Avery/NixOS
Avery/NixOS
1
0
Fork 0
Code Activity

refactor(greatyamada): Change port definitions format

Browse source
This commit is contained in:
Avery 2025-07-22 12:30:44 +02:00
parent f71272abe5
commit 0e6432592d
Signed by: Avery
GPG key ID: B684FD451B692E04
12 changed files with 64 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

43
hosts/greatyamada/services/_port-definitions.nix
View file

@ -1,21 +1,30 @@
{
tcp = {
minecraft = 13914;
minecraft-fabric-prod-bluemap = 8100;
adguardhome = {
dns = 53;
http = 3001;
};
forgejo = 3000;
jellyfin = 8096;
koito = 4110;
minecraft = {
fabric_prod = {
server = 13914;
bluemap = 8100;
};
};
nginx = 443;
pgadmin = 5050;
postgresql = 5432;
radicale = 5232;
searxng = 8888;
vaultwarden = 8222;
};
udp = {
adguardhome = {
dns = 53;
dhcp = 67;
};
wireguard = 51820;
};
adguardhome-dns = 53;
adguardhome-http = 3001;
adguardhome-dhcp-udp = 67;
forgejo-http = 3000;
jellyfin-http = 8096;
koito = 4110;
navidrome-https = 4533;
nginx-https = 443;
ntfy-http = 2586;
pgadmin = 5050;
postgresql = 5432;
radicale-http = 5232;
searxng = 8888;
wireguard = 51820;
vaultwarden = 8222;
}

15
hosts/greatyamada/services/adguardhome.nix
View file

@ -1,27 +1,26 @@
{ ... }:
let
portDefinitions = import ./_port-definitions.nix;
ports = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix;
in {
networking.firewall = {
allowedTCPPorts = [ portDefinitions.adguardhome-dns ];
allowedUDPPorts =
[ portDefinitions.adguardhome-dns portDefinitions.adguardhome-dhcp-udp ];
allowedTCPPorts = with ports.tcp.adguardhome; [ dns ];
allowedUDPPorts = with ports.udp.adguardhome; [ dns dhcp ];
};
services = {
adguardhome = {
enable = true;
allowDHCP = true;
mutableSettings = true;
port = portDefinitions.adguardhome-http;
port = ports.tcp.adguardhome.http;
settings = {
http = {
address = "127.0.0.1:${toString portDefinitions.adguardhome-http}";
address = "127.0.0.1:${toString ports.tcp.adguardhome.http}";
session_ttl = "720h";
};
dns = {
bind_hosts = [ "10.0.0.1" ];
port = portDefinitions.adguardhome-dns;
port = ports.tcp.adguardhome.dns;
anonymize_client_ip = false;
ratelimit = 0;
upstream_dns = [ "https://dns10.quad9.net/dns-query" ];
@ -267,7 +266,7 @@ in {
nginx.virtualHosts."dns.rcia.dev" = {
forceSSL = true;
locations."/".proxyPass =
"http://127.0.0.1:${toString portDefinitions.adguardhome-http}";
"http://127.0.0.1:${toString ports.tcp.adguardhome.http}";
extraConfig = nginxLocalServiceConfig;
useACMEHost = "rcia.dev";
};

8
hosts/greatyamada/services/forgejo.nix
View file

@ -1,6 +1,6 @@
{ pkgs, lib, ... }:
let
portDefinitions = import ./_port-definitions.nix;
ports = import ./_port-definitions.nix;
arrayToSecrets = elements:
builtins.listToAttrs (map (key: {
name = "forgejo/${key}";
@ -13,7 +13,7 @@ in {
package = pkgs.forgejo;
database = {
type = "postgres";
port = portDefinitions.postgresql;
port = ports.tcp.postgresql;
passwordFile = "/run/secrets/forgejo/database_password";
};
secrets = {
@ -30,7 +30,7 @@ in {
server = {
DOMAIN = "git.rcia.dev";
ROOT_URL = "https://git.rcia.dev";
HTTP_PORT = portDefinitions.forgejo-http;
HTTP_PORT = ports.tcp.forgejo;
DISABLE_SSH = true;
LFS_START_SERVER = true;
};
@ -43,7 +43,7 @@ in {
};
nginx.virtualHosts."git.rcia.dev" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString portDefinitions.forgejo-http}";
proxyPass = "http://127.0.0.1:${toString ports.tcp.forgejo}";
};
forceSSL = true;
useACMEHost = "rcia.dev";

