swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: adapt winters to new infrastructure

Browse source
This commit is contained in:
Swarsel 2024-10-20 22:12:09 +02:00
parent fc79159732
commit d2c8805e5b
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
11 changed files with 91 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

77
SwarselSystems.org
View file

@ -1951,7 +1951,7 @@ My work machine. Built for more security, this is the gold standard of my config
hostName = "winters"; hostName = "winters";
hostId = "b7778a4a"; hostId = "b7778a4a";
firewall.enable = true; firewall.enable = true;
enableIPv6 = false; enableIPv6 = true;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
@ -5608,7 +5608,7 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:8080"; proxyPass = "http://localhost:8080";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
@ -5656,7 +5656,7 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:8096"; proxyPass = "http://localhost:8096";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
@ -5712,7 +5712,7 @@ Also, the system state version is set here. No need to touch it.
openFirewall = true; openFirewall = true;
settings = { settings = {
LogLevel = "error"; LogLevel = "error";
Address = "0.0.0.0"; Address = "127.0.0.1";
Port = 4040; Port = 4040;
MusicFolder = "/Vault/Eternor/Musik"; MusicFolder = "/Vault/Eternor/Musik";
EnableSharing = true; EnableSharing = true;
@ -5746,7 +5746,7 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:4040"; proxyPass = "http://localhost:4040";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_redirect http:// https://; proxy_redirect http:// https://;
@ -5872,10 +5872,10 @@ Also, the system state version is set here. No need to touch it.
clientConfig."m.homeserver".base_url = baseUrl; clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${matrixDomain}:443"; serverConfig."m.server" = "${matrixDomain}:443";
mkWellKnown = data: '' mkWellKnown = data: ''
default_type application/json; default_type application/json;
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}'; return 200 '${builtins.toJSON data}';
''; '';
in in
{ {
@ -5956,7 +5956,10 @@ Also, the system state version is set here. No need to touch it.
listeners = [ listeners = [
{ {
port = 8008; port = 8008;
bind_addresses = [ "0.0.0.0" ]; bind_addresses = [
"127.0.0.1"
"::1"
];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
@ -5984,7 +5987,7 @@ Also, the system state version is set here. No need to touch it.
}; };
appservice = { appservice = {
address = "http://localhost:29317"; address = "http://localhost:29317";
hostname = "0.0.0.0"; hostname = "localhost";
port = "29317"; port = "29317";
provisioning.enabled = true; provisioning.enabled = true;
id = "telegram"; id = "telegram";
@ -6034,7 +6037,7 @@ Also, the system state version is set here. No need to touch it.
}; };
appservice = { appservice = {
address = "http://localhost:29318"; address = "http://localhost:29318";
hostname = "0.0.0.0"; hostname = "127.0.0.1";
port = 29318; port = 29318;
database = { database = {
type = "postgres"; type = "postgres";
@ -6082,7 +6085,7 @@ Also, the system state version is set here. No need to touch it.
appservice = { appservice = {
address = "http://localhost:29328"; address = "http://localhost:29328";
hostname = "0.0.0.0"; hostname = "127.0.0.1";
port = 29328; port = 29328;
database = { database = {
type = "postgres"; type = "postgres";
@ -6142,16 +6145,29 @@ Also, the system state version is set here. No need to touch it.
"default_server" "default_server"
]; ];
} }
{
addr = "[::0]";
port = 8448;
ssl = true;
extraParameters = [
"default_server"
];
}
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 443; port = 443;
ssl = true; ssl = true;
} }
{
addr = "[::0]";
port = 443;
ssl = true;
}
]; ];
locations = { locations = {
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
# proxyPass = "http://localhost:8008"; # proxyPass = "http://localhost:8008";
proxyPass = "http://192.168.1.2:8008"; proxyPass = "http://localhost:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
@ -6235,7 +6251,7 @@ Also, the system state version is set here. No need to touch it.
port = 3001; port = 3001;
openFirewall = true; openFirewall = true;
mediaLocation = "/Vault/Eternor/Immich"; mediaLocation = "/Vault/Eternor/Immich";
environment.IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://127.0.0.1:3003"; environment.IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://localhost:3003";
}; };
@ -6247,7 +6263,7 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:3001"; proxyPass = "http://localhost:3001";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
@ -6292,7 +6308,7 @@ Also, the system state version is set here. No need to touch it.
user = "paperless"; user = "paperless";
port = 28981; port = 28981;
passwordFile = config.sops.secrets.paperless_admin.path; passwordFile = config.sops.secrets.paperless_admin.path;
address = "0.0.0.0"; address = "127.0.0.1";
settings = { settings = {
PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_URL = "https://scan.swarsel.win"; PAPERLESS_URL = "https://scan.swarsel.win";
@ -6312,7 +6328,7 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:28981"; proxyPass = "http://localhost:28981";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
@ -6419,37 +6435,37 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:9091"; proxyPass = "http://localhost:9091";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /radarr" = { "/radarr" = {
proxyPass = "http://127.0.0.1:7878/"; proxyPass = "http://localhost:7878";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /readarr" = { "/readarr" = {
proxyPass = "http://127.0.0.1:8787/"; proxyPass = "http://localhost:8787";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /sonarr" = { "/sonarr" = {
proxyPass = "http://127.0.0.1:8989/"; proxyPass = "http://localhost:8989";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /lidarr" = { "/lidarr" = {
proxyPass = "http://127.0.0.1:8686/"; proxyPass = "http://localhost:8686";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /prowlarr" = { "/prowlarr" = {
proxyPass = "http://127.0.0.1:9696/"; proxyPass = "http://localhost:9696";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
@ -6559,7 +6575,7 @@ Also, the system state version is set here. No need to touch it.
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://localhost:8384/"; proxyPass = "http://localhost:8384";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
@ -6582,6 +6598,7 @@ Also, the system state version is set here. No need to touch it.
# TODO # TODO
};
} }
#+end_src #+end_src

