diff --git a/hosts/tyo0/default.nix b/hosts/tyo0/default.nix index b3a7238..5c6d5f6 100644 --- a/hosts/tyo0/default.nix +++ b/hosts/tyo0/default.nix @@ -9,6 +9,7 @@ imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ./anti-feature.nix + ./ports.nix ./services/forgejo.nix ./services/keycloak.nix diff --git a/hosts/tyo0/ports.nix b/hosts/tyo0/ports.nix new file mode 100644 index 0000000..ae8f70f --- /dev/null +++ b/hosts/tyo0/ports.nix @@ -0,0 +1,13 @@ +{ + lib.ports = { + keycloak = 8010; + miniflux = 8020; + redlib = 8030; + vaultwarden = 8040; + wastebin = 8050; + + prometheus = 9010; + blackbox = 9020; + alertmanager = 9030; + }; +} diff --git a/hosts/tyo0/services/keycloak.nix b/hosts/tyo0/services/keycloak.nix index dcad564..1908c40 100644 --- a/hosts/tyo0/services/keycloak.nix +++ b/hosts/tyo0/services/keycloak.nix @@ -1,4 +1,12 @@ -{ lib, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: +let + port = config.lib.ports.keycloak; +in { services.keycloak = { enable = true; @@ -6,7 +14,7 @@ cache = "local"; hostname = "id.ny4.dev"; http-host = "127.0.0.1"; - http-port = 8800; + http-port = port; proxy = "edge"; }; database.passwordFile = toString (pkgs.writeText "password" "keycloak"); @@ -18,7 +26,7 @@ }; handle = lib.singleton { handler = "reverse_proxy"; - upstreams = [ { dial = "localhost:8800"; } ]; + upstreams = [ { dial = "localhost:${toString port}"; } ]; }; }; } diff --git a/hosts/tyo0/services/miniflux.nix b/hosts/tyo0/services/miniflux.nix index 0746b8f..bf7ac64 100644 --- a/hosts/tyo0/services/miniflux.nix +++ b/hosts/tyo0/services/miniflux.nix @@ -1,10 +1,13 @@ { lib, config, ... }: +let + port = config.lib.ports.miniflux; +in { services.miniflux = { enable = true; adminCredentialsFile = config.sops.secrets."miniflux/environment".path; config = { - LISTEN_ADDR = "127.0.0.1:9300"; + LISTEN_ADDR = "127.0.0.1:${toString port}"; BASE_URL = "https://rss.ny4.dev"; OAUTH2_PROVIDER = "oidc"; @@ -21,7 +24,7 @@ }; handle = lib.singleton { handler = "reverse_proxy"; - upstreams = [ { dial = "localhost:9300"; } ]; + upstreams = [ { dial = "localhost:${toString port}"; } ]; }; }; } diff --git a/hosts/tyo0/services/prometheus.nix b/hosts/tyo0/services/prometheus.nix index 181f4ee..07d3fc5 100644 --- a/hosts/tyo0/services/prometheus.nix +++ b/hosts/tyo0/services/prometheus.nix @@ -4,17 +4,20 @@ config, ... }: +let + inherit (config.lib) ports; +in { services.prometheus = { enable = true; listenAddress = "127.0.0.1"; - port = 9090; + port = ports.prometheus; webExternalUrl = "https://prom.ny4.dev"; exporters.blackbox = { enable = true; listenAddress = "127.0.0.1"; - port = 9093; + port = ports.blackbox; configFile = (pkgs.formats.yaml { }).generate "config.yaml" { modules = { http_2xx = { @@ -73,7 +76,7 @@ } { target_label = "__address__"; - replacement = "127.0.0.1:9093"; + replacement = "127.0.0.1:${toString ports.blackbox}"; } ]; } @@ -116,7 +119,7 @@ alertmanagers = lib.singleton { static_configs = lib.singleton { targets = [ - "127.0.0.1:9092" + "127.0.0.1:${toString ports.alertmanager}" ]; }; }; @@ -124,7 +127,7 @@ alertmanager = { enable = true; listenAddress = "127.0.0.1"; - port = 9092; + port = ports.alertmanager; configuration = { receivers = lib.singleton { @@ -146,7 +149,7 @@ }; handle = lib.singleton { handler = "reverse_proxy"; - upstreams = [ { dial = "127.0.0.1:9090"; } ]; + upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ]; }; }; } diff --git a/hosts/tyo0/services/redlib.nix b/hosts/tyo0/services/redlib.nix index 8093b3d..7adcd16 100644 --- a/hosts/tyo0/services/redlib.nix +++ b/hosts/tyo0/services/redlib.nix @@ -1,9 +1,12 @@ -{ lib, ... }: +{ lib, config, ... }: +let + port = config.lib.ports.redlib; +in { services.redlib = { + inherit port; enable = true; address = "127.0.0.1"; - port = 9400; }; services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton { @@ -12,7 +15,7 @@ }; handle = lib.singleton { handler = "reverse_proxy"; - upstreams = [ { dial = "localhost:9400"; } ]; + upstreams = [ { dial = "localhost:${toString port}"; } ]; }; }; } diff --git a/hosts/tyo0/services/vaultwarden.nix b/hosts/tyo0/services/vaultwarden.nix index 0663ed5..edf3a35 100644 --- a/hosts/tyo0/services/vaultwarden.nix +++ b/hosts/tyo0/services/vaultwarden.nix @@ -1,4 +1,7 @@ { lib, config, ... }: +let + port = config.lib.ports.vaultwarden; +in { services.vaultwarden = { enable = true; @@ -7,7 +10,7 @@ DOMAIN = "https://vault.ny4.dev"; IP_HEADER = "X-Forwarded-For"; ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 9500; + ROCKET_PORT = port; EMERGENCY_ACCESS_ALLOWED = false; SENDS_ALLOWED = false; @@ -22,7 +25,7 @@ }; handle = lib.singleton { handler = "reverse_proxy"; - upstreams = [ { dial = "localhost:9500"; } ]; + upstreams = [ { dial = "localhost:${toString port}"; } ]; }; }; } diff --git a/hosts/tyo0/services/wastebin.nix b/hosts/tyo0/services/wastebin.nix index fbef1ac..36d9416 100644 --- a/hosts/tyo0/services/wastebin.nix +++ b/hosts/tyo0/services/wastebin.nix @@ -1,8 +1,11 @@ -{ lib, ... }: +{ lib, config, ... }: +let + port = config.lib.ports.wastebin; +in { services.wastebin = { enable = true; - settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200"; + settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}"; }; services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton { @@ -11,7 +14,7 @@ }; handle = lib.singleton { handler = "reverse_proxy"; - upstreams = [ { dial = "localhost:8200"; } ]; + upstreams = [ { dial = "localhost:${toString port}"; } ]; }; }; }