4
hosts/greatyamada/services/jellyfin.nix
View file

@ -1,11 +1,11 @@
{ ... }:
let portDefinitions = import ./_port-definitions.nix;
let ports = import ./_port-definitions.nix;
in {
services = {
jellyfin.enable = true;
nginx.virtualHosts."jellyfin.rcia.dev" = {
locations."/".proxyPass =
"http://127.0.0.1:${toString portDefinitions.jellyfin-http}";
"http://127.0.0.1:${toString ports.tcp.jellyfin}";
forceSSL = true;
useACMEHost = "rcia.dev";
};

9
hosts/greatyamada/services/koito.nix
View file

@ -1,7 +1,5 @@
{ pkgs, lib, config, ... }:
let
portDefinitions = import ./_port-definitions.nix;
nginxLocalConfig = import ./nginx-local-config.nix;
let ports = import ./_port-definitions.nix;
in {
virtualisation.oci-containers.containers."koito" = {
image = "gabehf/koito:latest";
@ -12,7 +10,7 @@ in {
};
environmentFiles = [ config.sops.templates."koito.env".path ];
volumes = [ "/mnt/hdd-01/koito:/etc/koito:rw" ];
ports = [ "${toString portDefinitions.koito}:4110/tcp" ];
ports = [ "${toString ports.tcp.koito}:4110/tcp" ];
log-driver = "journald";
extraOptions = [ "--network-alias=koito" "--network=koito_default" ];
};
@ -25,8 +23,7 @@ in {
};
services.nginx.virtualHosts."koito.rcia.dev" = {
locations."/".proxyPass =
"http://localhost:${toString portDefinitions.koito}";
locations."/".proxyPass = "http://localhost:${toString ports.tcp.koito}";
forceSSL = true;
useACMEHost = "rcia.dev";
};

7
hosts/greatyamada/services/minecraft/default.nix
View file

@ -25,7 +25,8 @@ let
}) players;
in {
environment.systemPackages = with pkgs; [ mcrcon ];
networking.firewall.allowedTCPPorts = with ports.tcp; [ minecraft ];
networking.firewall.allowedTCPPorts = with ports.tcp.minecraft;
[ fabric_prod.server ];
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services = {
minecraft-servers = {
@ -60,7 +61,7 @@ in {
pause-when-empty-seconds = 60;
pvp = true;
"rcon.password" = "@MINECRAFT_RCON_PASSWORD@";
server-port = ports.tcp.minecraft;
server-port = ports.tcp.minecraft.fabric_prod.server;
simulation-distance = 10;
spawn-protection = 0;
view-distance = 10;
@ -176,7 +177,7 @@ in {
};
"~* ^/fabric_prod/(maps/[^/\\s]*/live/.*)" = {
proxyPass = "http://127.0.0.1:${
toString ports.tcp.minecraft-fabric-prod-bluemap
toString ports.tcp.minecraft.fabric-prod.bluemap
}/$1";
extraConfig = ''
error_page 502 504 = @server-offline;

6
hosts/greatyamada/services/pgadmin.nix
View file

@ -1,6 +1,6 @@
{ ... }:
let
_portDefinitions = import ./_port-definitions.nix;
ports = import ./_port-definitions.nix;
nginxLocalConfig = import ./nginx-local-config.nix;
in {
services = {
@ -9,11 +9,11 @@ in {
initialEmail = "avery@localhost";
initialPasswordFile = "/dev/null";
minimumPasswordLength = 0;
port = _portDefinitions.pgadmin;
port = ports.tcp.pgadmin;
};
nginx.virtualHosts."pgadmin.rcia.dev" = {
locations."/".proxyPass =
"http://localhost:${toString _portDefinitions.pgadmin}";
"http://localhost:${toString ports.tcp.pgadmin}";
forceSSL = true;
useACMEHost = "rcia.dev";
extraConfig = nginxLocalConfig;

4
hosts/greatyamada/services/postgresql.nix
View file

@ -1,5 +1,5 @@
{ config, pkgs, ... }:
let portDefinitions = import ./_port-definitions.nix;
let ports = import ./_port-definitions.nix;
in {
services.postgresql = {
enable = true;
@ -7,7 +7,7 @@ in {
enableTCPIP = true;
dataDir =
"/mnt/ssd-01/postgresql/${config.services.postgresql.package.psqlSchema}";
settings.port = portDefinitions.postgresql;
settings.port = ports.tcp.postgresql;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust

8
hosts/greatyamada/services/radicale.nix
View file

@ -1,14 +1,13 @@
{ ... }:
let
nginxLocalServiceConfig = import ./nginx-local-config.nix;
portDefinitions = import ./_port-definitions.nix;
ports = import ./_port-definitions.nix;
in {
services = {
radicale = {
enable = true;
settings = {
server.hosts =
[ "127.0.0.1:${toString portDefinitions.radicale-http}" ];
server.hosts = [ "127.0.0.1:${toString ports.tcp.radicale}" ];
auth = {
type = "htpasswd";
htpasswd_filename = "/var/lib/radicale/users";
@ -18,8 +17,7 @@ in {
};
nginx.virtualHosts."radicale.rcia.dev" = {
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString portDefinitions.radicale-http}";
proxyPass = "http://127.0.0.1:${toString ports.tcp.radicale}";
};
forceSSL = true;
useACMEHost = "rcia.dev";

8
hosts/greatyamada/services/searxng.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }:
let
portDefinitions = import ./_port-definitions.nix;
ports = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix;
in {
services = {
@ -12,13 +12,13 @@ in {
# runInUwsgi = true;
# uwsgiConfig = {
# socket = "/run/searx/searxng.sock";
# http = ":${toString portDefinitions.searxng}";
# http = ":${toString ports.searxng}";
# chmod-socket = "660";
# };
settings = {
base_url = "https://searxng.rcia.dev";
bind_address = "127.0.0.1";
port = portDefinitions.searxng;
port = ports.tcp.searxng;
public_instance = false;
limiter = false;
};
@ -26,7 +26,7 @@ in {
};
nginx.virtualHosts."searxng.rcia.dev" = {
locations."/".proxyPass =
"http://127.0.0.1:${toString portDefinitions.searxng}";
"http://127.0.0.1:${toString ports.tcp.searxng}";
extraConfig = nginxLocalServiceConfig;
forceSSL = true;
useACMEHost = "rcia.dev";

6
hosts/greatyamada/services/vaultwarden.nix
View file

@ -1,6 +1,6 @@
{ config, ... }:
let
portDefinitions = import ./_port-definitions.nix;
ports = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix;
in {
services = {
@ -10,7 +10,7 @@ in {
config = {
domain = "https://vaultwarden.rcia.dev";
rocketAddress = "127.0.0.1";
rocketPort = portDefinitions.vaultwarden;
rocketPort = ports.tcp.vaultwarden;
showPasswordHint = false;
signupsAllowed = false;
};
@ -18,7 +18,7 @@ in {
};
nginx.virtualHosts."vaultwarden.rcia.dev" = {
locations."/".proxyPass =
"http://localhost:${toString portDefinitions.vaultwarden}";
"http://localhost:${toString ports.tcp.vaultwarden}";
forceSSL = true;
useACMEHost = "rcia.dev";
extraConfig = nginxLocalServiceConfig;

6
hosts/greatyamada/services/wireguard.nix
View file

@ -1,5 +1,5 @@
{ pkgs, ... }:
let portDefinitions = import ./_port-definitions.nix;
let ports = import ./_port-definitions.nix;
in {
networking = {
nat = {
@ -7,12 +7,12 @@ in {
externalInterface = "enp5s0";
internalInterfaces = [ "wg0" ];
};
firewall.allowedUDPPorts = [ portDefinitions.wireguard ];
firewall.allowedUDPPorts = with ports.udp; [ wireguard ];
wireguard = {
enable = true;
interfaces.wg0 = {
ips = [ "10.10.0.1/24" ];
listenPort = portDefinitions.wireguard;
listenPort = ports.udp.wireguard;
peers = [{
allowedIPs = [ "10.10.0.2/32" ];
name = "Pixel9a";