k/nixos_configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup server config

Browse Source
This commit is contained in:
k
2024-09-07 13:35:10 -04:00
parent 61dadbb51a
commit 6de1df0772
4 changed files with 195 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

281
hosts/server/service.nix
View File

@@ -1,151 +1,150 @@
{pkgs,lib,...}:
{
{ pkgs, lib, ... }: {
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 22 ];
allowedTCPPorts = [ 80 443 22 ];
};
services.openssh = {
enable = true;
};
services.jellyfin = {
enable = true;
};
services.gitea = {
enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
server = {
HTTP_PORT = 8001;
DOMAIN = "dhilton.xyz";
ROOT_URL = "https://git.dhilton.xyz";
ENABLE_PUSH_CREATE_USER = true;
};
};
};
services.gitea-actions-runner.instances.home = {
enable = true;
url = "https://git.dhilton.xyz";
name = "nixsrv";
token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
labels = ["ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host"];
};
services.home-assistant = {
enable = true;
extraComponents = ["wiz" "fail2ban"];
config = {
default_config={};
"automation ui" = "!include automations.yaml";
http = {
use_x_forwarded_for="true";
trusted_proxies=["127.0.0.1"];
server_port=8003;
};
};
};
services.ntfy-sh = {
enable = true;
settings = {
listen-http = ":8004";
auth-file = "/var/lib/ntfy.db";
auth-default-access = "read-only";
base-url = "https://ntfy.dhilton.xyz";
};
};
services.searx = {
enable=true;
settings = { server.port = 8005; server.secret_key = "secretlol";};
};
services.fail2ban = {
enable=true;
};
virtualisation.docker = {
enable = true;
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
services.nginx.virtualHosts = {
"dhilton.xyz" = {
enableACME = true;
forceSSL = true;
root = "/var/www/dhilton";
};
"git.dhilton.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
};
};
"ntfy.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8004";
proxyWebsockets = true;
};
};
"jel.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
"puf.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
"srx.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8005";
proxyWebsockets = true;
};
};
"hom.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
proxyWebsockets = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "markers711@gmail.com";
};
virtualisation.docker = { enable = true; };
services = {
openssh = { enable = true; };
jellyfin = { enable = true; };
fail2ban = { enable = true; };
gitea = {
enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
server = {
HTTP_PORT = 8001;
DOMAIN = "dhilton.xyz";
ROOT_URL = "https://git.dhilton.xyz";
ENABLE_PUSH_CREATE_USER = true;
};
};
};
gitea-actions-runner.instances.home = {
enable = true;
url = "https://git.dhilton.xyz";
name = "nixsrv";
token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
labels = [
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
"ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
"ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04"
"native:host"
];
};
home-assistant = {
enable = true;
extraComponents = [ "wiz" "fail2ban" ];
config = {
default_config = { };
"automation ui" = "!include automations.yaml";
http = {
use_x_forwarded_for = "true";
trusted_proxies = [ "127.0.0.1" ];
server_port = 8003;
};
};
};
ntfy-sh = {
enable = true;
settings = {
listen-http = ":8004";
auth-file = "/var/lib/ntfy.db";
auth-default-access = "read-only";
base-url = "https://ntfy.dhilton.xyz";
};
};
searx = {
enable = true;
settings = {
server.port = 8005;
server.secret_key = "secretlol";
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"dhilton.xyz" = {
enableACME = true;
forceSSL = true;
root = "/var/www/dhilton";
};
"git.dhilton.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
};
};
"ntfy.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8004";
proxyWebsockets = true;
};
};
"jel.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
"puf.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
"srx.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8005";
proxyWebsockets = true;
};
};
"hom.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
proxyWebsockets = true;
};
};
};
};
};
}