagePath}/data:/data"
|
||||
"${storagePath}/.metadata:/metadata"
|
||||
"${storagePath}/cache:/cache"
|
||||
"${storagePath}/generated:/generated"
|
||||
"${storagePath}/blobs:/blobs"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -13,7 +13,9 @@
|
|||
enable = true;
|
||||
dynamicConfigOptions = {
|
||||
http = {
|
||||
routers = {
|
||||
routers = let
|
||||
fqdn = "internal.flake.sh";
|
||||
in {
|
||||
# local
|
||||
api = {
|
||||
rule = "PathPrefix(`/api/`)";
|
||||
|
@ -21,113 +23,115 @@
|
|||
service = "api@internal";
|
||||
};
|
||||
homepage = {
|
||||
rule = "Host(`dashboard.internal.flake.sh`)";
|
||||
rule = "Host(`dashboard.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "homepage";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
stash = {
|
||||
rule = "Host(`stash.internal.flake.sh`)";
|
||||
rule = "Host(`stash.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "stash";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
jellyfin = {
|
||||
rule = "Host(`jellyfin.internal.flake.sh`)";
|
||||
rule = "Host(`jellyfin.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "jellyfin";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
jellyseerr = {
|
||||
rule = "Host(`jellyseerr.internal.flake.sh`)";
|
||||
rule = "Host(`jellyseerr.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "jellyseerr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
wallos = {
|
||||
rule = "Host(`wallos.internal.flake.sh`)";
|
||||
rule = "Host(`wallos.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "wallos";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
hass = {
|
||||
rule = "Host(`hass.internal.flake.sh`)";
|
||||
rule = "Host(`hass.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "hass";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
paperless = {
|
||||
rule = "Host(`paperless.internal.flake.sh`)";
|
||||
rule = "Host(`paperless.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "paperless";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
miniflux = {
|
||||
rule = "Host(`rss.internal.flake.sh`)";
|
||||
rule = "Host(`rss.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "miniflux";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
# kariru
|
||||
sonarr = {
|
||||
rule = "Host(`sonarr.internal.flake.sh`)";
|
||||
rule = "Host(`sonarr.${fqdn}`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "sonarr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
radarr = {
|
||||
rule = "Host(`radarr.internal.flake.sh`)";
|
||||
rule = "Host(`radarr.${fqdn}`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "radarr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
readarr = {
|
||||
rule = "Host(`readarr.internal.flake.sh`)";
|
||||
rule = "Host(`readarr.${fqdn}`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "readarr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
lidarr = {
|
||||
rule = "Host(`lidarr.internal.flake.sh`)";
|
||||
rule = "Host(`lidarr.${fqdn}`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "lidarr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
bazarr = {
|
||||
rule = "Host(`bazarr.internal.flake.sh`)";
|
||||
rule = "Host(`bazarr.${fqdn}`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "bazarr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
whisparr = {
|
||||
rule = "Host(`whisparr.internal.flake.sh`)";
|
||||
rule = "Host(`whisparr.${fqdn}`)";
|
||||
entryPoints = ["websecure"];
|
||||
service = "whisparr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
prowlarr = {
|
||||
rule = "Host(`prowlarr.internal.flake.sh`)";
|
||||
rule = "Host(`prowlarr.${fqdn}`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "prowlarr";
|
||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
||||
tls.domains = [{main = "*.${fqdn}";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
};
|
||||
services = {
|
||||
services = let
|
||||
kariruHost = "192.168.1.54:";
|
||||
in {
|
||||
# local
|
||||
stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
|
||||
homepage.loadBalancer.servers = [{url = "http://localhost:7676";}];
|
||||
|
@ -138,13 +142,13 @@
|
|||
paperless.loadBalancer.servers = [{url = "http://localhost:28981";}];
|
||||
miniflux.loadBalancer.servers = [{url = "http://localhost:9000";}];
|
||||
# kariru
|
||||
sonarr.loadBalancer.servers = [{url = "http://192.168.1.54:8989";}];
|
||||
radarr.loadBalancer.servers = [{url = "http://192.168.1.54:7878";}];
|
||||
readarr.loadBalancer.servers = [{url = "http://192.168.1.54:8787";}];
|
||||
lidarr.loadBalancer.servers = [{url = "http://192.168.1.54:8686";}];
|
||||
bazarr.loadBalancer.servers = [{url = "http://192.168.1.54:6767";}];
|
||||
whisparr.loadBalancer.servers = [{url = "http://192.168.1.54:6969";}];
|
||||
prowlarr.loadBalancer.servers = [{url = "http://192.168.1.54:9696";}];
|
||||
sonarr.loadBalancer.servers = [{url = "http://${kariruHost}8989";}];
|
||||
radarr.loadBalancer.servers = [{url = "http://${kariruHost}7878";}];
|
||||
readarr.loadBalancer.servers = [{url = "http://${kariruHost}8787";}];
|
||||
lidarr.loadBalancer.servers = [{url = "http://${kariruHost}8686";}];
|
||||
bazarr.loadBalancer.servers = [{url = "http://${kariruHost}6767";}];
|
||||
whisparr.loadBalancer.servers = [{url = "http://${kariruHost}6969";}];
|
||||
prowlarr.loadBalancer.servers = [{url = "http://${kariruHost}9696";}];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue