hosts: reduce repition with let bindings

replaces (most) values that are repeatedly used w/ a let binding
so they can be updated from one place.
This commit is contained in:
notohh 2024-02-06 13:40:38 -05:00
parent 2e1655a890
commit ccd69ee47e
Signed by: notohh
GPG key ID: BD47506D475EE86D
11 changed files with 180 additions and 152 deletions

View file

@ -103,36 +103,38 @@
};
customDNS = {
customTTL = "1h";
mapping = {
mapping = let
yukiIp = "192.168.1.98";
in {
# infra
"truenas.internal.flake.sh" = "192.168.1.199";
"hass.internal.flake.sh" = "192.168.1.98";
"dashboard.internal.flake.sh" = "192.168.1.98";
"hass.internal.flake.sh" = "${yukiIp}";
"dashboard.internal.flake.sh" = "${yukiIp}";
"udm.internal.flake.sh" = "192.168.1.1";
"pve.internal.flake.sh" = "192.168.1.37";
"pbs.internal.flake.sh" = "192.168.1.38";
# media
"jellyfin.internal.flake.sh" = "192.168.1.98";
"jellyseerr.internal.flake.sh" = "192.168.1.98";
"sonarr.internal.flake.sh" = "192.168.1.98";
"radarr.internal.flake.sh" = "192.168.1.98";
"readarr.internal.flake.sh" = "192.168.1.98";
"lidarr.internal.flake.sh" = "192.168.1.98";
"whisparr.internal.flake.sh" = "192.168.1.98";
"bazarr.internal.flake.sh" = "192.168.1.98";
"prowlarr.internal.flake.sh" = "192.168.1.98";
"stash.internal.flake.sh" = "192.168.1.98";
"jellyfin.internal.flake.sh" = "${yukiIp}";
"jellyseerr.internal.flake.sh" = "${yukiIp}";
"sonarr.internal.flake.sh" = "${yukiIp}";
"radarr.internal.flake.sh" = "${yukiIp}";
"readarr.internal.flake.sh" = "${yukiIp}";
"lidarr.internal.flake.sh" = "${yukiIp}";
"whisparr.internal.flake.sh" = "${yukiIp}";
"bazarr.internal.flake.sh" = "${yukiIp}";
"prowlarr.internal.flake.sh" = "${yukiIp}";
"stash.internal.flake.sh" = "${yukiIp}";
"nextcloud.internal.flake.sh" = "192.168.1.199";
# misc
"wallos.internal.flake.sh" = "192.168.1.98";
"wallos.internal.flake.sh" = "${yukiIp}";
"synology.internal.flake.sh" = "192.168.1.71";
"paperless.internal.flake.sh" = "192.168.1.98";
"rss.internal.flake.sh" = "192.168.1.98";
"paperless.internal.flake.sh" = "${yukiIp}";
"rss.internal.flake.sh" = "${yukiIp}";
};
};
redis = {

View file

@ -13,13 +13,15 @@
mode = "0600";
restartUnits = ["minio.service"];
};
services.minio = {
services.minio = let
dataDir = "/var/lib/slab/minio";
in {
enable = true;
region = "us-east-1";
consoleAddress = "0.0.0.0:9006";
listenAddress = "0.0.0.0:9005";
rootCredentialsFile = config.sops.secrets.minio.path;
dataDir = ["/var/lib/slab/minio/data"];
configDir = "/var/lib/slab/minio/config";
dataDir = ["${dataDir}/data"];
configDir = "${dataDir}/config";
};
}

View file

@ -8,16 +8,18 @@
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
};
settings = {
settings = let
pqdn = "notohh.dev";
in {
log.level = "debug";
theme = "dark";
default_2fa_method = "totp";
default_redirection_url = "https://passport.notohh.dev/";
default_redirection_url = "https://passport.${pqdn}/";
authentication_backend = {
file.path = "/var/lib/authelia-default/user.yml";
};
session = {
domain = "notohh.dev";
domain = pqdn;
expiration = 3600;
inactivity = 300;
};
@ -38,7 +40,7 @@
default_policy = "deny";
rules = [
{
domain = "notohh.dev";
domain = pqdn;
policy = "bypass";
}
];
@ -51,13 +53,15 @@
notifier.filesystem = {
filename = "/var/lib/authelia-default/notif.txt";
};
storage.postgres = {
storage.postgres = let
dbInfo = "authelia";
in {
host = "192.168.1.211";
port = 5432;
database = "authelia";
database = dbInfo;
schema = "public";
username = "authelia";
password = "authelia";
username = dbInfo;
password = dbInfo;
};
};
};

View file

@ -2,7 +2,11 @@
lib,
config,
...
}: {
}: let
sshPort = 2222;
dbHost = "192.168.1.211";
dbLogin = "forgejo";
in {
sops.secrets.smtp2go-pwd = {owner = "forgejo";};
networking.firewall.allowedTCPPorts = [2222];
services.forgejo = {
@ -27,8 +31,8 @@
LANDING_PAGE = "/explore/repos";
START_SSH_SERVER = true;
SSH_DOMAIN = "git.flake.sh";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2222;
SSH_PORT = sshPort;
SSH_LISTEN_PORT = sshPort;
SSH_LISTEN_HOST = "100.121.201.47";
};
session = {
@ -39,15 +43,15 @@
};
database = {
DB_TYPE = lib.mkForce "postgres";
HOST = "192.168.1.211:5432";
NAME = "forgejo";
USER = "forgejo";
PASSWD = "forgejo";
HOST = "${dbHost}:5432";
NAME = dbLogin;
USER = dbLogin;
PASSWD = dbLogin;
};
cache = {
ENABLED = true;
ADAPTER = lib.mkForce "redis";
HOST = "redis://:forgejo@100.94.214.100:6379";
HOST = "redis://:forgejo@${dbHost}:6379";
};
metrics = {
ENABLED = true;

View file

@ -1,4 +1,7 @@
_: {
_: let
prometheusPort = "9090";
dbLogin = "grafana";
in {
services.grafana = {
enable = true;
settings = {
@ -17,8 +20,8 @@ _: {
database = {
type = "postgres";
host = "192.168.1.211:5432";
name = "grafana";
user = "grafana";
name = dbLogin;
user = dbLogin;
ssl_mode = "disable";
};
panels = {
@ -32,49 +35,49 @@ _: {
{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:9090";
url = "http://localhost:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-kariru";
type = "prometheus";
url = "http://100.126.229.95:9090";
url = "http://100.126.229.95:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-yuki";
type = "prometheus";
url = "http://100.108.113.89:9090";
url = "http://100.108.113.89:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-arashi";
type = "prometheus";
url = "http://100.94.214.100:9090";
url = "http://100.94.214.100:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-sora";
type = "prometheus";
url = "http://100.104.42.96:9090";
url = "http://100.104.42.96:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-tsuru";
type = "prometheus";
url = "http://100.82.146.40:9090";
url = "http://100.82.146.40:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-kaze";
type = "prometheus";
url = "http://100.69.79.81:9090";
url = "http://100.69.79.81:${prometheusPort}";
orgId = 1;
}
{
name = "Prometheus-haru";
type = "prometheus";
url = "http://100.73.192.45:9090";
url = "http://100.73.192.45:${prometheusPort}";
orgId = 1;
jsonData = {
graphiteVersion = "1.1";

View file

@ -2,7 +2,7 @@
networking.firewall.allowedTCPPorts = [8888];
services.atuin = {
enable = true;
openRegistration = true;
openRegistration = false;
openFirewall = true;
host = "100.104.42.96";
port = 8888;

View file

@ -14,6 +14,6 @@
# ./terraria.nix
# ./factorio.nix
# ./minecraft.nix
./foundryvtt.nix
# ./foundryvtt.nix
];
}

View file

@ -47,26 +47,14 @@
};
};
};
routers = {
routers = let
pqdn = "flake.sh";
in {
api = {
rule = "PathPrefix(`/api/`)";
entrypoints = ["websecure"];
service = "api@internal";
};
uptime-kuma = {
rule = "Host(`status.flake.sh`)";
entrypoints = ["websecure"];
service = "uptime-kuma";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
conduit = {
rule = "Host(`matrix.flake.sh`)";
entrypoints = ["websecure"];
service = "conduit";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
authelia = {
rule = "Host(`passport.notohh.dev`)";
entrypoints = ["websecure"];
@ -74,112 +62,132 @@
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
uptime-kuma = {
rule = "Host(`status.${pqdn}`)";
entrypoints = ["websecure"];
service = "uptime-kuma";
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
conduit = {
rule = "Host(`matrix.${pqdn}`)";
entrypoints = ["websecure"];
service = "conduit";
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
foundryvtt = {
rule = "Host(`foundry.flake.sh`)";
rule = "Host(`foundry.${pqdn}`)";
entrypoints = ["websecure"];
service = "foundryvtt";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
forgejo = {
rule = "Host(`git.flake.sh`)";
rule = "Host(`git.${pqdn}`)";
entrypoints = ["websecure"];
service = "forgejo";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
middlewares = "cors";
};
rustypaste = {
rule = "Host(`i.flake.sh`)";
rule = "Host(`i.${pqdn}`)";
entrypoints = ["websecure"];
service = "rustypaste";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
grafana = {
rule = "Host(`metrics.flake.sh`)";
rule = "Host(`metrics.${pqdn}`)";
entrypoints = ["websecure"];
service = "grafana";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
hedgedoc = {
rule = "Host(`scratch.flake.sh`)";
rule = "Host(`scratch.${pqdn}`)";
entrypoints = ["websecure"];
service = "hedgedoc";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
vaultwarden = {
rule = "Host(`vault.flake.sh`)";
rule = "Host(`vault.${pqdn}`)";
entrypoints = ["websecure"];
service = "vaultwarden";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
neko = {
rule = "Host(`neko.flake.sh`)";
rule = "Host(`neko.${pqdn}`)";
entrypoints = ["websecure"];
service = "neko";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
justlog = {
rule = "Host(`logs.flake.sh`)";
rule = "Host(`logs.${pqdn}`)";
entrypoints = ["websecure"];
service = "justlog";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
ntfy = {
rule = "Host(`ntfy.flake.sh`)";
rule = "Host(`ntfy.${pqdn}`)";
entrypoints = ["websecure"];
service = "ntfy-sh";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
attic = {
rule = "Host(`cache.flake.sh`)";
rule = "Host(`cache.${pqdn}`)";
entrypoints = ["websecure"];
service = "attic";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
minio = {
rule = "Host(`s3.flake.sh`)";
rule = "Host(`s3.${pqdn}`)";
entrypoints = ["websecure"];
service = "minio";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
middlewares = "cors-allow-all";
};
woodpecker = {
rule = "Host(`ci.flake.sh`)";
rule = "Host(`ci.${pqdn}`)";
entrypoints = ["websecure"];
service = "woodpecker";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.${pqdn}";}];
tls.certresolver = "production";
};
};
services = {
forgejo.loadBalancer = {
passHostHeader = true;
servers = [{url = "http://100.121.201.47:3200";}];
};
uptime-kuma.loadBalancer.servers = [{url = "http://100.104.42.96:4000";}];
conduit.loadBalancer.servers = [{url = "http://100.121.201.47:6167";}];
authelia.loadBalancer.servers = [{url = "http://100.121.201.47:9091";}];
foundryvtt.loadBalancer.servers = [{url = "http://100.104.42.96:30000";}];
rustypaste.loadBalancer.servers = [{url = "http://100.121.201.47:8000";}];
grafana.loadBalancer.servers = [{url = "http://100.121.201.47:3100";}];
hedgedoc.loadBalancer.servers = [{url = "http://100.121.201.47:3300";}];
vaultwarden.loadBalancer.servers = [{url = "http://100.121.201.47:8222";}];
searxng.loadBalancer.servers = [{url = "http://100.121.201.47:8100";}];
neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}];
attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}];
services = let
sakuraIp = "100.121.201.47:";
soraIp = "100.104.42.96:";
in {
# sora
uptime-kuma.loadBalancer.servers = [{url = "http://${soraIp}4000";}];
foundryvtt.loadBalancer.servers = [{url = "http://${soraIp}30000";}];
ntfy-sh.loadBalancer.servers = [{url = "http://${soraIp}8090";}];
attic.loadBalancer.servers = [{url = "http://${soraIp}8200";}];
# sakura
forgejo.loadBalancer.servers = [{url = "http://${sakuraIp}3200";}];
conduit.loadBalancer.servers = [{url = "http://${sakuraIp}6167";}];
authelia.loadBalancer.servers = [{url = "http://${sakuraIp}9091";}];
rustypaste.loadBalancer.servers = [{url = "http://${sakuraIp}8000";}];
grafana.loadBalancer.servers = [{url = "http://${sakuraIp}3100";}];
hedgedoc.loadBalancer.servers = [{url = "http://${sakuraIp}3300";}];
vaultwarden.loadBalancer.servers = [{url = "http://${sakuraIp}8222";}];
searxng.loadBalancer.servers = [{url = "http://${sakuraIp}8100";}];
justlog.loadBalancer.servers = [{url = "http://${sakuraIp}8025";}];
# kaze
minio.loadBalancer.servers = [{url = "http://100.69.79.81:9005";}];
# tsuru
woodpecker.loadBalancer.servers = [{url = "http://100.82.146.40:8200";}];
};
};

View file

@ -37,7 +37,6 @@
distrobox
vscode-fhs
obsidian-wayland
supersonic-wayland
jellyfin-mpv-shim
virt-manager
imv

View file

@ -1,4 +1,6 @@
_: {
_: let
storagePath = "/home/notoh/docker/stash";
in {
virtualisation.oci-containers.containers.stash = {
image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; # v0.24.3
ports = ["9999:9999"];
@ -11,12 +13,12 @@ _: {
};
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/home/notoh/docker/stash/.config:/root/.stash"
"/home/notoh/docker/stash/data:/data"
"/home/notoh/docker/stash/.metadata:/metadata"
"/home/notoh/docker/stash/cache:/cache"
"/home/notoh/docker/stash/generated:/generated"
"/home/notoh/docker/stash/blobs:/blobs"
"${storagePath}/.config:/root/.stash"
"${storagePath}/data:/data"
"${storagePath}/.metadata:/metadata"
"${storagePath}/cache:/cache"
"${storagePath}/generated:/generated"
"${storagePath}/blobs:/blobs"
];
};
}

View file

@ -13,7 +13,9 @@
enable = true;
dynamicConfigOptions = {
http = {
routers = {
routers = let
fqdn = "internal.flake.sh";
in {
# local
api = {
rule = "PathPrefix(`/api/`)";
@ -21,113 +23,115 @@
service = "api@internal";
};
homepage = {
rule = "Host(`dashboard.internal.flake.sh`)";
rule = "Host(`dashboard.${fqdn}`)";
entrypoints = ["websecure"];
service = "homepage";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
stash = {
rule = "Host(`stash.internal.flake.sh`)";
rule = "Host(`stash.${fqdn}`)";
entrypoints = ["websecure"];
service = "stash";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
jellyfin = {
rule = "Host(`jellyfin.internal.flake.sh`)";
rule = "Host(`jellyfin.${fqdn}`)";
entrypoints = ["websecure"];
service = "jellyfin";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
jellyseerr = {
rule = "Host(`jellyseerr.internal.flake.sh`)";
rule = "Host(`jellyseerr.${fqdn}`)";
entrypoints = ["websecure"];
service = "jellyseerr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
wallos = {
rule = "Host(`wallos.internal.flake.sh`)";
rule = "Host(`wallos.${fqdn}`)";
entrypoints = ["websecure"];
service = "wallos";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
hass = {
rule = "Host(`hass.internal.flake.sh`)";
rule = "Host(`hass.${fqdn}`)";
entrypoints = ["websecure"];
service = "hass";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
paperless = {
rule = "Host(`paperless.internal.flake.sh`)";
rule = "Host(`paperless.${fqdn}`)";
entrypoints = ["websecure"];
service = "paperless";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
miniflux = {
rule = "Host(`rss.internal.flake.sh`)";
rule = "Host(`rss.${fqdn}`)";
entrypoints = ["websecure"];
service = "miniflux";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
# kariru
sonarr = {
rule = "Host(`sonarr.internal.flake.sh`)";
rule = "Host(`sonarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "sonarr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
radarr = {
rule = "Host(`radarr.internal.flake.sh`)";
rule = "Host(`radarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "radarr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
readarr = {
rule = "Host(`readarr.internal.flake.sh`)";
rule = "Host(`readarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "readarr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
lidarr = {
rule = "Host(`lidarr.internal.flake.sh`)";
rule = "Host(`lidarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "lidarr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
bazarr = {
rule = "Host(`bazarr.internal.flake.sh`)";
rule = "Host(`bazarr.${fqdn}`)";
entryPoints = ["websecure"];
service = "bazarr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
whisparr = {
rule = "Host(`whisparr.internal.flake.sh`)";
rule = "Host(`whisparr.${fqdn}`)";
entryPoints = ["websecure"];
service = "whisparr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
prowlarr = {
rule = "Host(`prowlarr.internal.flake.sh`)";
rule = "Host(`prowlarr.${fqdn}`)";
entrypoints = ["websecure"];
service = "prowlarr";
tls.domains = [{main = "*.internal.flake.sh";}];
tls.domains = [{main = "*.${fqdn}";}];
tls.certresolver = "production";
};
};
services = {
services = let
kariruHost = "192.168.1.54:";
in {
# local
stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
homepage.loadBalancer.servers = [{url = "http://localhost:7676";}];
@ -138,13 +142,13 @@
paperless.loadBalancer.servers = [{url = "http://localhost:28981";}];
miniflux.loadBalancer.servers = [{url = "http://localhost:9000";}];
# kariru
sonarr.loadBalancer.servers = [{url = "http://192.168.1.54:8989";}];
radarr.loadBalancer.servers = [{url = "http://192.168.1.54:7878";}];
readarr.loadBalancer.servers = [{url = "http://192.168.1.54:8787";}];
lidarr.loadBalancer.servers = [{url = "http://192.168.1.54:8686";}];
bazarr.loadBalancer.servers = [{url = "http://192.168.1.54:6767";}];
whisparr.loadBalancer.servers = [{url = "http://192.168.1.54:6969";}];
prowlarr.loadBalancer.servers = [{url = "http://192.168.1.54:9696";}];
sonarr.loadBalancer.servers = [{url = "http://${kariruHost}8989";}];
radarr.loadBalancer.servers = [{url = "http://${kariruHost}7878";}];
readarr.loadBalancer.servers = [{url = "http://${kariruHost}8787";}];
lidarr.loadBalancer.servers = [{url = "http://${kariruHost}8686";}];
bazarr.loadBalancer.servers = [{url = "http://${kariruHost}6767";}];
whisparr.loadBalancer.servers = [{url = "http://${kariruHost}6969";}];
prowlarr.loadBalancer.servers = [{url = "http://${kariruHost}9696";}];
};
};
};