hosts: reduce repition with let bindings
replaces (most) values that are repeatedly used w/ a let binding so they can be updated from one place.
This commit is contained in:
parent
2e1655a890
commit
ccd69ee47e
11 changed files with 180 additions and 152 deletions
|
@ -103,36 +103,38 @@
|
||||||
};
|
};
|
||||||
customDNS = {
|
customDNS = {
|
||||||
customTTL = "1h";
|
customTTL = "1h";
|
||||||
mapping = {
|
mapping = let
|
||||||
|
yukiIp = "192.168.1.98";
|
||||||
|
in {
|
||||||
# infra
|
# infra
|
||||||
|
|
||||||
"truenas.internal.flake.sh" = "192.168.1.199";
|
"truenas.internal.flake.sh" = "192.168.1.199";
|
||||||
"hass.internal.flake.sh" = "192.168.1.98";
|
"hass.internal.flake.sh" = "${yukiIp}";
|
||||||
"dashboard.internal.flake.sh" = "192.168.1.98";
|
"dashboard.internal.flake.sh" = "${yukiIp}";
|
||||||
"udm.internal.flake.sh" = "192.168.1.1";
|
"udm.internal.flake.sh" = "192.168.1.1";
|
||||||
"pve.internal.flake.sh" = "192.168.1.37";
|
"pve.internal.flake.sh" = "192.168.1.37";
|
||||||
"pbs.internal.flake.sh" = "192.168.1.38";
|
"pbs.internal.flake.sh" = "192.168.1.38";
|
||||||
|
|
||||||
# media
|
# media
|
||||||
|
|
||||||
"jellyfin.internal.flake.sh" = "192.168.1.98";
|
"jellyfin.internal.flake.sh" = "${yukiIp}";
|
||||||
"jellyseerr.internal.flake.sh" = "192.168.1.98";
|
"jellyseerr.internal.flake.sh" = "${yukiIp}";
|
||||||
"sonarr.internal.flake.sh" = "192.168.1.98";
|
"sonarr.internal.flake.sh" = "${yukiIp}";
|
||||||
"radarr.internal.flake.sh" = "192.168.1.98";
|
"radarr.internal.flake.sh" = "${yukiIp}";
|
||||||
"readarr.internal.flake.sh" = "192.168.1.98";
|
"readarr.internal.flake.sh" = "${yukiIp}";
|
||||||
"lidarr.internal.flake.sh" = "192.168.1.98";
|
"lidarr.internal.flake.sh" = "${yukiIp}";
|
||||||
"whisparr.internal.flake.sh" = "192.168.1.98";
|
"whisparr.internal.flake.sh" = "${yukiIp}";
|
||||||
"bazarr.internal.flake.sh" = "192.168.1.98";
|
"bazarr.internal.flake.sh" = "${yukiIp}";
|
||||||
"prowlarr.internal.flake.sh" = "192.168.1.98";
|
"prowlarr.internal.flake.sh" = "${yukiIp}";
|
||||||
"stash.internal.flake.sh" = "192.168.1.98";
|
"stash.internal.flake.sh" = "${yukiIp}";
|
||||||
"nextcloud.internal.flake.sh" = "192.168.1.199";
|
"nextcloud.internal.flake.sh" = "192.168.1.199";
|
||||||
|
|
||||||
# misc
|
# misc
|
||||||
|
|
||||||
"wallos.internal.flake.sh" = "192.168.1.98";
|
"wallos.internal.flake.sh" = "${yukiIp}";
|
||||||
"synology.internal.flake.sh" = "192.168.1.71";
|
"synology.internal.flake.sh" = "192.168.1.71";
|
||||||
"paperless.internal.flake.sh" = "192.168.1.98";
|
"paperless.internal.flake.sh" = "${yukiIp}";
|
||||||
"rss.internal.flake.sh" = "192.168.1.98";
|
"rss.internal.flake.sh" = "${yukiIp}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
redis = {
|
redis = {
|
||||||
|
|
|
@ -13,13 +13,15 @@
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
restartUnits = ["minio.service"];
|
restartUnits = ["minio.service"];
|
||||||
};
|
};
|
||||||
services.minio = {
|
services.minio = let
|
||||||
|
dataDir = "/var/lib/slab/minio";
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
region = "us-east-1";
|
region = "us-east-1";
|
||||||
consoleAddress = "0.0.0.0:9006";
|
consoleAddress = "0.0.0.0:9006";
|
||||||
listenAddress = "0.0.0.0:9005";
|
listenAddress = "0.0.0.0:9005";
|
||||||
rootCredentialsFile = config.sops.secrets.minio.path;
|
rootCredentialsFile = config.sops.secrets.minio.path;
|
||||||
dataDir = ["/var/lib/slab/minio/data"];
|
dataDir = ["${dataDir}/data"];
|
||||||
configDir = "/var/lib/slab/minio/config";
|
configDir = "${dataDir}/config";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,16 +8,18 @@
|
||||||
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
|
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
|
||||||
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
|
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
|
||||||
};
|
};
|
||||||
settings = {
|
settings = let
|
||||||
|
pqdn = "notohh.dev";
|
||||||
|
in {
|
||||||
log.level = "debug";
|
log.level = "debug";
|
||||||
theme = "dark";
|
theme = "dark";
|
||||||
default_2fa_method = "totp";
|
default_2fa_method = "totp";
|
||||||
default_redirection_url = "https://passport.notohh.dev/";
|
default_redirection_url = "https://passport.${pqdn}/";
|
||||||
authentication_backend = {
|
authentication_backend = {
|
||||||
file.path = "/var/lib/authelia-default/user.yml";
|
file.path = "/var/lib/authelia-default/user.yml";
|
||||||
};
|
};
|
||||||
session = {
|
session = {
|
||||||
domain = "notohh.dev";
|
domain = pqdn;
|
||||||
expiration = 3600;
|
expiration = 3600;
|
||||||
inactivity = 300;
|
inactivity = 300;
|
||||||
};
|
};
|
||||||
|
@ -38,7 +40,7 @@
|
||||||
default_policy = "deny";
|
default_policy = "deny";
|
||||||
rules = [
|
rules = [
|
||||||
{
|
{
|
||||||
domain = "notohh.dev";
|
domain = pqdn;
|
||||||
policy = "bypass";
|
policy = "bypass";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
@ -51,13 +53,15 @@
|
||||||
notifier.filesystem = {
|
notifier.filesystem = {
|
||||||
filename = "/var/lib/authelia-default/notif.txt";
|
filename = "/var/lib/authelia-default/notif.txt";
|
||||||
};
|
};
|
||||||
storage.postgres = {
|
storage.postgres = let
|
||||||
|
dbInfo = "authelia";
|
||||||
|
in {
|
||||||
host = "192.168.1.211";
|
host = "192.168.1.211";
|
||||||
port = 5432;
|
port = 5432;
|
||||||
database = "authelia";
|
database = dbInfo;
|
||||||
schema = "public";
|
schema = "public";
|
||||||
username = "authelia";
|
username = dbInfo;
|
||||||
password = "authelia";
|
password = dbInfo;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,7 +2,11 @@
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: {
|
}: let
|
||||||
|
sshPort = 2222;
|
||||||
|
dbHost = "192.168.1.211";
|
||||||
|
dbLogin = "forgejo";
|
||||||
|
in {
|
||||||
sops.secrets.smtp2go-pwd = {owner = "forgejo";};
|
sops.secrets.smtp2go-pwd = {owner = "forgejo";};
|
||||||
networking.firewall.allowedTCPPorts = [2222];
|
networking.firewall.allowedTCPPorts = [2222];
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
|
@ -27,8 +31,8 @@
|
||||||
LANDING_PAGE = "/explore/repos";
|
LANDING_PAGE = "/explore/repos";
|
||||||
START_SSH_SERVER = true;
|
START_SSH_SERVER = true;
|
||||||
SSH_DOMAIN = "git.flake.sh";
|
SSH_DOMAIN = "git.flake.sh";
|
||||||
SSH_PORT = 2222;
|
SSH_PORT = sshPort;
|
||||||
SSH_LISTEN_PORT = 2222;
|
SSH_LISTEN_PORT = sshPort;
|
||||||
SSH_LISTEN_HOST = "100.121.201.47";
|
SSH_LISTEN_HOST = "100.121.201.47";
|
||||||
};
|
};
|
||||||
session = {
|
session = {
|
||||||
|
@ -39,15 +43,15 @@
|
||||||
};
|
};
|
||||||
database = {
|
database = {
|
||||||
DB_TYPE = lib.mkForce "postgres";
|
DB_TYPE = lib.mkForce "postgres";
|
||||||
HOST = "192.168.1.211:5432";
|
HOST = "${dbHost}:5432";
|
||||||
NAME = "forgejo";
|
NAME = dbLogin;
|
||||||
USER = "forgejo";
|
USER = dbLogin;
|
||||||
PASSWD = "forgejo";
|
PASSWD = dbLogin;
|
||||||
};
|
};
|
||||||
cache = {
|
cache = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
ADAPTER = lib.mkForce "redis";
|
ADAPTER = lib.mkForce "redis";
|
||||||
HOST = "redis://:forgejo@100.94.214.100:6379";
|
HOST = "redis://:forgejo@${dbHost}:6379";
|
||||||
};
|
};
|
||||||
metrics = {
|
metrics = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
_: {
|
_: let
|
||||||
|
prometheusPort = "9090";
|
||||||
|
dbLogin = "grafana";
|
||||||
|
in {
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
|
@ -17,8 +20,8 @@ _: {
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
host = "192.168.1.211:5432";
|
host = "192.168.1.211:5432";
|
||||||
name = "grafana";
|
name = dbLogin;
|
||||||
user = "grafana";
|
user = dbLogin;
|
||||||
ssl_mode = "disable";
|
ssl_mode = "disable";
|
||||||
};
|
};
|
||||||
panels = {
|
panels = {
|
||||||
|
@ -32,49 +35,49 @@ _: {
|
||||||
{
|
{
|
||||||
name = "Prometheus";
|
name = "Prometheus";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://localhost:9090";
|
url = "http://localhost:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-kariru";
|
name = "Prometheus-kariru";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.126.229.95:9090";
|
url = "http://100.126.229.95:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-yuki";
|
name = "Prometheus-yuki";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.108.113.89:9090";
|
url = "http://100.108.113.89:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-arashi";
|
name = "Prometheus-arashi";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.94.214.100:9090";
|
url = "http://100.94.214.100:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-sora";
|
name = "Prometheus-sora";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.104.42.96:9090";
|
url = "http://100.104.42.96:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-tsuru";
|
name = "Prometheus-tsuru";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.82.146.40:9090";
|
url = "http://100.82.146.40:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-kaze";
|
name = "Prometheus-kaze";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.69.79.81:9090";
|
url = "http://100.69.79.81:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "Prometheus-haru";
|
name = "Prometheus-haru";
|
||||||
type = "prometheus";
|
type = "prometheus";
|
||||||
url = "http://100.73.192.45:9090";
|
url = "http://100.73.192.45:${prometheusPort}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
jsonData = {
|
jsonData = {
|
||||||
graphiteVersion = "1.1";
|
graphiteVersion = "1.1";
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
networking.firewall.allowedTCPPorts = [8888];
|
networking.firewall.allowedTCPPorts = [8888];
|
||||||
services.atuin = {
|
services.atuin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openRegistration = true;
|
openRegistration = false;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
host = "100.104.42.96";
|
host = "100.104.42.96";
|
||||||
port = 8888;
|
port = 8888;
|
||||||
|
|
|
@ -14,6 +14,6 @@
|
||||||
# ./terraria.nix
|
# ./terraria.nix
|
||||||
# ./factorio.nix
|
# ./factorio.nix
|
||||||
# ./minecraft.nix
|
# ./minecraft.nix
|
||||||
./foundryvtt.nix
|
# ./foundryvtt.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,26 +47,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
routers = {
|
routers = let
|
||||||
|
pqdn = "flake.sh";
|
||||||
|
in {
|
||||||
api = {
|
api = {
|
||||||
rule = "PathPrefix(`/api/`)";
|
rule = "PathPrefix(`/api/`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "api@internal";
|
service = "api@internal";
|
||||||
};
|
};
|
||||||
uptime-kuma = {
|
|
||||||
rule = "Host(`status.flake.sh`)";
|
|
||||||
entrypoints = ["websecure"];
|
|
||||||
service = "uptime-kuma";
|
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
|
||||||
tls.certresolver = "production";
|
|
||||||
};
|
|
||||||
conduit = {
|
|
||||||
rule = "Host(`matrix.flake.sh`)";
|
|
||||||
entrypoints = ["websecure"];
|
|
||||||
service = "conduit";
|
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
|
||||||
tls.certresolver = "production";
|
|
||||||
};
|
|
||||||
authelia = {
|
authelia = {
|
||||||
rule = "Host(`passport.notohh.dev`)";
|
rule = "Host(`passport.notohh.dev`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
|
@ -74,112 +62,132 @@
|
||||||
tls.domains = [{main = "*.notohh.dev";}];
|
tls.domains = [{main = "*.notohh.dev";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
|
uptime-kuma = {
|
||||||
|
rule = "Host(`status.${pqdn}`)";
|
||||||
|
entrypoints = ["websecure"];
|
||||||
|
service = "uptime-kuma";
|
||||||
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
|
tls.certresolver = "production";
|
||||||
|
};
|
||||||
|
conduit = {
|
||||||
|
rule = "Host(`matrix.${pqdn}`)";
|
||||||
|
entrypoints = ["websecure"];
|
||||||
|
service = "conduit";
|
||||||
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
|
tls.certresolver = "production";
|
||||||
|
};
|
||||||
foundryvtt = {
|
foundryvtt = {
|
||||||
rule = "Host(`foundry.flake.sh`)";
|
rule = "Host(`foundry.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "foundryvtt";
|
service = "foundryvtt";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
forgejo = {
|
forgejo = {
|
||||||
rule = "Host(`git.flake.sh`)";
|
rule = "Host(`git.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "forgejo";
|
service = "forgejo";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
middlewares = "cors";
|
middlewares = "cors";
|
||||||
};
|
};
|
||||||
rustypaste = {
|
rustypaste = {
|
||||||
rule = "Host(`i.flake.sh`)";
|
rule = "Host(`i.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "rustypaste";
|
service = "rustypaste";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
grafana = {
|
grafana = {
|
||||||
rule = "Host(`metrics.flake.sh`)";
|
rule = "Host(`metrics.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "grafana";
|
service = "grafana";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
hedgedoc = {
|
hedgedoc = {
|
||||||
rule = "Host(`scratch.flake.sh`)";
|
rule = "Host(`scratch.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "hedgedoc";
|
service = "hedgedoc";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
vaultwarden = {
|
vaultwarden = {
|
||||||
rule = "Host(`vault.flake.sh`)";
|
rule = "Host(`vault.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "vaultwarden";
|
service = "vaultwarden";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
neko = {
|
neko = {
|
||||||
rule = "Host(`neko.flake.sh`)";
|
rule = "Host(`neko.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "neko";
|
service = "neko";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
justlog = {
|
justlog = {
|
||||||
rule = "Host(`logs.flake.sh`)";
|
rule = "Host(`logs.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "justlog";
|
service = "justlog";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
ntfy = {
|
ntfy = {
|
||||||
rule = "Host(`ntfy.flake.sh`)";
|
rule = "Host(`ntfy.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "ntfy-sh";
|
service = "ntfy-sh";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
attic = {
|
attic = {
|
||||||
rule = "Host(`cache.flake.sh`)";
|
rule = "Host(`cache.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "attic";
|
service = "attic";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
minio = {
|
minio = {
|
||||||
rule = "Host(`s3.flake.sh`)";
|
rule = "Host(`s3.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "minio";
|
service = "minio";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
middlewares = "cors-allow-all";
|
middlewares = "cors-allow-all";
|
||||||
};
|
};
|
||||||
woodpecker = {
|
woodpecker = {
|
||||||
rule = "Host(`ci.flake.sh`)";
|
rule = "Host(`ci.${pqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "woodpecker";
|
service = "woodpecker";
|
||||||
tls.domains = [{main = "*.flake.sh";}];
|
tls.domains = [{main = "*.${pqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = let
|
||||||
forgejo.loadBalancer = {
|
sakuraIp = "100.121.201.47:";
|
||||||
passHostHeader = true;
|
soraIp = "100.104.42.96:";
|
||||||
servers = [{url = "http://100.121.201.47:3200";}];
|
in {
|
||||||
};
|
# sora
|
||||||
uptime-kuma.loadBalancer.servers = [{url = "http://100.104.42.96:4000";}];
|
uptime-kuma.loadBalancer.servers = [{url = "http://${soraIp}4000";}];
|
||||||
conduit.loadBalancer.servers = [{url = "http://100.121.201.47:6167";}];
|
foundryvtt.loadBalancer.servers = [{url = "http://${soraIp}30000";}];
|
||||||
authelia.loadBalancer.servers = [{url = "http://100.121.201.47:9091";}];
|
ntfy-sh.loadBalancer.servers = [{url = "http://${soraIp}8090";}];
|
||||||
foundryvtt.loadBalancer.servers = [{url = "http://100.104.42.96:30000";}];
|
attic.loadBalancer.servers = [{url = "http://${soraIp}8200";}];
|
||||||
rustypaste.loadBalancer.servers = [{url = "http://100.121.201.47:8000";}];
|
|
||||||
grafana.loadBalancer.servers = [{url = "http://100.121.201.47:3100";}];
|
# sakura
|
||||||
hedgedoc.loadBalancer.servers = [{url = "http://100.121.201.47:3300";}];
|
forgejo.loadBalancer.servers = [{url = "http://${sakuraIp}3200";}];
|
||||||
vaultwarden.loadBalancer.servers = [{url = "http://100.121.201.47:8222";}];
|
conduit.loadBalancer.servers = [{url = "http://${sakuraIp}6167";}];
|
||||||
searxng.loadBalancer.servers = [{url = "http://100.121.201.47:8100";}];
|
authelia.loadBalancer.servers = [{url = "http://${sakuraIp}9091";}];
|
||||||
neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
|
rustypaste.loadBalancer.servers = [{url = "http://${sakuraIp}8000";}];
|
||||||
justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
|
grafana.loadBalancer.servers = [{url = "http://${sakuraIp}3100";}];
|
||||||
ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}];
|
hedgedoc.loadBalancer.servers = [{url = "http://${sakuraIp}3300";}];
|
||||||
attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}];
|
vaultwarden.loadBalancer.servers = [{url = "http://${sakuraIp}8222";}];
|
||||||
|
searxng.loadBalancer.servers = [{url = "http://${sakuraIp}8100";}];
|
||||||
|
justlog.loadBalancer.servers = [{url = "http://${sakuraIp}8025";}];
|
||||||
|
|
||||||
|
# kaze
|
||||||
minio.loadBalancer.servers = [{url = "http://100.69.79.81:9005";}];
|
minio.loadBalancer.servers = [{url = "http://100.69.79.81:9005";}];
|
||||||
|
|
||||||
|
# tsuru
|
||||||
woodpecker.loadBalancer.servers = [{url = "http://100.82.146.40:8200";}];
|
woodpecker.loadBalancer.servers = [{url = "http://100.82.146.40:8200";}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
distrobox
|
distrobox
|
||||||
vscode-fhs
|
vscode-fhs
|
||||||
obsidian-wayland
|
obsidian-wayland
|
||||||
supersonic-wayland
|
|
||||||
jellyfin-mpv-shim
|
jellyfin-mpv-shim
|
||||||
virt-manager
|
virt-manager
|
||||||
imv
|
imv
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
_: {
|
_: let
|
||||||
|
storagePath = "/home/notoh/docker/stash";
|
||||||
|
in {
|
||||||
virtualisation.oci-containers.containers.stash = {
|
virtualisation.oci-containers.containers.stash = {
|
||||||
image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; # v0.24.3
|
image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; # v0.24.3
|
||||||
ports = ["9999:9999"];
|
ports = ["9999:9999"];
|
||||||
|
@ -11,12 +13,12 @@ _: {
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
"/home/notoh/docker/stash/.config:/root/.stash"
|
"${storagePath}/.config:/root/.stash"
|
||||||
"/home/notoh/docker/stash/data:/data"
|
"${storagePath}/data:/data"
|
||||||
"/home/notoh/docker/stash/.metadata:/metadata"
|
"${storagePath}/.metadata:/metadata"
|
||||||
"/home/notoh/docker/stash/cache:/cache"
|
"${storagePath}/cache:/cache"
|
||||||
"/home/notoh/docker/stash/generated:/generated"
|
"${storagePath}/generated:/generated"
|
||||||
"/home/notoh/docker/stash/blobs:/blobs"
|
"${storagePath}/blobs:/blobs"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,9 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
dynamicConfigOptions = {
|
dynamicConfigOptions = {
|
||||||
http = {
|
http = {
|
||||||
routers = {
|
routers = let
|
||||||
|
fqdn = "internal.flake.sh";
|
||||||
|
in {
|
||||||
# local
|
# local
|
||||||
api = {
|
api = {
|
||||||
rule = "PathPrefix(`/api/`)";
|
rule = "PathPrefix(`/api/`)";
|
||||||
|
@ -21,113 +23,115 @@
|
||||||
service = "api@internal";
|
service = "api@internal";
|
||||||
};
|
};
|
||||||
homepage = {
|
homepage = {
|
||||||
rule = "Host(`dashboard.internal.flake.sh`)";
|
rule = "Host(`dashboard.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "homepage";
|
service = "homepage";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
stash = {
|
stash = {
|
||||||
rule = "Host(`stash.internal.flake.sh`)";
|
rule = "Host(`stash.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "stash";
|
service = "stash";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
jellyfin = {
|
jellyfin = {
|
||||||
rule = "Host(`jellyfin.internal.flake.sh`)";
|
rule = "Host(`jellyfin.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "jellyfin";
|
service = "jellyfin";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
jellyseerr = {
|
jellyseerr = {
|
||||||
rule = "Host(`jellyseerr.internal.flake.sh`)";
|
rule = "Host(`jellyseerr.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "jellyseerr";
|
service = "jellyseerr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
wallos = {
|
wallos = {
|
||||||
rule = "Host(`wallos.internal.flake.sh`)";
|
rule = "Host(`wallos.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "wallos";
|
service = "wallos";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
hass = {
|
hass = {
|
||||||
rule = "Host(`hass.internal.flake.sh`)";
|
rule = "Host(`hass.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "hass";
|
service = "hass";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
paperless = {
|
paperless = {
|
||||||
rule = "Host(`paperless.internal.flake.sh`)";
|
rule = "Host(`paperless.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "paperless";
|
service = "paperless";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
miniflux = {
|
miniflux = {
|
||||||
rule = "Host(`rss.internal.flake.sh`)";
|
rule = "Host(`rss.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "miniflux";
|
service = "miniflux";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
# kariru
|
# kariru
|
||||||
sonarr = {
|
sonarr = {
|
||||||
rule = "Host(`sonarr.internal.flake.sh`)";
|
rule = "Host(`sonarr.${fqdn}`)";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
service = "sonarr";
|
service = "sonarr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
radarr = {
|
radarr = {
|
||||||
rule = "Host(`radarr.internal.flake.sh`)";
|
rule = "Host(`radarr.${fqdn}`)";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
service = "radarr";
|
service = "radarr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
readarr = {
|
readarr = {
|
||||||
rule = "Host(`readarr.internal.flake.sh`)";
|
rule = "Host(`readarr.${fqdn}`)";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
service = "readarr";
|
service = "readarr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
lidarr = {
|
lidarr = {
|
||||||
rule = "Host(`lidarr.internal.flake.sh`)";
|
rule = "Host(`lidarr.${fqdn}`)";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
service = "lidarr";
|
service = "lidarr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
bazarr = {
|
bazarr = {
|
||||||
rule = "Host(`bazarr.internal.flake.sh`)";
|
rule = "Host(`bazarr.${fqdn}`)";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
service = "bazarr";
|
service = "bazarr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
whisparr = {
|
whisparr = {
|
||||||
rule = "Host(`whisparr.internal.flake.sh`)";
|
rule = "Host(`whisparr.${fqdn}`)";
|
||||||
entryPoints = ["websecure"];
|
entryPoints = ["websecure"];
|
||||||
service = "whisparr";
|
service = "whisparr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
prowlarr = {
|
prowlarr = {
|
||||||
rule = "Host(`prowlarr.internal.flake.sh`)";
|
rule = "Host(`prowlarr.${fqdn}`)";
|
||||||
entrypoints = ["websecure"];
|
entrypoints = ["websecure"];
|
||||||
service = "prowlarr";
|
service = "prowlarr";
|
||||||
tls.domains = [{main = "*.internal.flake.sh";}];
|
tls.domains = [{main = "*.${fqdn}";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = let
|
||||||
|
kariruHost = "192.168.1.54:";
|
||||||
|
in {
|
||||||
# local
|
# local
|
||||||
stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
|
stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
|
||||||
homepage.loadBalancer.servers = [{url = "http://localhost:7676";}];
|
homepage.loadBalancer.servers = [{url = "http://localhost:7676";}];
|
||||||
|
@ -138,13 +142,13 @@
|
||||||
paperless.loadBalancer.servers = [{url = "http://localhost:28981";}];
|
paperless.loadBalancer.servers = [{url = "http://localhost:28981";}];
|
||||||
miniflux.loadBalancer.servers = [{url = "http://localhost:9000";}];
|
miniflux.loadBalancer.servers = [{url = "http://localhost:9000";}];
|
||||||
# kariru
|
# kariru
|
||||||
sonarr.loadBalancer.servers = [{url = "http://192.168.1.54:8989";}];
|
sonarr.loadBalancer.servers = [{url = "http://${kariruHost}8989";}];
|
||||||
radarr.loadBalancer.servers = [{url = "http://192.168.1.54:7878";}];
|
radarr.loadBalancer.servers = [{url = "http://${kariruHost}7878";}];
|
||||||
readarr.loadBalancer.servers = [{url = "http://192.168.1.54:8787";}];
|
readarr.loadBalancer.servers = [{url = "http://${kariruHost}8787";}];
|
||||||
lidarr.loadBalancer.servers = [{url = "http://192.168.1.54:8686";}];
|
lidarr.loadBalancer.servers = [{url = "http://${kariruHost}8686";}];
|
||||||
bazarr.loadBalancer.servers = [{url = "http://192.168.1.54:6767";}];
|
bazarr.loadBalancer.servers = [{url = "http://${kariruHost}6767";}];
|
||||||
whisparr.loadBalancer.servers = [{url = "http://192.168.1.54:6969";}];
|
whisparr.loadBalancer.servers = [{url = "http://${kariruHost}6969";}];
|
||||||
prowlarr.loadBalancer.servers = [{url = "http://192.168.1.54:9696";}];
|
prowlarr.loadBalancer.servers = [{url = "http://${kariruHost}9696";}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue