From 0e6432592d270c78303aab832a3468e606eb223d Mon Sep 17 00:00:00 2001 From: Avery Date: Tue, 22 Jul 2025 12:30:44 +0200 Subject: [PATCH] refactor(greatyamada): Change port definitions format --- .../services/_port-definitions.nix | 43 +++++++++++-------- hosts/greatyamada/services/adguardhome.nix | 15 +++---- hosts/greatyamada/services/forgejo.nix | 8 ++-- hosts/greatyamada/services/jellyfin.nix | 4 +- hosts/greatyamada/services/koito.nix | 9 ++-- .../services/minecraft/default.nix | 7 +-- hosts/greatyamada/services/pgadmin.nix | 6 +-- hosts/greatyamada/services/postgresql.nix | 4 +- hosts/greatyamada/services/radicale.nix | 8 ++-- hosts/greatyamada/services/searxng.nix | 8 ++-- hosts/greatyamada/services/vaultwarden.nix | 6 +-- hosts/greatyamada/services/wireguard.nix | 6 +-- 12 files changed, 64 insertions(+), 60 deletions(-) diff --git a/hosts/greatyamada/services/_port-definitions.nix b/hosts/greatyamada/services/_port-definitions.nix index 26a74dc..67957e5 100644 --- a/hosts/greatyamada/services/_port-definitions.nix +++ b/hosts/greatyamada/services/_port-definitions.nix @@ -1,21 +1,30 @@ { tcp = { - minecraft = 13914; - minecraft-fabric-prod-bluemap = 8100; + adguardhome = { + dns = 53; + http = 3001; + }; + forgejo = 3000; + jellyfin = 8096; + koito = 4110; + minecraft = { + fabric_prod = { + server = 13914; + bluemap = 8100; + }; + }; + nginx = 443; + pgadmin = 5050; + postgresql = 5432; + radicale = 5232; + searxng = 8888; + vaultwarden = 8222; + }; + udp = { + adguardhome = { + dns = 53; + dhcp = 67; + }; + wireguard = 51820; }; - adguardhome-dns = 53; - adguardhome-http = 3001; - adguardhome-dhcp-udp = 67; - forgejo-http = 3000; - jellyfin-http = 8096; - koito = 4110; - navidrome-https = 4533; - nginx-https = 443; - ntfy-http = 2586; - pgadmin = 5050; - postgresql = 5432; - radicale-http = 5232; - searxng = 8888; - wireguard = 51820; - vaultwarden = 8222; } diff --git a/hosts/greatyamada/services/adguardhome.nix b/hosts/greatyamada/services/adguardhome.nix index 24e4d7e..f5c0fe8 100644 --- a/hosts/greatyamada/services/adguardhome.nix +++ b/hosts/greatyamada/services/adguardhome.nix @@ -1,27 +1,26 @@ { ... }: let - portDefinitions = import ./_port-definitions.nix; + ports = import ./_port-definitions.nix; nginxLocalServiceConfig = import ./nginx-local-config.nix; in { networking.firewall = { - allowedTCPPorts = [ portDefinitions.adguardhome-dns ]; - allowedUDPPorts = - [ portDefinitions.adguardhome-dns portDefinitions.adguardhome-dhcp-udp ]; + allowedTCPPorts = with ports.tcp.adguardhome; [ dns ]; + allowedUDPPorts = with ports.udp.adguardhome; [ dns dhcp ]; }; services = { adguardhome = { enable = true; allowDHCP = true; mutableSettings = true; - port = portDefinitions.adguardhome-http; + port = ports.tcp.adguardhome.http; settings = { http = { - address = "127.0.0.1:${toString portDefinitions.adguardhome-http}"; + address = "127.0.0.1:${toString ports.tcp.adguardhome.http}"; session_ttl = "720h"; }; dns = { bind_hosts = [ "10.0.0.1" ]; - port = portDefinitions.adguardhome-dns; + port = ports.tcp.adguardhome.dns; anonymize_client_ip = false; ratelimit = 0; upstream_dns = [ "https://dns10.quad9.net/dns-query" ]; @@ -267,7 +266,7 @@ in { nginx.virtualHosts."dns.rcia.dev" = { forceSSL = true; locations."/".proxyPass = - "http://127.0.0.1:${toString portDefinitions.adguardhome-http}"; + "http://127.0.0.1:${toString ports.tcp.adguardhome.http}"; extraConfig = nginxLocalServiceConfig; useACMEHost = "rcia.dev"; }; diff --git a/hosts/greatyamada/services/forgejo.nix b/hosts/greatyamada/services/forgejo.nix index a05a7c4..16c0f33 100644 --- a/hosts/greatyamada/services/forgejo.nix +++ b/hosts/greatyamada/services/forgejo.nix @@ -1,6 +1,6 @@ { pkgs, lib, ... }: let - portDefinitions = import ./_port-definitions.nix; + ports = import ./_port-definitions.nix; arrayToSecrets = elements: builtins.listToAttrs (map (key: { name = "forgejo/${key}"; @@ -13,7 +13,7 @@ in { package = pkgs.forgejo; database = { type = "postgres"; - port = portDefinitions.postgresql; + port = ports.tcp.postgresql; passwordFile = "/run/secrets/forgejo/database_password"; }; secrets = { @@ -30,7 +30,7 @@ in { server = { DOMAIN = "git.rcia.dev"; ROOT_URL = "https://git.rcia.dev"; - HTTP_PORT = portDefinitions.forgejo-http; + HTTP_PORT = ports.tcp.forgejo; DISABLE_SSH = true; LFS_START_SERVER = true; }; @@ -43,7 +43,7 @@ in { }; nginx.virtualHosts."git.rcia.dev" = { locations."/" = { - proxyPass = "http://127.0.0.1:${toString portDefinitions.forgejo-http}"; + proxyPass = "http://127.0.0.1:${toString ports.tcp.forgejo}"; }; forceSSL = true; useACMEHost = "rcia.dev"; diff --git a/hosts/greatyamada/services/jellyfin.nix b/hosts/greatyamada/services/jellyfin.nix index 778adf5..4229d8b 100644 --- a/hosts/greatyamada/services/jellyfin.nix +++ b/hosts/greatyamada/services/jellyfin.nix @@ -1,11 +1,11 @@ { ... }: -let portDefinitions = import ./_port-definitions.nix; +let ports = import ./_port-definitions.nix; in { services = { jellyfin.enable = true; nginx.virtualHosts."jellyfin.rcia.dev" = { locations."/".proxyPass = - "http://127.0.0.1:${toString portDefinitions.jellyfin-http}"; + "http://127.0.0.1:${toString ports.tcp.jellyfin}"; forceSSL = true; useACMEHost = "rcia.dev"; }; diff --git a/hosts/greatyamada/services/koito.nix b/hosts/greatyamada/services/koito.nix index 147cca2..9e54d75 100644 --- a/hosts/greatyamada/services/koito.nix +++ b/hosts/greatyamada/services/koito.nix @@ -1,7 +1,5 @@ { pkgs, lib, config, ... }: -let - portDefinitions = import ./_port-definitions.nix; - nginxLocalConfig = import ./nginx-local-config.nix; +let ports = import ./_port-definitions.nix; in { virtualisation.oci-containers.containers."koito" = { image = "gabehf/koito:latest"; @@ -12,7 +10,7 @@ in { }; environmentFiles = [ config.sops.templates."koito.env".path ]; volumes = [ "/mnt/hdd-01/koito:/etc/koito:rw" ]; - ports = [ "${toString portDefinitions.koito}:4110/tcp" ]; + ports = [ "${toString ports.tcp.koito}:4110/tcp" ]; log-driver = "journald"; extraOptions = [ "--network-alias=koito" "--network=koito_default" ]; }; @@ -25,8 +23,7 @@ in { }; services.nginx.virtualHosts."koito.rcia.dev" = { - locations."/".proxyPass = - "http://localhost:${toString portDefinitions.koito}"; + locations."/".proxyPass = "http://localhost:${toString ports.tcp.koito}"; forceSSL = true; useACMEHost = "rcia.dev"; }; diff --git a/hosts/greatyamada/services/minecraft/default.nix b/hosts/greatyamada/services/minecraft/default.nix index 9ad24ba..16f078d 100644 --- a/hosts/greatyamada/services/minecraft/default.nix +++ b/hosts/greatyamada/services/minecraft/default.nix @@ -25,7 +25,8 @@ let }) players; in { environment.systemPackages = with pkgs; [ mcrcon ]; - networking.firewall.allowedTCPPorts = with ports.tcp; [ minecraft ]; + networking.firewall.allowedTCPPorts = with ports.tcp.minecraft; + [ fabric_prod.server ]; nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; services = { minecraft-servers = { @@ -60,7 +61,7 @@ in { pause-when-empty-seconds = 60; pvp = true; "rcon.password" = "@MINECRAFT_RCON_PASSWORD@"; - server-port = ports.tcp.minecraft; + server-port = ports.tcp.minecraft.fabric_prod.server; simulation-distance = 10; spawn-protection = 0; view-distance = 10; @@ -176,7 +177,7 @@ in { }; "~* ^/fabric_prod/(maps/[^/\\s]*/live/.*)" = { proxyPass = "http://127.0.0.1:${ - toString ports.tcp.minecraft-fabric-prod-bluemap + toString ports.tcp.minecraft.fabric-prod.bluemap }/$1"; extraConfig = '' error_page 502 504 = @server-offline; diff --git a/hosts/greatyamada/services/pgadmin.nix b/hosts/greatyamada/services/pgadmin.nix index 5b9f5c4..17cba11 100644 --- a/hosts/greatyamada/services/pgadmin.nix +++ b/hosts/greatyamada/services/pgadmin.nix @@ -1,6 +1,6 @@ { ... }: let - _portDefinitions = import ./_port-definitions.nix; + ports = import ./_port-definitions.nix; nginxLocalConfig = import ./nginx-local-config.nix; in { services = { @@ -9,11 +9,11 @@ in { initialEmail = "avery@localhost"; initialPasswordFile = "/dev/null"; minimumPasswordLength = 0; - port = _portDefinitions.pgadmin; + port = ports.tcp.pgadmin; }; nginx.virtualHosts."pgadmin.rcia.dev" = { locations."/".proxyPass = - "http://localhost:${toString _portDefinitions.pgadmin}"; + "http://localhost:${toString ports.tcp.pgadmin}"; forceSSL = true; useACMEHost = "rcia.dev"; extraConfig = nginxLocalConfig; diff --git a/hosts/greatyamada/services/postgresql.nix b/hosts/greatyamada/services/postgresql.nix index 6260571..0e1c16b 100644 --- a/hosts/greatyamada/services/postgresql.nix +++ b/hosts/greatyamada/services/postgresql.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: -let portDefinitions = import ./_port-definitions.nix; +let ports = import ./_port-definitions.nix; in { services.postgresql = { enable = true; @@ -7,7 +7,7 @@ in { enableTCPIP = true; dataDir = "/mnt/ssd-01/postgresql/${config.services.postgresql.package.psqlSchema}"; - settings.port = portDefinitions.postgresql; + settings.port = ports.tcp.postgresql; authentication = pkgs.lib.mkOverride 10 '' local all all trust host all all 127.0.0.1/32 trust diff --git a/hosts/greatyamada/services/radicale.nix b/hosts/greatyamada/services/radicale.nix index bc71b6f..4387a87 100644 --- a/hosts/greatyamada/services/radicale.nix +++ b/hosts/greatyamada/services/radicale.nix @@ -1,14 +1,13 @@ { ... }: let nginxLocalServiceConfig = import ./nginx-local-config.nix; - portDefinitions = import ./_port-definitions.nix; + ports = import ./_port-definitions.nix; in { services = { radicale = { enable = true; settings = { - server.hosts = - [ "127.0.0.1:${toString portDefinitions.radicale-http}" ]; + server.hosts = [ "127.0.0.1:${toString ports.tcp.radicale}" ]; auth = { type = "htpasswd"; htpasswd_filename = "/var/lib/radicale/users"; @@ -18,8 +17,7 @@ in { }; nginx.virtualHosts."radicale.rcia.dev" = { locations."/" = { - proxyPass = - "http://127.0.0.1:${toString portDefinitions.radicale-http}"; + proxyPass = "http://127.0.0.1:${toString ports.tcp.radicale}"; }; forceSSL = true; useACMEHost = "rcia.dev"; diff --git a/hosts/greatyamada/services/searxng.nix b/hosts/greatyamada/services/searxng.nix index 38f692a..19b4d3a 100644 --- a/hosts/greatyamada/services/searxng.nix +++ b/hosts/greatyamada/services/searxng.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: let - portDefinitions = import ./_port-definitions.nix; + ports = import ./_port-definitions.nix; nginxLocalServiceConfig = import ./nginx-local-config.nix; in { services = { @@ -12,13 +12,13 @@ in { # runInUwsgi = true; # uwsgiConfig = { # socket = "/run/searx/searxng.sock"; - # http = ":${toString portDefinitions.searxng}"; + # http = ":${toString ports.searxng}"; # chmod-socket = "660"; # }; settings = { base_url = "https://searxng.rcia.dev"; bind_address = "127.0.0.1"; - port = portDefinitions.searxng; + port = ports.tcp.searxng; public_instance = false; limiter = false; }; @@ -26,7 +26,7 @@ in { }; nginx.virtualHosts."searxng.rcia.dev" = { locations."/".proxyPass = - "http://127.0.0.1:${toString portDefinitions.searxng}"; + "http://127.0.0.1:${toString ports.tcp.searxng}"; extraConfig = nginxLocalServiceConfig; forceSSL = true; useACMEHost = "rcia.dev"; diff --git a/hosts/greatyamada/services/vaultwarden.nix b/hosts/greatyamada/services/vaultwarden.nix index 2373f03..1a98c09 100644 --- a/hosts/greatyamada/services/vaultwarden.nix +++ b/hosts/greatyamada/services/vaultwarden.nix @@ -1,6 +1,6 @@ { config, ... }: let - portDefinitions = import ./_port-definitions.nix; + ports = import ./_port-definitions.nix; nginxLocalServiceConfig = import ./nginx-local-config.nix; in { services = { @@ -10,7 +10,7 @@ in { config = { domain = "https://vaultwarden.rcia.dev"; rocketAddress = "127.0.0.1"; - rocketPort = portDefinitions.vaultwarden; + rocketPort = ports.tcp.vaultwarden; showPasswordHint = false; signupsAllowed = false; }; @@ -18,7 +18,7 @@ in { }; nginx.virtualHosts."vaultwarden.rcia.dev" = { locations."/".proxyPass = - "http://localhost:${toString portDefinitions.vaultwarden}"; + "http://localhost:${toString ports.tcp.vaultwarden}"; forceSSL = true; useACMEHost = "rcia.dev"; extraConfig = nginxLocalServiceConfig; diff --git a/hosts/greatyamada/services/wireguard.nix b/hosts/greatyamada/services/wireguard.nix index ca69076..716feaa 100644 --- a/hosts/greatyamada/services/wireguard.nix +++ b/hosts/greatyamada/services/wireguard.nix @@ -1,5 +1,5 @@ { pkgs, ... }: -let portDefinitions = import ./_port-definitions.nix; +let ports = import ./_port-definitions.nix; in { networking = { nat = { @@ -7,12 +7,12 @@ in { externalInterface = "enp5s0"; internalInterfaces = [ "wg0" ]; }; - firewall.allowedUDPPorts = [ portDefinitions.wireguard ]; + firewall.allowedUDPPorts = with ports.udp; [ wireguard ]; wireguard = { enable = true; interfaces.wg0 = { ips = [ "10.10.0.1/24" ]; - listenPort = portDefinitions.wireguard; + listenPort = ports.udp.wireguard; peers = [{ allowedIPs = [ "10.10.0.2/32" ]; name = "Pixel9a";