pek0: allocate ports centrally

2024-09-06 20:19:44 +08:00 · 2024-09-06 20:19:44 +08:00 · b2cd2920d8
commit b2cd2920d8
parent 4464525b03
8 changed files with 56 additions and 19 deletions
--- a/hosts/tyo0/default.nix
+++ b/hosts/tyo0/default.nix
@ -9,6 +9,7 @@
  imports = [
    "${modulesPath}/virtualisation/amazon-image.nix"
    ./anti-feature.nix
+    ./ports.nix

    ./services/forgejo.nix
    ./services/keycloak.nix
--- a/hosts/tyo0/ports.nix
+++ b/hosts/tyo0/ports.nix
@ -0,0 +1,13 @@
+{
+  lib.ports = {
+    keycloak = 8010;
+    miniflux = 8020;
+    redlib = 8030;
+    vaultwarden = 8040;
+    wastebin = 8050;
+
+    prometheus = 9010;
+    blackbox = 9020;
+    alertmanager = 9030;
+  };
+}
--- a/hosts/tyo0/services/keycloak.nix
+++ b/hosts/tyo0/services/keycloak.nix
@ -1,4 +1,12 @@
-{ lib, pkgs, ... }:
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  port = config.lib.ports.keycloak;
+in
 {
  services.keycloak = {
    enable = true;
@ -6,7 +14,7 @@
      cache = "local";
      hostname = "id.ny4.dev";
      http-host = "127.0.0.1";
-      http-port = 8800;
+      http-port = port;
      proxy = "edge";
    };
    database.passwordFile = toString (pkgs.writeText "password" "keycloak");
@ -18,7 +26,7 @@
    };
    handle = lib.singleton {
      handler = "reverse_proxy";
-      upstreams = [ { dial = "localhost:8800"; } ];
+      upstreams = [ { dial = "localhost:${toString port}"; } ];
    };
  };
 }
--- a/hosts/tyo0/services/miniflux.nix
+++ b/hosts/tyo0/services/miniflux.nix
@ -1,10 +1,13 @@
 { lib, config, ... }:
+let
+  port = config.lib.ports.miniflux;
+in
 {
  services.miniflux = {
    enable = true;
    adminCredentialsFile = config.sops.secrets."miniflux/environment".path;
    config = {
-      LISTEN_ADDR = "127.0.0.1:9300";
+      LISTEN_ADDR = "127.0.0.1:${toString port}";
      BASE_URL = "https://rss.ny4.dev";

      OAUTH2_PROVIDER = "oidc";
@ -21,7 +24,7 @@
    };
    handle = lib.singleton {
      handler = "reverse_proxy";
-      upstreams = [ { dial = "localhost:9300"; } ];
+      upstreams = [ { dial = "localhost:${toString port}"; } ];
    };
  };
 }
--- a/hosts/tyo0/services/prometheus.nix
+++ b/hosts/tyo0/services/prometheus.nix
@ -4,17 +4,20 @@
  config,
  ...
 }:
+let
+  inherit (config.lib) ports;
+in
 {
  services.prometheus = {
    enable = true;
    listenAddress = "127.0.0.1";
-    port = 9090;
+    port = ports.prometheus;
    webExternalUrl = "https://prom.ny4.dev";

    exporters.blackbox = {
      enable = true;
      listenAddress = "127.0.0.1";
-      port = 9093;
+      port = ports.blackbox;
      configFile = (pkgs.formats.yaml { }).generate "config.yaml" {
        modules = {
          http_2xx = {
@ -73,7 +76,7 @@
          }
          {
            target_label = "__address__";
-            replacement = "127.0.0.1:9093";
+            replacement = "127.0.0.1:${toString ports.blackbox}";
          }
        ];
      }
@ -116,7 +119,7 @@
    alertmanagers = lib.singleton {
      static_configs = lib.singleton {
        targets = [
-          "127.0.0.1:9092"
+          "127.0.0.1:${toString ports.alertmanager}"
        ];
      };
    };
@ -124,7 +127,7 @@
    alertmanager = {
      enable = true;
      listenAddress = "127.0.0.1";
-      port = 9092;
+      port = ports.alertmanager;

      configuration = {
        receivers = lib.singleton {
@ -146,7 +149,7 @@
    };
    handle = lib.singleton {
      handler = "reverse_proxy";
-      upstreams = [ { dial = "127.0.0.1:9090"; } ];
+      upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ];
    };
  };
 }
--- a/hosts/tyo0/services/redlib.nix
+++ b/hosts/tyo0/services/redlib.nix
@ -1,9 +1,12 @@
-{ lib, ... }:
+{ lib, config, ... }:
+let
+  port = config.lib.ports.redlib;
+in
 {
  services.redlib = {
+    inherit port;
    enable = true;
    address = "127.0.0.1";
-    port = 9400;
  };

  services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
@ -12,7 +15,7 @@
    };
    handle = lib.singleton {
      handler = "reverse_proxy";
-      upstreams = [ { dial = "localhost:9400"; } ];
+      upstreams = [ { dial = "localhost:${toString port}"; } ];
    };
  };
 }
--- a/hosts/tyo0/services/vaultwarden.nix
+++ b/hosts/tyo0/services/vaultwarden.nix
@ -1,4 +1,7 @@
 { lib, config, ... }:
+let
+  port = config.lib.ports.vaultwarden;
+in
 {
  services.vaultwarden = {
    enable = true;
@ -7,7 +10,7 @@
      DOMAIN = "https://vault.ny4.dev";
      IP_HEADER = "X-Forwarded-For";
      ROCKET_ADDRESS = "127.0.0.1";
-      ROCKET_PORT = 9500;
+      ROCKET_PORT = port;

      EMERGENCY_ACCESS_ALLOWED = false;
      SENDS_ALLOWED = false;
@ -22,7 +25,7 @@
    };
    handle = lib.singleton {
      handler = "reverse_proxy";
-      upstreams = [ { dial = "localhost:9500"; } ];
+      upstreams = [ { dial = "localhost:${toString port}"; } ];
    };
  };
 }
--- a/hosts/tyo0/services/wastebin.nix
+++ b/hosts/tyo0/services/wastebin.nix
@ -1,8 +1,11 @@
-{ lib, ... }:
+{ lib, config, ... }:
+let
+  port = config.lib.ports.wastebin;
+in
 {
  services.wastebin = {
    enable = true;
-    settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200";
+    settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
  };

  services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
@ -11,7 +14,7 @@
    };
    handle = lib.singleton {
      handler = "reverse_proxy";
-      upstreams = [ { dial = "localhost:8200"; } ];
+      upstreams = [ { dial = "localhost:${toString port}"; } ];
    };
  };
 }