adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

all: more cleanup

Browse source
This commit is contained in:
Adithya 2024-11-17 14:06:41 +05:30
parent 65c76aea2a
commit 3ede041796
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
22 changed files with 53 additions and 191 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/layne/services/apps/bazarr.nix
View file

@ -1,6 +1,5 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
user = "mediaserver"; user = "mediaserver";
group = "mediaserver"; group = "mediaserver";
dataDir = "/mnt/data/bazarr"; dataDir = "/mnt/data/bazarr";
@ -8,7 +7,6 @@ let
in in
{ {
services.caddy.virtualHosts."bazarr.labs.adtya.xyz" = { services.caddy.virtualHosts."bazarr.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:${toString port} reverse_proxy 127.0.0.1:${toString port}
''; '';

8
hosts/layne/services/apps/jellyfin.nix
View file

@ -1,19 +1,13 @@
_: _: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
services = { services = {
caddy = { caddy = {
virtualHosts = { virtualHosts = {
"jellyfin.local.adtya.xyz" = { "jellyfin.local.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8096 reverse_proxy 127.0.0.1:8096
''; '';
}; };
"jellyfin.labs.adtya.xyz" = { "jellyfin.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8096 reverse_proxy 127.0.0.1:8096
''; '';

7
hosts/layne/services/apps/lidarr.nix
View file

@ -1,11 +1,6 @@
_: _: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
services = { services = {
caddy.virtualHosts."lidarr.labs.adtya.xyz" = { caddy.virtualHosts."lidarr.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8686 reverse_proxy 127.0.0.1:8686
''; '';

2
hosts/layne/services/apps/prowlarr.nix
View file

@ -1,13 +1,11 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
user = "mediaserver"; user = "mediaserver";
group = "mediaserver"; group = "mediaserver";
dataDir = "/mnt/data/prowlarr"; dataDir = "/mnt/data/prowlarr";
in in
{ {
services.caddy.virtualHosts."prowlarr.labs.adtya.xyz" = { services.caddy.virtualHosts."prowlarr.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:9696 reverse_proxy 127.0.0.1:9696
''; '';

7
hosts/layne/services/apps/radarr.nix
View file

@ -1,11 +1,6 @@
_: _: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
services = { services = {
caddy.virtualHosts."radarr.labs.adtya.xyz" = { caddy.virtualHosts."radarr.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:7878 reverse_proxy 127.0.0.1:7878
''; '';

7
hosts/layne/services/apps/readarr.nix
View file

@ -1,11 +1,6 @@
_: _: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
services = { services = {
caddy.virtualHosts."readarr.labs.adtya.xyz" = { caddy.virtualHosts."readarr.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8787 reverse_proxy 127.0.0.1:8787
''; '';

7
hosts/layne/services/apps/sonarr.nix
View file

@ -1,11 +1,6 @@
_: _: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
services = { services = {
caddy.virtualHosts."sonarr.labs.adtya.xyz" = { caddy.virtualHosts."sonarr.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8989 reverse_proxy 127.0.0.1:8989
''; '';

7
hosts/layne/services/apps/transmission.nix
View file

@ -1,12 +1,7 @@
{ pkgs, ... }: { pkgs, ... }: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
services = { services = {
caddy = { caddy = {
virtualHosts."transmission.labs.adtya.xyz" = { virtualHosts."transmission.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:9091 reverse_proxy 127.0.0.1:9091
''; '';

7
hosts/rico1/services/apps/blocky.nix
View file

@ -1,16 +1,11 @@
_: _:
let let domainName = "blocky.rico1.labs.adtya.xyz"; in {
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "blocky.rico1.labs.adtya.xyz";
in
{
imports = [ imports = [
../../../shared/blocky.nix ../../../shared/blocky.nix
]; ];
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8080 reverse_proxy 127.0.0.1:8080
''; '';

10
hosts/rico1/services/apps/default.nix
View file

@ -1,8 +1,4 @@
_: _: {
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
in
{
imports = [ imports = [
./blocky.nix ./blocky.nix
./prometheus.nix ./prometheus.nix
@ -14,25 +10,21 @@ in
services.caddy = { services.caddy = {
virtualHosts = { virtualHosts = {
"gateway.labs.adtya.xyz" = { "gateway.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 192.168.0.1:80 reverse_proxy 192.168.0.1:80
''; '';
}; };
"ap1.labs.adtya.xyz" = { "ap1.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 192.168.1.1:80 reverse_proxy 192.168.1.1:80
''; '';
}; };
"ap2.labs.adtya.xyz" = { "ap2.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 192.168.1.2:80 reverse_proxy 192.168.1.2:80
''; '';
}; };
"switch.labs.adtya.xyz" = { "switch.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 192.168.1.3:80 reverse_proxy 192.168.1.3:80
''; '';

7
hosts/rico1/services/apps/loki/default.nix
View file

@ -1,13 +1,8 @@
_: _:
let let domainName = "loki.labs.adtya.xyz"; in {
inherit (import ../../../../shared/caddy-helpers.nix) logFormat;
domainName = "loki.labs.adtya.xyz";
in
{
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:3100 reverse_proxy 127.0.0.1:3100
''; '';

70
hosts/rico1/services/apps/prometheus.nix
View file

@ -1,13 +1,8 @@
_: _:
let let domainName = "prometheus.labs.adtya.xyz"; in {
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "prometheus.labs.adtya.xyz";
in
{
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:9090 reverse_proxy 127.0.0.1:9090
''; '';
@ -32,66 +27,57 @@ in
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "ntfy"; job_name = "ntfy";
scheme = "https";
metrics_path = "/ntfy-metrics";
static_configs = [ static_configs = [
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.13:8081" ]; }
]; ];
} }
{ {
job_name = "caddy"; job_name = "caddy";
scheme = "https";
metrics_path = "/caddy-metrics";
static_configs = [ static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; } { targets = [ "10.10.10.1:2019" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; } { targets = [ "10.10.10.10:2019" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; } { targets = [ "10.10.10.11:2019" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.12:2019" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.13:2019" ]; }
{ targets = [ "10.10.10.14:2019" ]; }
]; ];
} }
{ {
job_name = "postgres"; job_name = "postgres";
scheme = "https";
metrics_path = "/postgres-metrics";
static_configs = [ static_configs = [
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.13:9187" ]; }
]; ];
} }
{ {
job_name = "systemd"; job_name = "systemd";
scheme = "https";
metrics_path = "/systemd-metrics";
static_configs = [ static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; } { targets = [ "10.10.10.1:9558" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; } { targets = [ "10.10.10.10:9558" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; } { targets = [ "10.10.10.11:9558" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.12:9558" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.13:9558" ]; }
{ targets = [ "10.10.10.14:9558" ]; }
]; ];
} }
{ {
job_name = "smartctl"; job_name = "smartctl";
scheme = "https";
metrics_path = "/smartctl-metrics";
static_configs = [ static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; } { targets = [ "10.10.10.10:9633" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; } { targets = [ "10.10.10.11:9633" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; } { targets = [ "10.10.10.12:9633" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.13:9633" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.14:9633" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; }
]; ];
} }
{ {
job_name = "node"; job_name = "node";
scheme = "https";
static_configs = [ static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; } { targets = [ "10.10.10.1:9100" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; } { targets = [ "10.10.10.10:9100" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; } { targets = [ "10.10.10.11:9100" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.12:9100" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; } { targets = [ "10.10.10.13:9100" ]; }
{ targets = [ "10.10.10.14:9100" ]; }
]; ];
} }
{ {
@ -104,10 +90,8 @@ in
} }
{ {
job_name = "redis"; job_name = "redis";
scheme = "https";
metrics_path = "/redis-metrics";
static_configs = [ static_configs = [
{ targets = [ "rico1.labs.adtya.xyz" ]; } { targets = [ "10.10.10.11:9121" ]; }
]; ];
} }
]; ];

12
hosts/rico1/services/apps/redis.nix
View file

@ -1,20 +1,16 @@
_: { { config, ... }: {
services = { services = {
prometheus.exporters.redis = { prometheus.exporters.redis = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = config.nodeconfig.facts.wireguard-ip;
port = 9121; port = 9121;
}; };
redis.servers = { redis.servers = {
blocky = { default = {
enable = true; enable = true;
bind = "10.10.10.11"; bind = "10.10.10.11";
port = 6379; port = 6379;
}; extraParams = [ "--protected-mode no" ];
caddy = {
enable = true;
bind = "10.10.10.11";
port = 6380;
}; };
}; };
}; };

2
hosts/rico2/network/wireguard.nix
View file

@ -1,5 +1,5 @@
{ config, ... }: { config, ... }:
let wireguard-peers = import ../shared/wireguard-peers.nix; in { let wireguard-peers = import ../../shared/wireguard-peers.nix; in {
sops.secrets = { sops.secrets = {
"wireguard/rico2/pk" = { "wireguard/rico2/pk" = {
mode = "400"; mode = "400";

7
hosts/rico2/services/apps/alertmanager.nix
View file

@ -1,13 +1,8 @@
_: _:
let let domainName = "alertmanager.labs.adtya.xyz"; in {
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "alertmanager.labs.adtya.xyz";
in
{
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:9093 reverse_proxy 127.0.0.1:9093
''; '';

7
hosts/rico2/services/apps/blocky.nix
View file

@ -1,16 +1,11 @@
_: _:
let let domainName = "blocky.rico2.labs.adtya.xyz"; in {
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "blocky.rico2.labs.adtya.xyz";
in
{
imports = [ imports = [
../../../shared/blocky.nix ../../../shared/blocky.nix
]; ];
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:8080 reverse_proxy 127.0.0.1:8080
''; '';

7
hosts/rico2/services/apps/grafana.nix
View file

@ -1,13 +1,8 @@
_: _:
let let domainName = "grafana.labs.adtya.xyz"; in {
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "grafana.labs.adtya.xyz";
in
{
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy 127.0.0.1:9091 reverse_proxy 127.0.0.1:9091
''; '';

2
hosts/rico2/services/apps/homepage.nix
View file

@ -1,6 +1,5 @@
{ config, ... }: { config, ... }:
let let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "homepage.labs.adtya.xyz"; domainName = "homepage.labs.adtya.xyz";
cfg = config.services.glance; cfg = config.services.glance;
in in
@ -8,7 +7,6 @@ in
services = { services = {
caddy = { caddy = {
virtualHosts."${domainName}" = { virtualHosts."${domainName}" = {
inherit logFormat;
extraConfig = '' extraConfig = ''
reverse_proxy ${cfg.settings.server.host}:${toString cfg.settings.server.port} reverse_proxy ${cfg.settings.server.host}:${toString cfg.settings.server.port}
''; '';

1
hosts/shared/caddy.nix
View file

@ -12,6 +12,7 @@
enable = true; enable = true;
package = inputs.caddy.packages.${pkgs.system}.caddy; package = inputs.caddy.packages.${pkgs.system}.caddy;
email = "admin@acomputer.lol"; email = "admin@acomputer.lol";
enableReload = false;
globalConfig = '' globalConfig = ''
admin ${config.nodeconfig.facts.wireguard-ip}:2019 admin ${config.nodeconfig.facts.wireguard-ip}:2019
acme_dns hetzner {env.HETZNER_ACCESS_TOKEN} acme_dns hetzner {env.HETZNER_ACCESS_TOKEN}

41
hosts/shared/prometheus-exporters.nix
View file

@ -1,53 +1,20 @@
{ lib, config, ... }: { { config, ... }: {
services = { services = {
caddy =
let
vHost = "${config.networking.hostName}.labs.adtya.xyz";
in
{
virtualHosts."${vHost}" = {
extraConfig = ''
handle /metrics {
reverse_proxy ${config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}
}
handle /smartctl-metrics {
uri replace /smartctl-metrics /metrics
reverse_proxy ${config.services.prometheus.exporters.smartctl.listenAddress}:${toString config.services.prometheus.exporters.smartctl.port}
}
handle /systemd-metrics {
uri replace /systemd-metrics /metrics
reverse_proxy ${config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}
}
${lib.optionalString config.services.prometheus.exporters.postgres.enable ''
handle /postgres-metrics {
uri replace /postgres-metrics /metrics
reverse_proxy ${config.services.prometheus.exporters.postgres.listenAddress}:${toString config.services.prometheus.exporters.postgres.port}
}
''}
${lib.optionalString config.services.prometheus.exporters.redis.enable ''
handle /redis-metrics {
uri replace /redis-metrics /metrics
reverse_proxy ${config.services.prometheus.exporters.redis.listenAddress}:${toString config.services.prometheus.exporters.redis.port}
}
''}
'';
};
};
prometheus.exporters = { prometheus.exporters = {
node = { node = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = config.nodeconfig.facts.wireguard-ip;
port = 9100; port = 9100;
enabledCollectors = [ "systemd" "processes" ]; enabledCollectors = [ "systemd" "processes" ];
}; };
smartctl = { smartctl = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = config.nodeconfig.facts.wireguard-ip;
port = 9633; port = 9633;
}; };
systemd = { systemd = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = config.nodeconfig.facts.wireguard-ip;
port = 9558; port = 9558;
}; };

22
hosts/wynne/services/apps/ntfy.nix
View file

@ -1,28 +1,12 @@
{ lib, config, ... }: { lib, ... }:
let let domainName = "ntfy.acomputer.lol"; in {
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "ntfy.acomputer.lol";
in
{
services = { services = {
caddy.virtualHosts = {
"${config.networking.hostName}.labs.adtya.xyz" = {
inherit logFormat;
extraConfig = ''
handle /ntfy-metrics {
uri replace /ntfy-metrics /metrics
reverse_proxy ${config.services.ntfy-sh.settings.metrics-listen-http}
}
'';
};
};
ntfy-sh = { ntfy-sh = {
enable = true; enable = true;
settings = { settings = {
base-url = "https://${domainName}"; base-url = "https://${domainName}";
listen-http = "10.10.10.13:8080"; listen-http = "10.10.10.13:8080";
metrics-listen-http = "127.0.0.1:8081"; metrics-listen-http = "10.10.10.13:8081";
auth-file = "/mnt/data/ntfy-sh/user.db"; auth-file = "/mnt/data/ntfy-sh/user.db";
attachment-cache-dir = "/mnt/data/ntfy-sh/attachments"; attachment-cache-dir = "/mnt/data/ntfy-sh/attachments";
cache-file = "/mnt/data/ntfy-sh/cache-file.db"; cache-file = "/mnt/data/ntfy-sh/cache-file.db";

2
hosts/wynne/services/apps/postgresql.nix
View file

@ -2,7 +2,7 @@
services = { services = {
prometheus.exporters.postgres = { prometheus.exporters.postgres = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = config.nodeconfig.facts.wireguard-ip;
port = 9187; port = 9187;
runAsLocalSuperUser = true; runAsLocalSuperUser = true;
}; };