From ccd69ee47ec39e0ba16fc67386be960a330be548 Mon Sep 17 00:00:00 2001 From: notohh Date: Tue, 6 Feb 2024 13:40:38 -0500 Subject: [PATCH] hosts: reduce repition with let bindings replaces (most) values that are repeatedly used w/ a let binding so they can be updated from one place. --- hosts/haru/services/blocky.nix | 34 ++++---- hosts/kaze/services/minio.nix | 8 +- hosts/sakura/services/authelia.nix | 20 +++-- hosts/sakura/services/forgejo.nix | 20 +++-- hosts/sakura/services/grafana.nix | 25 +++--- hosts/sora/services/atuin.nix | 2 +- hosts/sora/services/default.nix | 2 +- hosts/sora/services/traefik.nix | 122 +++++++++++++++-------------- hosts/tsuki/home.nix | 1 - hosts/yuki/services/stash.nix | 16 ++-- hosts/yuki/services/traefik.nix | 82 ++++++++++--------- 11 files changed, 180 insertions(+), 152 deletions(-) diff --git a/hosts/haru/services/blocky.nix b/hosts/haru/services/blocky.nix index 828d03a..1ea5bc3 100644 --- a/hosts/haru/services/blocky.nix +++ b/hosts/haru/services/blocky.nix @@ -103,36 +103,38 @@ }; customDNS = { customTTL = "1h"; - mapping = { + mapping = let + yukiIp = "192.168.1.98"; + in { # infra "truenas.internal.flake.sh" = "192.168.1.199"; - "hass.internal.flake.sh" = "192.168.1.98"; - "dashboard.internal.flake.sh" = "192.168.1.98"; + "hass.internal.flake.sh" = "${yukiIp}"; + "dashboard.internal.flake.sh" = "${yukiIp}"; "udm.internal.flake.sh" = "192.168.1.1"; "pve.internal.flake.sh" = "192.168.1.37"; "pbs.internal.flake.sh" = "192.168.1.38"; # media - "jellyfin.internal.flake.sh" = "192.168.1.98"; - "jellyseerr.internal.flake.sh" = "192.168.1.98"; - "sonarr.internal.flake.sh" = "192.168.1.98"; - "radarr.internal.flake.sh" = "192.168.1.98"; - "readarr.internal.flake.sh" = "192.168.1.98"; - "lidarr.internal.flake.sh" = "192.168.1.98"; - "whisparr.internal.flake.sh" = "192.168.1.98"; - "bazarr.internal.flake.sh" = "192.168.1.98"; - "prowlarr.internal.flake.sh" = "192.168.1.98"; - "stash.internal.flake.sh" = "192.168.1.98"; + "jellyfin.internal.flake.sh" = "${yukiIp}"; + "jellyseerr.internal.flake.sh" = "${yukiIp}"; + "sonarr.internal.flake.sh" = "${yukiIp}"; + "radarr.internal.flake.sh" = "${yukiIp}"; + "readarr.internal.flake.sh" = "${yukiIp}"; + "lidarr.internal.flake.sh" = "${yukiIp}"; + "whisparr.internal.flake.sh" = "${yukiIp}"; + "bazarr.internal.flake.sh" = "${yukiIp}"; + "prowlarr.internal.flake.sh" = "${yukiIp}"; + "stash.internal.flake.sh" = "${yukiIp}"; "nextcloud.internal.flake.sh" = "192.168.1.199"; # misc - "wallos.internal.flake.sh" = "192.168.1.98"; + "wallos.internal.flake.sh" = "${yukiIp}"; "synology.internal.flake.sh" = "192.168.1.71"; - "paperless.internal.flake.sh" = "192.168.1.98"; - "rss.internal.flake.sh" = "192.168.1.98"; + "paperless.internal.flake.sh" = "${yukiIp}"; + "rss.internal.flake.sh" = "${yukiIp}"; }; }; redis = { diff --git a/hosts/kaze/services/minio.nix b/hosts/kaze/services/minio.nix index f3c53b5..3fe5120 100644 --- a/hosts/kaze/services/minio.nix +++ b/hosts/kaze/services/minio.nix @@ -13,13 +13,15 @@ mode = "0600"; restartUnits = ["minio.service"]; }; - services.minio = { + services.minio = let + dataDir = "/var/lib/slab/minio"; + in { enable = true; region = "us-east-1"; consoleAddress = "0.0.0.0:9006"; listenAddress = "0.0.0.0:9005"; rootCredentialsFile = config.sops.secrets.minio.path; - dataDir = ["/var/lib/slab/minio/data"]; - configDir = "/var/lib/slab/minio/config"; + dataDir = ["${dataDir}/data"]; + configDir = "${dataDir}/config"; }; } diff --git a/hosts/sakura/services/authelia.nix b/hosts/sakura/services/authelia.nix index 9c0b2e4..1e9f901 100644 --- a/hosts/sakura/services/authelia.nix +++ b/hosts/sakura/services/authelia.nix @@ -8,16 +8,18 @@ jwtSecretFile = config.sops.secrets.authelia-jwt.path; storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path; }; - settings = { + settings = let + pqdn = "notohh.dev"; + in { log.level = "debug"; theme = "dark"; default_2fa_method = "totp"; - default_redirection_url = "https://passport.notohh.dev/"; + default_redirection_url = "https://passport.${pqdn}/"; authentication_backend = { file.path = "/var/lib/authelia-default/user.yml"; }; session = { - domain = "notohh.dev"; + domain = pqdn; expiration = 3600; inactivity = 300; }; @@ -38,7 +40,7 @@ default_policy = "deny"; rules = [ { - domain = "notohh.dev"; + domain = pqdn; policy = "bypass"; } ]; @@ -51,13 +53,15 @@ notifier.filesystem = { filename = "/var/lib/authelia-default/notif.txt"; }; - storage.postgres = { + storage.postgres = let + dbInfo = "authelia"; + in { host = "192.168.1.211"; port = 5432; - database = "authelia"; + database = dbInfo; schema = "public"; - username = "authelia"; - password = "authelia"; + username = dbInfo; + password = dbInfo; }; }; }; diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix index c3f932b..187aaee 100644 --- a/hosts/sakura/services/forgejo.nix +++ b/hosts/sakura/services/forgejo.nix @@ -2,7 +2,11 @@ lib, config, ... -}: { +}: let + sshPort = 2222; + dbHost = "192.168.1.211"; + dbLogin = "forgejo"; +in { sops.secrets.smtp2go-pwd = {owner = "forgejo";}; networking.firewall.allowedTCPPorts = [2222]; services.forgejo = { @@ -27,8 +31,8 @@ LANDING_PAGE = "/explore/repos"; START_SSH_SERVER = true; SSH_DOMAIN = "git.flake.sh"; - SSH_PORT = 2222; - SSH_LISTEN_PORT = 2222; + SSH_PORT = sshPort; + SSH_LISTEN_PORT = sshPort; SSH_LISTEN_HOST = "100.121.201.47"; }; session = { @@ -39,15 +43,15 @@ }; database = { DB_TYPE = lib.mkForce "postgres"; - HOST = "192.168.1.211:5432"; - NAME = "forgejo"; - USER = "forgejo"; - PASSWD = "forgejo"; + HOST = "${dbHost}:5432"; + NAME = dbLogin; + USER = dbLogin; + PASSWD = dbLogin; }; cache = { ENABLED = true; ADAPTER = lib.mkForce "redis"; - HOST = "redis://:forgejo@100.94.214.100:6379"; + HOST = "redis://:forgejo@${dbHost}:6379"; }; metrics = { ENABLED = true; diff --git a/hosts/sakura/services/grafana.nix b/hosts/sakura/services/grafana.nix index 00ab647..4ec34ca 100644 --- a/hosts/sakura/services/grafana.nix +++ b/hosts/sakura/services/grafana.nix @@ -1,4 +1,7 @@ -_: { +_: let + prometheusPort = "9090"; + dbLogin = "grafana"; +in { services.grafana = { enable = true; settings = { @@ -17,8 +20,8 @@ _: { database = { type = "postgres"; host = "192.168.1.211:5432"; - name = "grafana"; - user = "grafana"; + name = dbLogin; + user = dbLogin; ssl_mode = "disable"; }; panels = { @@ -32,49 +35,49 @@ _: { { name = "Prometheus"; type = "prometheus"; - url = "http://localhost:9090"; + url = "http://localhost:${prometheusPort}"; orgId = 1; } { name = "Prometheus-kariru"; type = "prometheus"; - url = "http://100.126.229.95:9090"; + url = "http://100.126.229.95:${prometheusPort}"; orgId = 1; } { name = "Prometheus-yuki"; type = "prometheus"; - url = "http://100.108.113.89:9090"; + url = "http://100.108.113.89:${prometheusPort}"; orgId = 1; } { name = "Prometheus-arashi"; type = "prometheus"; - url = "http://100.94.214.100:9090"; + url = "http://100.94.214.100:${prometheusPort}"; orgId = 1; } { name = "Prometheus-sora"; type = "prometheus"; - url = "http://100.104.42.96:9090"; + url = "http://100.104.42.96:${prometheusPort}"; orgId = 1; } { name = "Prometheus-tsuru"; type = "prometheus"; - url = "http://100.82.146.40:9090"; + url = "http://100.82.146.40:${prometheusPort}"; orgId = 1; } { name = "Prometheus-kaze"; type = "prometheus"; - url = "http://100.69.79.81:9090"; + url = "http://100.69.79.81:${prometheusPort}"; orgId = 1; } { name = "Prometheus-haru"; type = "prometheus"; - url = "http://100.73.192.45:9090"; + url = "http://100.73.192.45:${prometheusPort}"; orgId = 1; jsonData = { graphiteVersion = "1.1"; diff --git a/hosts/sora/services/atuin.nix b/hosts/sora/services/atuin.nix index f86ef13..4c30957 100644 --- a/hosts/sora/services/atuin.nix +++ b/hosts/sora/services/atuin.nix @@ -2,7 +2,7 @@ networking.firewall.allowedTCPPorts = [8888]; services.atuin = { enable = true; - openRegistration = true; + openRegistration = false; openFirewall = true; host = "100.104.42.96"; port = 8888; diff --git a/hosts/sora/services/default.nix b/hosts/sora/services/default.nix index 8e1cf89..e97e835 100644 --- a/hosts/sora/services/default.nix +++ b/hosts/sora/services/default.nix @@ -14,6 +14,6 @@ # ./terraria.nix # ./factorio.nix # ./minecraft.nix - ./foundryvtt.nix + # ./foundryvtt.nix ]; } diff --git a/hosts/sora/services/traefik.nix b/hosts/sora/services/traefik.nix index 2891bef..22255e0 100644 --- a/hosts/sora/services/traefik.nix +++ b/hosts/sora/services/traefik.nix @@ -47,26 +47,14 @@ }; }; }; - routers = { + routers = let + pqdn = "flake.sh"; + in { api = { rule = "PathPrefix(`/api/`)"; entrypoints = ["websecure"]; service = "api@internal"; }; - uptime-kuma = { - rule = "Host(`status.flake.sh`)"; - entrypoints = ["websecure"]; - service = "uptime-kuma"; - tls.domains = [{main = "*.flake.sh";}]; - tls.certresolver = "production"; - }; - conduit = { - rule = "Host(`matrix.flake.sh`)"; - entrypoints = ["websecure"]; - service = "conduit"; - tls.domains = [{main = "*.flake.sh";}]; - tls.certresolver = "production"; - }; authelia = { rule = "Host(`passport.notohh.dev`)"; entrypoints = ["websecure"]; @@ -74,112 +62,132 @@ tls.domains = [{main = "*.notohh.dev";}]; tls.certresolver = "production"; }; + uptime-kuma = { + rule = "Host(`status.${pqdn}`)"; + entrypoints = ["websecure"]; + service = "uptime-kuma"; + tls.domains = [{main = "*.${pqdn}";}]; + tls.certresolver = "production"; + }; + conduit = { + rule = "Host(`matrix.${pqdn}`)"; + entrypoints = ["websecure"]; + service = "conduit"; + tls.domains = [{main = "*.${pqdn}";}]; + tls.certresolver = "production"; + }; foundryvtt = { - rule = "Host(`foundry.flake.sh`)"; + rule = "Host(`foundry.${pqdn}`)"; entrypoints = ["websecure"]; service = "foundryvtt"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; forgejo = { - rule = "Host(`git.flake.sh`)"; + rule = "Host(`git.${pqdn}`)"; entrypoints = ["websecure"]; service = "forgejo"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; middlewares = "cors"; }; rustypaste = { - rule = "Host(`i.flake.sh`)"; + rule = "Host(`i.${pqdn}`)"; entrypoints = ["websecure"]; service = "rustypaste"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; grafana = { - rule = "Host(`metrics.flake.sh`)"; + rule = "Host(`metrics.${pqdn}`)"; entrypoints = ["websecure"]; service = "grafana"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; hedgedoc = { - rule = "Host(`scratch.flake.sh`)"; + rule = "Host(`scratch.${pqdn}`)"; entrypoints = ["websecure"]; service = "hedgedoc"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; vaultwarden = { - rule = "Host(`vault.flake.sh`)"; + rule = "Host(`vault.${pqdn}`)"; entrypoints = ["websecure"]; service = "vaultwarden"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; neko = { - rule = "Host(`neko.flake.sh`)"; + rule = "Host(`neko.${pqdn}`)"; entrypoints = ["websecure"]; service = "neko"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; justlog = { - rule = "Host(`logs.flake.sh`)"; + rule = "Host(`logs.${pqdn}`)"; entrypoints = ["websecure"]; service = "justlog"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; ntfy = { - rule = "Host(`ntfy.flake.sh`)"; + rule = "Host(`ntfy.${pqdn}`)"; entrypoints = ["websecure"]; service = "ntfy-sh"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; attic = { - rule = "Host(`cache.flake.sh`)"; + rule = "Host(`cache.${pqdn}`)"; entrypoints = ["websecure"]; service = "attic"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; minio = { - rule = "Host(`s3.flake.sh`)"; + rule = "Host(`s3.${pqdn}`)"; entrypoints = ["websecure"]; service = "minio"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; middlewares = "cors-allow-all"; }; woodpecker = { - rule = "Host(`ci.flake.sh`)"; + rule = "Host(`ci.${pqdn}`)"; entrypoints = ["websecure"]; service = "woodpecker"; - tls.domains = [{main = "*.flake.sh";}]; + tls.domains = [{main = "*.${pqdn}";}]; tls.certresolver = "production"; }; }; - services = { - forgejo.loadBalancer = { - passHostHeader = true; - servers = [{url = "http://100.121.201.47:3200";}]; - }; - uptime-kuma.loadBalancer.servers = [{url = "http://100.104.42.96:4000";}]; - conduit.loadBalancer.servers = [{url = "http://100.121.201.47:6167";}]; - authelia.loadBalancer.servers = [{url = "http://100.121.201.47:9091";}]; - foundryvtt.loadBalancer.servers = [{url = "http://100.104.42.96:30000";}]; - rustypaste.loadBalancer.servers = [{url = "http://100.121.201.47:8000";}]; - grafana.loadBalancer.servers = [{url = "http://100.121.201.47:3100";}]; - hedgedoc.loadBalancer.servers = [{url = "http://100.121.201.47:3300";}]; - vaultwarden.loadBalancer.servers = [{url = "http://100.121.201.47:8222";}]; - searxng.loadBalancer.servers = [{url = "http://100.121.201.47:8100";}]; - neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}]; - justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}]; - ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}]; - attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}]; + services = let + sakuraIp = "100.121.201.47:"; + soraIp = "100.104.42.96:"; + in { + # sora + uptime-kuma.loadBalancer.servers = [{url = "http://${soraIp}4000";}]; + foundryvtt.loadBalancer.servers = [{url = "http://${soraIp}30000";}]; + ntfy-sh.loadBalancer.servers = [{url = "http://${soraIp}8090";}]; + attic.loadBalancer.servers = [{url = "http://${soraIp}8200";}]; + + # sakura + forgejo.loadBalancer.servers = [{url = "http://${sakuraIp}3200";}]; + conduit.loadBalancer.servers = [{url = "http://${sakuraIp}6167";}]; + authelia.loadBalancer.servers = [{url = "http://${sakuraIp}9091";}]; + rustypaste.loadBalancer.servers = [{url = "http://${sakuraIp}8000";}]; + grafana.loadBalancer.servers = [{url = "http://${sakuraIp}3100";}]; + hedgedoc.loadBalancer.servers = [{url = "http://${sakuraIp}3300";}]; + vaultwarden.loadBalancer.servers = [{url = "http://${sakuraIp}8222";}]; + searxng.loadBalancer.servers = [{url = "http://${sakuraIp}8100";}]; + justlog.loadBalancer.servers = [{url = "http://${sakuraIp}8025";}]; + + # kaze minio.loadBalancer.servers = [{url = "http://100.69.79.81:9005";}]; + + # tsuru woodpecker.loadBalancer.servers = [{url = "http://100.82.146.40:8200";}]; }; }; diff --git a/hosts/tsuki/home.nix b/hosts/tsuki/home.nix index a6d4cfc..c713798 100755 --- a/hosts/tsuki/home.nix +++ b/hosts/tsuki/home.nix @@ -37,7 +37,6 @@ distrobox vscode-fhs obsidian-wayland - supersonic-wayland jellyfin-mpv-shim virt-manager imv diff --git a/hosts/yuki/services/stash.nix b/hosts/yuki/services/stash.nix index 27e113b..4d113d3 100644 --- a/hosts/yuki/services/stash.nix +++ b/hosts/yuki/services/stash.nix @@ -1,4 +1,6 @@ -_: { +_: let + storagePath = "/home/notoh/docker/stash"; +in { virtualisation.oci-containers.containers.stash = { image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; # v0.24.3 ports = ["9999:9999"]; @@ -11,12 +13,12 @@ _: { }; volumes = [ "/etc/localtime:/etc/localtime:ro" - "/home/notoh/docker/stash/.config:/root/.stash" - "/home/notoh/docker/stash/data:/data" - "/home/notoh/docker/stash/.metadata:/metadata" - "/home/notoh/docker/stash/cache:/cache" - "/home/notoh/docker/stash/generated:/generated" - "/home/notoh/docker/stash/blobs:/blobs" + "${storagePath}/.config:/root/.stash" + "${storagePath}/data:/data" + "${storagePath}/.metadata:/metadata" + "${storagePath}/cache:/cache" + "${storagePath}/generated:/generated" + "${storagePath}/blobs:/blobs" ]; }; } diff --git a/hosts/yuki/services/traefik.nix b/hosts/yuki/services/traefik.nix index c100680..016b0b5 100644 --- a/hosts/yuki/services/traefik.nix +++ b/hosts/yuki/services/traefik.nix @@ -13,7 +13,9 @@ enable = true; dynamicConfigOptions = { http = { - routers = { + routers = let + fqdn = "internal.flake.sh"; + in { # local api = { rule = "PathPrefix(`/api/`)"; @@ -21,113 +23,115 @@ service = "api@internal"; }; homepage = { - rule = "Host(`dashboard.internal.flake.sh`)"; + rule = "Host(`dashboard.${fqdn}`)"; entrypoints = ["websecure"]; service = "homepage"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; stash = { - rule = "Host(`stash.internal.flake.sh`)"; + rule = "Host(`stash.${fqdn}`)"; entrypoints = ["websecure"]; service = "stash"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; jellyfin = { - rule = "Host(`jellyfin.internal.flake.sh`)"; + rule = "Host(`jellyfin.${fqdn}`)"; entrypoints = ["websecure"]; service = "jellyfin"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; jellyseerr = { - rule = "Host(`jellyseerr.internal.flake.sh`)"; + rule = "Host(`jellyseerr.${fqdn}`)"; entrypoints = ["websecure"]; service = "jellyseerr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; wallos = { - rule = "Host(`wallos.internal.flake.sh`)"; + rule = "Host(`wallos.${fqdn}`)"; entrypoints = ["websecure"]; service = "wallos"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; hass = { - rule = "Host(`hass.internal.flake.sh`)"; + rule = "Host(`hass.${fqdn}`)"; entrypoints = ["websecure"]; service = "hass"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; paperless = { - rule = "Host(`paperless.internal.flake.sh`)"; + rule = "Host(`paperless.${fqdn}`)"; entrypoints = ["websecure"]; service = "paperless"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; miniflux = { - rule = "Host(`rss.internal.flake.sh`)"; + rule = "Host(`rss.${fqdn}`)"; entrypoints = ["websecure"]; service = "miniflux"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; # kariru sonarr = { - rule = "Host(`sonarr.internal.flake.sh`)"; + rule = "Host(`sonarr.${fqdn}`)"; entryPoints = ["websecure"]; service = "sonarr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; radarr = { - rule = "Host(`radarr.internal.flake.sh`)"; + rule = "Host(`radarr.${fqdn}`)"; entryPoints = ["websecure"]; service = "radarr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; readarr = { - rule = "Host(`readarr.internal.flake.sh`)"; + rule = "Host(`readarr.${fqdn}`)"; entryPoints = ["websecure"]; service = "readarr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; lidarr = { - rule = "Host(`lidarr.internal.flake.sh`)"; + rule = "Host(`lidarr.${fqdn}`)"; entryPoints = ["websecure"]; service = "lidarr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; bazarr = { - rule = "Host(`bazarr.internal.flake.sh`)"; + rule = "Host(`bazarr.${fqdn}`)"; entryPoints = ["websecure"]; service = "bazarr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; whisparr = { - rule = "Host(`whisparr.internal.flake.sh`)"; + rule = "Host(`whisparr.${fqdn}`)"; entryPoints = ["websecure"]; service = "whisparr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; prowlarr = { - rule = "Host(`prowlarr.internal.flake.sh`)"; + rule = "Host(`prowlarr.${fqdn}`)"; entrypoints = ["websecure"]; service = "prowlarr"; - tls.domains = [{main = "*.internal.flake.sh";}]; + tls.domains = [{main = "*.${fqdn}";}]; tls.certresolver = "production"; }; }; - services = { + services = let + kariruHost = "192.168.1.54:"; + in { # local stash.loadBalancer.servers = [{url = "http://localhost:9999";}]; homepage.loadBalancer.servers = [{url = "http://localhost:7676";}]; @@ -138,13 +142,13 @@ paperless.loadBalancer.servers = [{url = "http://localhost:28981";}]; miniflux.loadBalancer.servers = [{url = "http://localhost:9000";}]; # kariru - sonarr.loadBalancer.servers = [{url = "http://192.168.1.54:8989";}]; - radarr.loadBalancer.servers = [{url = "http://192.168.1.54:7878";}]; - readarr.loadBalancer.servers = [{url = "http://192.168.1.54:8787";}]; - lidarr.loadBalancer.servers = [{url = "http://192.168.1.54:8686";}]; - bazarr.loadBalancer.servers = [{url = "http://192.168.1.54:6767";}]; - whisparr.loadBalancer.servers = [{url = "http://192.168.1.54:6969";}]; - prowlarr.loadBalancer.servers = [{url = "http://192.168.1.54:9696";}]; + sonarr.loadBalancer.servers = [{url = "http://${kariruHost}8989";}]; + radarr.loadBalancer.servers = [{url = "http://${kariruHost}7878";}]; + readarr.loadBalancer.servers = [{url = "http://${kariruHost}8787";}]; + lidarr.loadBalancer.servers = [{url = "http://${kariruHost}8686";}]; + bazarr.loadBalancer.servers = [{url = "http://${kariruHost}6767";}]; + whisparr.loadBalancer.servers = [{url = "http://${kariruHost}6969";}]; + prowlarr.loadBalancer.servers = [{url = "http://${kariruHost}9696";}]; }; }; };