felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

sarek: intialize service config. Move firewall to base.nix

This commit is contained in:
Felix Albrigtsen 2023-10-05 23:44:58 +02:00 committed by Felix Albrigtsen
parent d316bfec3d
commit 0cae9e4995
7 changed files with 51 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
base.nix
View File

@ -68,6 +68,8 @@
''; '';
}; };
networking.firewall.allowedTCPPorts = [ 22 ];
users.users.felixalb = { users.users.felixalb = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];

2
hosts/chapel/configuration.nix
View File

@ -64,7 +64,7 @@
) )
]; ];
networking.firewall.allowedTCPPorts = [ 80 22 3100 ]; networking.firewall.allowedTCPPorts = [ 80 3100 ];
# system.copySystemConfiguration = true; # system.copySystemConfiguration = true;

1
hosts/edison/configuration.nix
View File

@ -31,7 +31,6 @@
"nvidia-x11" "nvidia-x11"
"nvidia-settings" "nvidia-settings"
]; ];
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

11
hosts/sarek/configuration.nix
View File

@ -7,7 +7,9 @@
../../base.nix ../../base.nix
../../common/metrics-exporters.nix ../../common/metrics-exporters.nix
./services/nginx.nix
./services/postgresql.nix ./services/postgresql.nix
./services/flame.nix
]; ];
# Boot and console is handled by proxmoxLXC. # Boot and console is handled by proxmoxLXC.
@ -27,13 +29,10 @@
hostId = "15dd36bc"; hostId = "15dd36bc";
}; };
sops.defaultSopsFile = ../../secrets/sarek/edison.yaml; sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
environment.variables = { EDITOR = "vim"; }; virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [ virtualisation.oci-containers.backend = "docker";
];
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

24
hosts/sarek/services/flame.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, pkgs, lib, ... }:
let
domain = "flame.home.feal.no";
host = "127.0.1.2";
port = "5005";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
flame = {
image = "pawelmalak/flame";
ports = [ "${host}:${port}:5005" ];
volumes = [
"/var/lib/flame/data:/app/data/"
];
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/" = {
proxyPass = "http://${host}:${port}";
};
};
}

19
hosts/sarek/services/nginx.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, values, ... }:
{
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
/* security.acme = { */
/* acceptTerms = true; */
/* email = "felix@albrigtsen.it"; */
/* }; */
}

11
hosts/voyager/configuration.nix
View File

@ -102,20 +102,9 @@
sslCertificateKey = "${certPath}.key"; sslCertificateKey = "${certPath}.key";
}; };
/* virtualisation.podman = { */
/* enable = true; */
/* dockerCompat = true; # Make `docker` shell alias */
/* defaultNetwork.settings.dns_enabled = true; */
/* }; */
/* virtualisation.oci-containers.backend = "podman"; */
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }