gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Services overhaul (remove all virtualhosts.nix, ...)

Browse source
This commit is contained in:
kat witch 2021-08-08 03:45:36 +01:00
parent b95636d658
commit afa161955d
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
17 changed files with 156 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/hosts/athame/nixos.nix
View file

@ -10,6 +10,7 @@ with lib;
users.kat.server
services.asterisk
services.fail2ban
services.filehost
services.gitea
services.grafana
services.logrotate
@ -28,10 +29,10 @@ with lib;
services.syncplay
services.taskserver
services.vaultwarden
services.website
services.weechat
services.xmpp
services.znc
./nixos/virtualhosts.nix
];
# File Systems and Swap

23
config/hosts/athame/nixos/virtualhosts.nix
View file

@ -1,23 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
common = {
enableACME = true;
forceSSL = true;
};
in
{
services.nginx.virtualHosts = {
"kittywit.ch" = { root = pkgs.kat-website; } // common;
"athame.kittywit.ch" = { root = "/var/www/athame"; } // common;
"files.kittywit.ch" = { root = "/var/www/files"; } // common;
};
deploy.tf.dns.records.kittywitch_files = {
tld = "kittywit.ch.";
domain = "files";
cname.target = "athame.kittywit.ch.";
};
}

6
config/hosts/beltane/nixos.nix
View file

@ -9,16 +9,16 @@ with lib;
profiles.hardware.rm-310
profiles.gui
users.kat.guiFull
services.jellyfin
services.kattv-ingest
services.promtail
services.netdata
services.nfs
services.nginx
services.node-exporter
services.transmission
services.tvheadend
services.zfs
./nixos/jellyfin.nix
./nixos/virtualhosts.nix
./nixos/transmission.nix
];
# File Systems and Swap

15
config/hosts/beltane/nixos/jellyfin.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
kw.fw.public.tcp.ranges = [{
from = 32768;
to = 60999;
}];
kw.fw.private.tcp.ranges = [{
from = 32768;
to = 60999;
}];
services.jellyfin.enable = true;
}

74
config/hosts/beltane/nixos/virtualhosts.nix
View file

@ -1,74 +0,0 @@
{ config, lib, ... }:
with lib;
{
services.nginx = {
virtualHosts = {
"beltane.net.kittywit.ch" = {
useACMEHost = "beltane.net.kittywit.ch";
forceSSL = true;
locations = {
"/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/";
"/jellyfin/socket" = {
proxyPass = "http://127.0.0.1:8096/jellyfin/";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
"/tvheadend/".proxyPass = "http://127.0.0.1:9981";
"/" = {
root = "/mnt/zraw/media/";
extraConfig = "autoindex on;";
};
"/transmission" = {
proxyPass = "http://[::1]:9091";
extraConfig = "proxy_pass_header X-Transmission-Session-Id;";
};
};
};
"192.168.1.223" = {
locations = {
"/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/";
"/jellyfin/socket" = {
proxyPass = "http://127.0.0.1:8096/jellyfin/";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
"/share/" = {
alias = "/mnt/zraw/media/";
extraConfig = "autoindex on;";
};
};
};
"100.103.111.44" = {
locations."/share/" = {
alias = "/mnt/zraw/media/";
extraConfig = "autoindex on;";
};
};
};
appendConfig = ''
rtmp {
server {
listen [::]:1935 ipv6only=off;
application stream {
live on;
allow publish all;
allow play all;
}
}
}
'';
};
kw.fw = {
private.tcp.ports = singleton 1935;
public.tcp.ports = singleton 1935;
};
}

1
config/hosts/samhain/nixos.nix
View file

@ -20,7 +20,6 @@ in {
services.promtail
services.restic
services.zfs
./nixos/virtualhosts.nix
];
# File Systems and Swap

22
config/hosts/samhain/nixos/virtualhosts.nix
View file

@ -1,22 +0,0 @@
{ config, lib, ... }:
with lib;
{
kw.fw.private.tcp.ports = singleton 1935;
kw.fw.public.tcp.ports = singleton 1935;
services.nginx.appendConfig = ''
rtmp {
server {
listen [::]:1935 ipv6only=off;
application kattv {
live on;
allow publish all;
allow play all;
}
}
}
'';
}

11
config/modules/nixos/yggdrasil.nix
View file

@ -9,19 +9,22 @@ This module:
with lib;
{
config = {
deploy.tf.dns.records."ygg_${config.networking.hostName}" =
mkIf (config.network.yggdrasil.enable) {
config = mkIf (config.network.yggdrasil.enable) {
deploy.tf.dns.records."ygg_${config.networking.hostName}" = {
tld = config.kw.dns.tld;
domain = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}";
aaaa.address = config.network.yggdrasil.address;
};
security.acme.certs."${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" =
mkIf (config.services.nginx.enable && config.network.yggdrasil.enable) {
mkIf (config.services.nginx.enable) {
domain = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}";
dnsProvider = "rfc2136";
credentialsFile = config.secrets.files.dns_creds.path;
group = "nginx";
};
services.nginx.virtualHosts."${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = mkIf (config.services.nginx.enable) {
useACMEHost = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}";
forceSSL = true;
};
};
}

17
config/services/filehost/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
{
services.nginx.virtualHosts = {
"files.kittywit.ch" = {
root = "/var/www/files";
enableACME = true;
forceSSL = true;
};
};
deploy.tf.dns.records.kittywitch_files = {
tld = "kittywit.ch.";
domain = "files";
cname.target = "athame.kittywit.ch.";
};
}

39
config/services/jellyfin/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }:
{
services.nginx.virtualHosts = {
"${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations = {
"/jellyfin/".proxyPass = "http://[::1]:8096/jellyfin/";
"/jellyfin/socket" = {
proxyPass = "http://[::1]:8096/jellyfin/";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
${config.kw.dns.ipv4}.locations = {
"/jellyfin/".proxyPass = "http://[::1]:8096/jellyfin/";
"/jellyfin/socket" = {
proxyPass = "http://[::1]:8096/jellyfin/";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
};
kw.fw = {
public.tcp.ranges = [{
from = 32768;
to = 60999;
}];
private.tcp.ranges = [{
from = 32768;
to = 60999;
}];
};
services.jellyfin.enable = true;
}

21
config/services/kattv-ingest/default.nix
View file

@ -3,9 +3,27 @@
with lib;
{
kw.fw.public.tcp.ports = [ 4953 1935 ];
services.nginx.appendConfig = ''
rtmp {
server {
listen [::]:1935 ipv6only=off;
application stream {
live on;
allow publish all;
allow play all;
}
}
}
'';
kw.fw = {
private.tcp.ports = singleton 1935;
public.tcp.ports = [ 4953 1935 ];
};
systemd.sockets.kattv = {
wantedBy = [ "sockets.target" ];
listenStreams = [ "0.0.0.0:4953" ];
socketConfig = {
Accept = true;
@ -17,7 +35,6 @@ with lib;
systemd.services."kattv@" = {
environment = pkgs.kat-tv-ingest.env;
script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pkgs.lib.gst.pipelineShellString pkgs.kat-tv-ingest.pipeline}";
wantedBy = [ "multi-user.target" ];
after = [ "nginx.service" ];
description = "RTMP stream of kat cam";
serviceConfig = {

1
config/services/kattv/default.nix
View file

@ -1,7 +1,6 @@
{ config, pkgs, lib, ... }:
{
services.udev.extraRules = ''
KERNEL=="video[0-9]*", SUBSYSTEM=="video4linux", SUBSYSTEMS=="usb", ATTR{index}=="0", ATTRS{idVendor}=="045e", ATTRS{idProduct}=="0779", SYMLINK+="videomew", TAG+="systemd"
'';

2
config/services/netdata/default.nix
View file

@ -9,8 +9,6 @@
enable = true;
virtualHosts = {
"${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = {
useACMEHost = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}";
forceSSL = true;
locations = { "/netdata" = { proxyPass = "http://[::1]:19999/"; }; };
};
};

22
config/services/nfs/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, ... }:
{
kw.fw = {
private.tcp.ports = [ 111 2049 ];
public.tcp.ports = [ 111 2049 ];
};
services.nfs.server.enable = true;
services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)";
services.nginx.virtualHosts = {
"${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/" = {
alias = "/mnt/zraw/media/";
extraConfig = "autoindex on;";
};
${config.kw.dns.ipv4}.locations."/" = {
alias = "/mnt/zraw/media/";
extraConfig = "autoindex on;";
};
};
}

11
config/hosts/beltane/nixos/transmission.nix → config/services/transmission/default.nix
View file

@ -1,6 +1,17 @@
{ config, pkgs, ... }:
{
services.nginx.virtualHosts = {
"${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/transmission" = {
proxyPass = "http://[::1]:9091";
extraConfig = "proxy_pass_header X-Transmission-Session-Id;";
};
${config.kw.dns.ipv4}.locations."/transmission" = {
proxyPass = "http://[::1]:9091";
extraConfig = "proxy_pass_header X-Transmission-Session-Id;";
};
};
services.transmission =
let
transmission-done-script = pkgs.writeScriptBin "script" ''

39
config/services/tvheadend/default.nix
View file

@ -9,11 +9,22 @@
tcp.ports = [ 9981 9982 ];
};
services.nginx.virtualHosts = {
"${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/tvheadend" = {
proxyPass = "http://[::1]:9091";
extraConfig = "proxy_pass_header X-Transmission-Session-Id;";
};
${config.kw.dns.ipv4}.locations."/tvheadend" = {
proxyPass = "http://[::1]:9091";
extraConfig = "proxy_pass_header X-Transmission-Session-Id;";
};
};
systemd.services.tvheadend-kat = {
description = "Tvheadend TV streaming server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
description = "Tvheadend TV streaming server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
script = ''
${pkgs.tvheadend}/bin/tvheadend \
--http_root /tvheadend \
--http_port 9981 \
@ -23,15 +34,15 @@
-p ${config.users.users.tvheadend.home}/tvheadend.pid \
-u tvheadend \
-g video
'';
serviceConfig = {
Type = "forking";
PIDFile = "${config.users.users.tvheadend.home}/tvheadend.pid";
Restart = "always";
RestartSec = 5;
User = "tvheadend";
Group = "video";
ExecStop = "${pkgs.coreutils}/bin/rm ${config.users.users.tvheadend.home}/tvheadend.pid";
};
'';
serviceConfig = {
Type = "forking";
PIDFile = "${config.users.users.tvheadend.home}/tvheadend.pid";
Restart = "always";
RestartSec = 5;
User = "tvheadend";
Group = "video";
ExecStop = "${pkgs.coreutils}/bin/rm ${config.users.users.tvheadend.home}/tvheadend.pid";
};
};
}

11
config/services/website/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
services.nginx.virtualHosts = {
"${config.kw.dns.domain}" = {
root = pkgs.kat-website;
enableACME = true;
forceSSL = true;
};
};
}