v
/
infrastructure
1
0
Fork 0
Code Issues 13 Pull Requests 1 Actions Packages Projects Releases Activity

updated hades nginx config
Lint / lint (push) Failing after 1m43s Details
Plex Update / update (push) Successful in 1m54s Details

reboot
Vivian 2023-12-23 12:46:35 +01:00
parent 374f3b9113
commit 7b1ebe5c85
9 changed files with 180 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
flake.lock
View File

@ -528,6 +528,24 @@
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
@ -542,7 +560,7 @@
"type": "github"
}
},
"flake-utils_7": {
"flake-utils_8": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
@ -556,9 +574,9 @@
"type": "indirect"
}
},
"flake-utils_8": {
"flake-utils_9": {
"inputs": {
"systems": "systems_7"
"systems": "systems_8"
},
"locked": {
"lastModified": 1681202837,
@ -692,11 +710,11 @@
]
},
"locked": {
"lastModified": 1703155327,
"narHash": "sha256-Q25AEghhhOp+ImNN4PsAExi7DIB1INMlBSaggGz7q4w=",
"lastModified": 1703265279,
"narHash": "sha256-5jVtOwyMH1FzclxHrsFWzBdB+VyjUUSu1wyZhZlR6WU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8b797c8eea1eba7dfb47f6964103e6e0d134255f",
"rev": "07c322a7cff03267fd881adae1afe63367c5d608",
"type": "github"
},
"original": {
@ -787,6 +805,25 @@
"type": "gitlab"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1703300511,
"narHash": "sha256-lU0sFmNcLTZBDJyeckW5oXtypA62XFZUGFMyGne9EYA=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "fa93cd958b42da4657a47f034af9641349d1c7cb",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
@ -833,7 +870,7 @@
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_8",
"nixpkgs": "nixpkgs_9",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
@ -1045,6 +1082,22 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1696165369,
"narHash": "sha256-pd1cjFHCoEf9q5f9B0HhlOwwpBI9RP3HbUE6xjI7wAI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7186d62bb68fac3c90f1d95515e613ef299e992",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1682526928,
"narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=",
@ -1060,7 +1113,7 @@
"type": "github"
}
},
"nixpkgs_11": {
"nixpkgs_12": {
"locked": {
"lastModified": 1670507980,
"narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=",
@ -1125,20 +1178,36 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1702312524,
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a9bf124c46ef298113270b1f84a164865987a91c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1703213509,
"narHash": "sha256-BDVzvjPwKk4/yvdCNzjmm1wlDf7Pdbhsf+hV2ybKkrY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "bc3575c6cda0c5fc9e322c05d97df6a787066b3e",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"ref": "nixos-unstable-small",
"type": "indirect"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1702830618,
"narHash": "sha256-lvhwIvRwhOLgzbRuYkqHy4M5cQHYs4ktL6/hyuBS6II=",
@ -1154,7 +1223,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1686736559,
"narHash": "sha256-YyUSVoOKIDAscTx7IZhF9x3qgZ9dPNF19fKk+4c5irc=",
@ -1170,7 +1239,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1645296114,
"narHash": "sha256-y53N7TyIkXsjMpOG7RhvqJFGDacLs9HlyHeSTBioqYU=",
@ -1186,22 +1255,6 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1696165369,
"narHash": "sha256-pd1cjFHCoEf9q5f9B0HhlOwwpBI9RP3HbUE6xjI7wAI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7186d62bb68fac3c90f1d95515e613ef299e992",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_stable": {
"locked": {
"lastModified": 1703034876,
@ -1219,16 +1272,16 @@
},
"nixvim": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_6",
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_7",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1703185304,
"narHash": "sha256-CKsV786NBB8fuls4vyKGTfOz9bkpAn2lh8PKL8YLZ+M=",
"lastModified": 1703260550,
"narHash": "sha256-wPe+0oCgzvf9Ixscme+NUS4iRX0n/alJvt3msnu9vPA=",
"owner": "pta2002",
"repo": "nixvim",
"rev": "43d20e833267ffd026af692060fb344960930fe1",
"rev": "e0521dde87825e4ed16e1ac5b6df9f1b7e60af05",
"type": "github"
},
"original": {
@ -1239,11 +1292,11 @@
},
"nur": {
"locked": {
"lastModified": 1703184342,
"narHash": "sha256-Ofp7blG/cJUeQfi6ZjJeHVCSEmtdUhGaJLFKvxbTKW0=",
"lastModified": 1703324764,
"narHash": "sha256-c5ll8NFOSg+vMvJVDBds/iXNp25VhkSUcmB7jaeV5FM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "35e7e80e378aedb2b4fc5ae0f560fc395b5653e3",
"rev": "8c88bc919c49528c4cc9a65501406cecb74361b7",
"type": "github"
},
"original": {
@ -1272,7 +1325,7 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_6",
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_7",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
@ -1356,7 +1409,7 @@
"inputs": {
"fenix": "fenix",
"naersk": "naersk_2",
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1690193312,
@ -1381,9 +1434,10 @@
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"mailserver": "mailserver",
"microvm": "microvm",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"nixpkgs_stable": "nixpkgs_stable",
"nixvim": "nixvim",
"nur": "nur",
@ -1573,6 +1627,21 @@
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
@ -1608,7 +1677,7 @@
},
"utils_3": {
"inputs": {
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1694529238,
@ -1627,9 +1696,9 @@
"vault-secrets": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_8",
"nix": "nix",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_10",
"utils": "utils_3"
},
"locked": {
@ -1648,8 +1717,8 @@
},
"vault-unseal": {
"inputs": {
"flake-utils": "flake-utils_8",
"nixpkgs": "nixpkgs_10"
"flake-utils": "flake-utils_9",
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1683013874,
@ -1668,7 +1737,7 @@
"webcord": {
"inputs": {
"dream2nix": "dream2nix",
"nixpkgs": "nixpkgs_11",
"nixpkgs": "nixpkgs_12",
"webcord": "webcord_2"
},
"locked": {

5
flake.nix
View File

@ -5,12 +5,14 @@
# * https://github.com/Infinidoge/nix-minecraft
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
nixpkgs.url = "nixpkgs/nixos-unstable-small";
nixpkgs_stable.url = "nixpkgs/nixos-23.05";
nur.url = "github:nix-community/NUR";
colmena.url = "github:zhaofengli/colmena";
vault-secrets.url = "github:serokell/vault-secrets";
microvm.url = "github:astro/microvm.nix";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
@ -52,6 +54,7 @@
, nixos-generators
, nur
, attic
, microvm
, ...
}@inputs:
let

4
nixos/common/default.nix
View File

@ -46,7 +46,7 @@
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
"https://colmena.cachix.org"
"https://cache.garnix.io"
# "https://cache.garnix.io"
"https://cachix.cachix.org"
];
trusted-public-keys = [
@ -54,7 +54,7 @@
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
# "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
];
};
optimise = {

41
nixos/hosts/hades/default.nix
View File

@ -35,10 +35,18 @@
"overseerr" = {
ip = "192.168.0.105";
mac = "8E:21:7F:88:3A:83";
exposes.requests = {
domain = "requests.xirion.net";
port = 5055;
};
};
"tautulli" = {
ip = "192.168.0.106";
mac = "BE:30:DB:F8:C6:55";
exposes.tautulli = {
domain = "tautulli.xirion.net";
port = 8080;
};
};
"dns-1" = {
ip = "192.168.0.107";
@ -84,11 +92,6 @@
ip = "192.168.0.116";
mac = "06:8a:8e:3e:43:45";
};
"thelounge" = {
ip = "192.168.0.117";
mac = "00:0c:29:2a:69:8f";
nix = false;
};
"mail" = {
ip = "192.168.0.118";
mac = "00:50:56:91:3b:03";
@ -106,6 +109,16 @@
"garage" = {
ip = "192.168.0.121";
mac = "3A:19:32:A2:F8:96";
exposes = {
garage = {
domain = "g.xirion.net";
port = 3900;
};
fedi-media = {
domain = "fedi-media.xirion.net";
port = 3902;
};
};
};
"nginx" = {
ip = "192.168.0.122";
@ -138,10 +151,18 @@
"attic" = {
ip = "192.168.0.128";
mac = "9E:AF:E9:FE:D4:D9";
exposes.attic = {
domain = "attic.xirion.net";
port = 8080;
};
};
"hassio" = {
ip = "192.168.0.129";
mac = "e6:80:32:fb:00:75";
exposes.ha = {
domain = "ha.xirion.net";
port = 8123;
};
nix = false;
};
# "docker-registry" = {
@ -156,6 +177,16 @@
"tudelft" = {
ip = "192.168.0.132";
mac = "AE:B3:93:4B:04:76";
exposes = {
grist = {
domain = "grist.tud.0x76.dev";
port = 8484;
};
dex = {
domain = "dex.tud.0x76.dev";
port = 8000;
};
};
nix = false;
};
"mastodon" = {

4
nixos/hosts/hades/dns/configuration.nix
View File

@ -32,6 +32,8 @@
"mail.xirion.net typetransparent"
"plex.xirion.net typetransparent"
"fedi.xirion.net typetransparent"
"grist.tud.0x76.dev typetransparent"
"dex.tud.0x76.dev typetransparent"
];
local-data = [
@ -47,6 +49,8 @@
''"mail.xirion.net A 192.168.0.122"''
''"plex.xirion.net A 192.168.0.122"''
''"fedi.xirion.net A 192.168.0.122"''
''"grist.tud.0x76.dev A 192.168.0.122"''
''"dex.tud.0x76.dev A 192.168.0.122"''
];
};
}

31
nixos/hosts/hades/nginx/configuration.nix
View File

@ -31,6 +31,8 @@ in
preliminarySelfsigned = true;
};
services.v.nginx.autoExpose = true;
services.nginx = {
enable = true;
recommendedProxySettings = true;
@ -41,7 +43,6 @@ in
package = pkgs.nginxMainline;
virtualHosts = {
"ha.xirion.net" = proxy "http://192.168.0.129:8123";
"xirion.net" = {
enableACME = true;
forceSSL = true;
@ -49,6 +50,8 @@ in
add_header Content-Type 'text/html; charset=UTF-8';
return 200 'Hello, World!';
'';
# Mastodon federation
locations."= /.well-known/host-meta".extraConfig = ''
return 301 https://fedi.xirion.net$request_uri;
'';
@ -57,33 +60,9 @@ in
return 301 https://fedi.xirion.net$request_uri;
'';
};
"git.xirion.net" = proxy "http://10.10.10.12";
"o.xirion.net" = proxy "http://192.168.0.112:9000";
"g.xirion.net" = proxy "http://garage.hades:3900";
"requests.xirion.net" = proxy "http://overseerr.hades:5055";
"pass.xirion.net" = proxy "http://bitwarden_rs";
"repo.xirion.net" = proxy "http://archlinux";
"thelounge.xirion.net" = proxy "http://thelounge:9000";
"attic.xirion.net" = proxy "http://attic.hades:8080";
"tautulli.xirion.net" = proxy "http://tautulli.hades:8080";
"peepeepoopoo.xirion.net" = proxy "http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already!
"registry.xirion.net" = proxy "http://docker-registry:5000"
// {
locations."/".extraConfig = ''
allow 127.0.0.1;
allow 10.42.42.0/23;
allow 10.10.10.1/24;
allow 192.168.0.0/23;
allow 80.60.83.220;
allow 83.128.154.23;
allow 62.45.26.248;
allow 195.85.167.32/29;
deny all;
'';
};
"plex.xirion.net" = {
# Since we want a secure connection, we force SSL
forceSSL = true;
@ -170,8 +149,6 @@ in
};
};
};
"fedi-media.xirion.net" = proxy "http://garage.hades:3902";
};
};
}

15
nixos/hosts/olympus/grist/configuration.nix
View File

@ -19,12 +19,19 @@ in {
environment.systemPackages = with pkgs; [ sqlite ];
virtualisation = {
podman.enable = true;
podman = {
enable = true;
defaultNetwork.settings = {
"subnets" = [{
subnet = "10.88.0.0/16";
gateway = "10.88.0.1";
}];
};
};
oci-containers.backend = "podman";
oci-containers.containers.grist = {
image =
"gristlabs/grist:1.1.9";
image = "gristlabs/grist:1.1.9";
environment = {
APP_HOME_URL = "https://grist.0x76.dev";
GRIST_SUPPORT_ANON = "false";
@ -43,7 +50,7 @@ in {
PYTHON_VERSION_ON_CREATION = "3";
GRIST_OIDC_IDP_ISSUER = "https://dex.0x76.dev";
GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT= "true";
GRIST_OIDC_IDP_SKIP_END_SESSION_ENDPOINT = "true";
};
environmentFiles = [ "${vs.grist}/environment" ];
ports = [ "8484:8484" ];

2
nixos/hosts/olympus/nginx/configuration.nix
View File

@ -42,7 +42,7 @@ in
# Templated
virtualHosts = {
"pass.0x76.dev" = {
"pass.0x76.dev" = {
enableACME = true;
forceSSL = true;
locations = {

2
nixos/util.nix
View File

@ -1,4 +1,4 @@
{ nixpkgs, home-manager, mailserver, lanzaboote, attic, gnome-autounlock-keyring, ... }:
{ nixpkgs, home-manager, mailserver, lanzaboote, attic, microvm, ... }:
let
inherit (builtins) filter attrValues concatMap mapAttrs;
inherit (nixpkgs.lib.attrsets) mapAttrsToList;