macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor setup

Browse source
This commit is contained in:
Invariantspace 2023-12-06 21:46:16 -08:00
parent b6b118f819
commit a7e892635c
16 changed files with 124 additions and 210 deletions
Download patch file Download diff file Expand all files Collapse all files

35
linux/singularity/caddy.nix
View file

@ -1,4 +1,4 @@
{ config, ... }:
{ config, pkgs, ... }:
{
services.caddy = {
@ -7,24 +7,31 @@
virtualHosts =
let
dn = config.constants.domain;
hsCfg = config.services.headscale;
home = "100.64.0.3";
local = config.constants.localhost;
msfqdn = config.mailserver.fqdn;
mtfqdn = "matrix.${dn}";
vaultCfg = config.services.vaultwarden.config;
portStr = builtins.mapAttrs (n: v: toString v) config.constants.port;
wn = s: "/.well-known/${s}";
in
{
"${dn}".extraConfig = let wnm = wn "matrix"; in ''
header ${wnm}/* Content-Type application/json
header ${wnm}/* Access-Control-Allow-Origin *
respond ${wnm}/server `{ "m.server": "${mtfqdn}:${toString config.constants.port.https}" }`
respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }`
respond ${wnm}/client `{
"m.homeserver": { "base_url": "https://${mtfqdn}" },
"m.identity_server": { "base_url": "https://${mtfqdn}" }
}`
'';
"forgejo.${dn}".extraConfig = ''
reverse_proxy ${home}:${portStr.forgejo}
'';
"headscale.${dn}".extraConfig = ''
reverse_proxy ${hsCfg.address}:${toString hsCfg.port}
reverse_proxy ${local}:${portStr.headscale}
'';
"jellyfin.${dn}".extraConfig = ''
reverse_proxy ${home}:${portStr.jellyfin}
'';
${msfqdn} = {
extraConfig = ''
@ -34,17 +41,17 @@
'';
useACMEHost = msfqdn;
};
"matrix.${dn}".extraConfig = ''
reverse_proxy /_matrix/* ${home}:${portStr.conduit}
file_server {
root ${pkgs.cinny}
}
'';
"vault.${dn}".extraConfig =
''
reverse_proxy /notifications/hub/negotiate ${vaultCfg.ROCKET_ADDRESS}:${
toString vaultCfg.ROCKET_PORT
}
reverse_proxy /notifications/hub ${vaultCfg.WEBSOCKET_ADDRESS}:${
toString vaultCfg.WEBSOCKET_PORT
}
reverse_proxy ${vaultCfg.ROCKET_ADDRESS}:${
toString vaultCfg.ROCKET_PORT
} {
reverse_proxy /notifications/hub/negotiate ${local}:${portStr.vault-rkt}
reverse_proxy /notifications/hub ${local}:${portStr.vault-ws}
reverse_proxy ${local}:${portStr.vault-rkt} {
header_up X-Real-IP {remote_host}
}
'';

7
linux/singularity/headscale.nix
View file

@ -1,16 +1,15 @@
{ config, ... }:
{
services = let const = config.constants; in {
headscale = {
services = {
headscale = let const = config.constants; in {
enable = true;
address = const.localhost;
port = 27327;
port = const.port.headscale;
settings.server_url = "https://headscale.${const.domain}";
};
tailscale = {
enable = true;
extraUpFlags = [ "--advertise-exit-node" ];
port = 27919;
useRoutingFeatures = "both";
};

23
linux/singularity/mailserver.nix
View file

@ -6,20 +6,19 @@ let
mailSecret = "mail/${usr}/password";
in
{
mailserver =
{
enable = true;
fqdn = "mail.${dn}";
domains = [ dn ];
mailserver = {
enable = true;
fqdn = "mail.${dn}";
domains = [ dn ];
loginAccounts = {
"${usr}@${dn}" = {
aliases = [ config.constants.postMaster ];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
};
loginAccounts = {
"${usr}@${dn}" = {
aliases = [ config.constants.postMaster ];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
};
certificateScheme = "acme";
};
certificateScheme = "acme";
};
sops.secrets.${mailSecret} = { };
}

12
linux/singularity/vaultwarden.nix
View file

@ -1,18 +1,18 @@
{ config, ... }:
{
services.vaultwarden = let lh = config.constants.localhost; in {
services.vaultwarden = {
enable = true;
config = {
config = let const = config.constants; in {
# Disable signup
SIGNUPS_ALLOWED = false;
# Specify service port
ROCKET_ADDRESS = lh;
ROCKET_PORT = 25487;
ROCKET_ADDRESS = const.localhost;
ROCKET_PORT = const.port.vault-rkt;
# Specify notification port
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = lh;
WEBSOCKET_PORT = 40513;
WEBSOCKET_ADDRESS = const.localhost;
WEBSOCKET_PORT = const.port.vault-ws;
};
};
}