4
profiles/server/common/immich.nix
View file

@ -13,7 +13,7 @@
port = 3001; port = 3001;
openFirewall = true; openFirewall = true;
mediaLocation = "/Vault/Eternor/Immich"; mediaLocation = "/Vault/Eternor/Immich";
environment.IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://127.0.0.1:3003"; environment.IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://localhost:3003";
}; };
@ -25,7 +25,7 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:3001"; proxyPass = "http://localhost:3001";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;

2
profiles/server/common/jellyfin.nix
View file

@ -30,7 +30,7 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:8096"; proxyPass = "http://localhost:8096";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';

2
profiles/server/common/kavita.nix
View file

@ -29,7 +29,7 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:8080"; proxyPass = "http://localhost:8080";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';

26
profiles/server/common/matrix.nix
View file

@ -89,7 +89,10 @@ in
listeners = [ listeners = [
{ {
port = 8008; port = 8008;
bind_addresses = [ "0.0.0.0" ]; bind_addresses = [
"127.0.0.1"
"::1"
];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
@ -117,7 +120,7 @@ in
}; };
appservice = { appservice = {
address = "http://localhost:29317"; address = "http://localhost:29317";
hostname = "0.0.0.0"; hostname = "localhost";
port = "29317"; port = "29317";
provisioning.enabled = true; provisioning.enabled = true;
id = "telegram"; id = "telegram";
@ -167,7 +170,7 @@ in
}; };
appservice = { appservice = {
address = "http://localhost:29318"; address = "http://localhost:29318";
hostname = "0.0.0.0"; hostname = "127.0.0.1";
port = 29318; port = 29318;
database = { database = {
type = "postgres"; type = "postgres";
@ -215,7 +218,7 @@ in
appservice = { appservice = {
address = "http://localhost:29328"; address = "http://localhost:29328";
hostname = "0.0.0.0"; hostname = "127.0.0.1";
port = 29328; port = 29328;
database = { database = {
type = "postgres"; type = "postgres";
@ -275,16 +278,29 @@ in
"default_server" "default_server"
]; ];
} }
{
addr = "[::0]";
port = 8448;
ssl = true;
extraParameters = [
"default_server"
];
}
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 443; port = 443;
ssl = true; ssl = true;
} }
{
addr = "[::0]";
port = 443;
ssl = true;
}
]; ];
locations = { locations = {
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
# proxyPass = "http://localhost:8008"; # proxyPass = "http://localhost:8008";
proxyPass = "http://192.168.1.2:8008"; proxyPass = "http://localhost:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';

4
profiles/server/common/navidrome.nix
View file

@ -37,7 +37,7 @@
openFirewall = true; openFirewall = true;
settings = { settings = {
LogLevel = "error"; LogLevel = "error";
Address = "0.0.0.0"; Address = "127.0.0.1";
Port = 4040; Port = 4040;
MusicFolder = "/Vault/Eternor/Musik"; MusicFolder = "/Vault/Eternor/Musik";
EnableSharing = true; EnableSharing = true;
@ -71,7 +71,7 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:4040"; proxyPass = "http://localhost:4040";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_redirect http:// https://; proxy_redirect http:// https://;

4
profiles/server/common/paperless.nix
View file

@ -16,7 +16,7 @@
user = "paperless"; user = "paperless";
port = 28981; port = 28981;
passwordFile = config.sops.secrets.paperless_admin.path; passwordFile = config.sops.secrets.paperless_admin.path;
address = "0.0.0.0"; address = "127.0.0.1";
settings = { settings = {
PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_URL = "https://scan.swarsel.win"; PAPERLESS_URL = "https://scan.swarsel.win";
@ -36,7 +36,7 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.2:28981"; proxyPass = "http://localhost:28981";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';

3
profiles/server/common/restic.nix
View file

@ -4,4 +4,5 @@
# TODO # TODO
} };
}

2
profiles/server/common/syncthing.nix
View file

@ -90,7 +90,7 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://localhost:8384/"; proxyPass = "http://localhost:8384";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';

22
profiles/server/common/transmission.nix
View file

@ -88,37 +88,37 @@
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:9091"; proxyPass = "http://localhost:9091";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /radarr" = { "/radarr" = {
proxyPass = "http://127.0.0.1:7878/"; proxyPass = "http://localhost:7878";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /readarr" = { "/readarr" = {
proxyPass = "http://127.0.0.1:8787/"; proxyPass = "http://localhost:8787";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /sonarr" = { "/sonarr" = {
proxyPass = "http://127.0.0.1:8989/"; proxyPass = "http://localhost:8989";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /lidarr" = { "/lidarr" = {
proxyPass = "http://127.0.0.1:8686/"; proxyPass = "http://localhost:8686";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
"= /prowlarr" = { "/prowlarr" = {
proxyPass = "http://127.0.0.1:9696/"; proxyPass = "http://localhost:9696";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';

2
profiles/server/winters/default.nix
View file

@ -29,7 +29,7 @@
hostName = "winters"; hostName = "winters";
hostId = "b7778a4a"; hostId = "b7778a4a";
firewall.enable = true; firewall.enable = true;
enableIPv6 = false; enableIPv6 = true;
firewall.allowedTCPPorts = [ 80 443 ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };