sarek: intialize service config. Move firewall to base.nix
This commit is contained in:
parent
14a9479482
commit
5a55fa3bb1
2
base.nix
2
base.nix
|
@ -68,6 +68,8 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
users.users.felixalb = {
|
users.users.felixalb = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [ "wheel" ];
|
||||||
|
|
|
@ -64,7 +64,7 @@
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 22 3100 ];
|
networking.firewall.allowedTCPPorts = [ 80 3100 ];
|
||||||
|
|
||||||
# system.copySystemConfiguration = true;
|
# system.copySystemConfiguration = true;
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,6 @@
|
||||||
"nvidia-x11"
|
"nvidia-x11"
|
||||||
"nvidia-settings"
|
"nvidia-settings"
|
||||||
];
|
];
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,9 @@
|
||||||
../../base.nix
|
../../base.nix
|
||||||
../../common/metrics-exporters.nix
|
../../common/metrics-exporters.nix
|
||||||
|
|
||||||
|
./services/nginx.nix
|
||||||
./services/postgresql.nix
|
./services/postgresql.nix
|
||||||
|
./services/flame.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Boot and console is handled by proxmoxLXC.
|
# Boot and console is handled by proxmoxLXC.
|
||||||
|
@ -27,13 +29,10 @@
|
||||||
hostId = "15dd36bc";
|
hostId = "15dd36bc";
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/sarek/edison.yaml;
|
sops.defaultSopsFile = ../../secrets/sarek/sarek.yaml;
|
||||||
|
|
||||||
environment.variables = { EDITOR = "vim"; };
|
virtualisation.docker.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
virtualisation.oci-containers.backend = "docker";
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
domain = "flame.home.feal.no";
|
||||||
|
host = "127.0.1.2";
|
||||||
|
port = "5005";
|
||||||
|
in {
|
||||||
|
# Flame - Homelab dashboard/linktree
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
flame = {
|
||||||
|
image = "pawelmalak/flame";
|
||||||
|
ports = [ "${host}:${port}:5005" ];
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/flame/data:/app/data/"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${host}:${port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
{ config, values, ... }:
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
enableReload = true;
|
||||||
|
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
/* security.acme = { */
|
||||||
|
/* acceptTerms = true; */
|
||||||
|
/* email = "felix@albrigtsen.it"; */
|
||||||
|
/* }; */
|
||||||
|
}
|
|
@ -102,20 +102,9 @@
|
||||||
sslCertificateKey = "${certPath}.key";
|
sslCertificateKey = "${certPath}.key";
|
||||||
};
|
};
|
||||||
|
|
||||||
/* virtualisation.podman = { */
|
|
||||||
/* enable = true; */
|
|
||||||
/* dockerCompat = true; # Make `docker` shell alias */
|
|
||||||
/* defaultNetwork.settings.dns_enabled = true; */
|
|
||||||
/* }; */
|
|
||||||
|
|
||||||
/* virtualisation.oci-containers.backend = "podman"; */
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
virtualisation.oci-containers.backend = "docker";
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue