nixos: cleanup
This commit is contained in:
parent
a967b6ab05
commit
8f0eb95dda
7 changed files with 31 additions and 44 deletions
|
@ -10,7 +10,6 @@
|
|||
hostname = "nuc";
|
||||
ip = "10.42.42.42";
|
||||
mac = "1C:69:7A:62:30:88";
|
||||
ip6 = "";
|
||||
nix = false;
|
||||
}
|
||||
{
|
||||
|
|
|
@ -32,6 +32,7 @@
|
|||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.overlays = [ (import ../pkgs) ];
|
||||
|
||||
# Limit the systemd journal to 100 MB of disk or the
|
||||
# last 7 days of logs, whichever happens first.
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
{ config, pkgs, hosts, ... }:
|
||||
let
|
||||
inherit (builtins) filter hasAttr;
|
||||
localdomain = "olympus";
|
||||
ipv6Hosts = builtins.filter (builtins.hasAttr ip6) hosts;
|
||||
ipv6Hosts = filter (hasAttr "ip6") hosts;
|
||||
|
||||
localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
|
||||
local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
|
||||
|
@ -21,13 +22,14 @@ in {
|
|||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ dig ];
|
||||
environment.systemPackages = with pkgs; [ dig dog drill ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 53 ];
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
package = pkgs.v.unbound;
|
||||
settings = {
|
||||
server = {
|
||||
use-syslog = "yes";
|
||||
|
@ -37,7 +39,7 @@ in {
|
|||
|
||||
local-zone = ''"${localdomain}." transparent'';
|
||||
local-data = (map localData hosts) ++ (map local6Data ipv6Hosts);
|
||||
local-data-ptr = (map ptrData hosts);
|
||||
local-data-ptr = (map ptrData hosts) ++ (map ptr6Data ipv6Hosts);
|
||||
|
||||
access-control = [
|
||||
"127.0.0.1/32 allow_snoop"
|
||||
|
@ -61,10 +63,6 @@ in {
|
|||
"fe80::/10"
|
||||
];
|
||||
};
|
||||
# forward-zone = {
|
||||
# name = ''"."'';
|
||||
# forward-addr = [ "8.8.8.8" "9.9.9.9" ];
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,8 +5,7 @@
|
|||
{ config, pkgs, ... }:
|
||||
let mosquittoPort = 1883;
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
imports = [ ];
|
||||
|
||||
networking.hostName = "mosquitto";
|
||||
|
||||
|
@ -56,5 +55,6 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ mosquittoPort config.services.zigbee2mqtt.settings.frontend.port ];
|
||||
networking.firewall.allowedTCPPorts =
|
||||
[ mosquittoPort config.services.zigbee2mqtt.settings.frontend.port ];
|
||||
}
|
||||
|
|
|
@ -1,20 +1,16 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
k8s_proxy = {
|
||||
proxy = url: {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.42.42.150:8000/";
|
||||
proxyPass = url;
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
k8s_proxy = proxy "http://10.42.42.150:8000/";
|
||||
in {
|
||||
imports = [
|
||||
];
|
||||
imports = [ ];
|
||||
|
||||
networking.hostName = "nginx";
|
||||
|
||||
|
@ -36,23 +32,9 @@ in {
|
|||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."ha.0x76.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.42.42.8:8123/";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."zookeeper-dev.0x76.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.42.43.28:8085/";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
# Reverse Proxies
|
||||
virtualHosts."ha.0x76.dev" = proxy "http://10.42.42.8:8123/";
|
||||
virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://10.42.43.28:8085/";
|
||||
|
||||
# Kubernetes endpoints
|
||||
virtualHosts."0x76.dev" = k8s_proxy;
|
||||
|
|
|
@ -3,11 +3,8 @@
|
|||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
];
|
||||
|
||||
let port = 8200;
|
||||
in {
|
||||
networking.hostName = "vault";
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -22,13 +19,13 @@
|
|||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
# Vault
|
||||
networking.firewall.allowedTCPPorts = [ 8200 ];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
|
||||
services.vault = {
|
||||
enable = true;
|
||||
# bin version includes the UI
|
||||
package = pkgs.vault-bin;
|
||||
address = "0.0.0.0:8200";
|
||||
address = "0.0.0.0:${toString port}";
|
||||
storageBackend = "file";
|
||||
storagePath = "/var/lib/vault";
|
||||
extraConfig = ''
|
||||
|
|
10
nixos/pkgs/default.nix
Normal file
10
nixos/pkgs/default.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
final: prev: {
|
||||
v = {
|
||||
unbound = prev.unbound.override {
|
||||
withSystemd = true;
|
||||
withDoH = true;
|
||||
withDNSCrypt = true;
|
||||
withTFO = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue