pek0: allocate ports centrally

This commit is contained in:
Guanran Wang 2024-09-06 20:19:44 +08:00
parent 4464525b03
commit b2cd2920d8
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
8 changed files with 56 additions and 19 deletions

View file

@ -9,6 +9,7 @@
imports = [ imports = [
"${modulesPath}/virtualisation/amazon-image.nix" "${modulesPath}/virtualisation/amazon-image.nix"
./anti-feature.nix ./anti-feature.nix
./ports.nix
./services/forgejo.nix ./services/forgejo.nix
./services/keycloak.nix ./services/keycloak.nix

13
hosts/tyo0/ports.nix Normal file
View file

@ -0,0 +1,13 @@
{
lib.ports = {
keycloak = 8010;
miniflux = 8020;
redlib = 8030;
vaultwarden = 8040;
wastebin = 8050;
prometheus = 9010;
blackbox = 9020;
alertmanager = 9030;
};
}

View file

@ -1,4 +1,12 @@
{ lib, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let
port = config.lib.ports.keycloak;
in
{ {
services.keycloak = { services.keycloak = {
enable = true; enable = true;
@ -6,7 +14,7 @@
cache = "local"; cache = "local";
hostname = "id.ny4.dev"; hostname = "id.ny4.dev";
http-host = "127.0.0.1"; http-host = "127.0.0.1";
http-port = 8800; http-port = port;
proxy = "edge"; proxy = "edge";
}; };
database.passwordFile = toString (pkgs.writeText "password" "keycloak"); database.passwordFile = toString (pkgs.writeText "password" "keycloak");
@ -18,7 +26,7 @@
}; };
handle = lib.singleton { handle = lib.singleton {
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [ { dial = "localhost:8800"; } ]; upstreams = [ { dial = "localhost:${toString port}"; } ];
}; };
}; };
} }

View file

@ -1,10 +1,13 @@
{ lib, config, ... }: { lib, config, ... }:
let
port = config.lib.ports.miniflux;
in
{ {
services.miniflux = { services.miniflux = {
enable = true; enable = true;
adminCredentialsFile = config.sops.secrets."miniflux/environment".path; adminCredentialsFile = config.sops.secrets."miniflux/environment".path;
config = { config = {
LISTEN_ADDR = "127.0.0.1:9300"; LISTEN_ADDR = "127.0.0.1:${toString port}";
BASE_URL = "https://rss.ny4.dev"; BASE_URL = "https://rss.ny4.dev";
OAUTH2_PROVIDER = "oidc"; OAUTH2_PROVIDER = "oidc";
@ -21,7 +24,7 @@
}; };
handle = lib.singleton { handle = lib.singleton {
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [ { dial = "localhost:9300"; } ]; upstreams = [ { dial = "localhost:${toString port}"; } ];
}; };
}; };
} }

View file

@ -4,17 +4,20 @@
config, config,
... ...
}: }:
let
inherit (config.lib) ports;
in
{ {
services.prometheus = { services.prometheus = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9090; port = ports.prometheus;
webExternalUrl = "https://prom.ny4.dev"; webExternalUrl = "https://prom.ny4.dev";
exporters.blackbox = { exporters.blackbox = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9093; port = ports.blackbox;
configFile = (pkgs.formats.yaml { }).generate "config.yaml" { configFile = (pkgs.formats.yaml { }).generate "config.yaml" {
modules = { modules = {
http_2xx = { http_2xx = {
@ -73,7 +76,7 @@
} }
{ {
target_label = "__address__"; target_label = "__address__";
replacement = "127.0.0.1:9093"; replacement = "127.0.0.1:${toString ports.blackbox}";
} }
]; ];
} }
@ -116,7 +119,7 @@
alertmanagers = lib.singleton { alertmanagers = lib.singleton {
static_configs = lib.singleton { static_configs = lib.singleton {
targets = [ targets = [
"127.0.0.1:9092" "127.0.0.1:${toString ports.alertmanager}"
]; ];
}; };
}; };
@ -124,7 +127,7 @@
alertmanager = { alertmanager = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9092; port = ports.alertmanager;
configuration = { configuration = {
receivers = lib.singleton { receivers = lib.singleton {
@ -146,7 +149,7 @@
}; };
handle = lib.singleton { handle = lib.singleton {
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [ { dial = "127.0.0.1:9090"; } ]; upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ];
}; };
}; };
} }

View file

@ -1,9 +1,12 @@
{ lib, ... }: { lib, config, ... }:
let
port = config.lib.ports.redlib;
in
{ {
services.redlib = { services.redlib = {
inherit port;
enable = true; enable = true;
address = "127.0.0.1"; address = "127.0.0.1";
port = 9400;
}; };
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton { services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
@ -12,7 +15,7 @@
}; };
handle = lib.singleton { handle = lib.singleton {
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [ { dial = "localhost:9400"; } ]; upstreams = [ { dial = "localhost:${toString port}"; } ];
}; };
}; };
} }

View file

@ -1,4 +1,7 @@
{ lib, config, ... }: { lib, config, ... }:
let
port = config.lib.ports.vaultwarden;
in
{ {
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
@ -7,7 +10,7 @@
DOMAIN = "https://vault.ny4.dev"; DOMAIN = "https://vault.ny4.dev";
IP_HEADER = "X-Forwarded-For"; IP_HEADER = "X-Forwarded-For";
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 9500; ROCKET_PORT = port;
EMERGENCY_ACCESS_ALLOWED = false; EMERGENCY_ACCESS_ALLOWED = false;
SENDS_ALLOWED = false; SENDS_ALLOWED = false;
@ -22,7 +25,7 @@
}; };
handle = lib.singleton { handle = lib.singleton {
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [ { dial = "localhost:9500"; } ]; upstreams = [ { dial = "localhost:${toString port}"; } ];
}; };
}; };
} }

View file

@ -1,8 +1,11 @@
{ lib, ... }: { lib, config, ... }:
let
port = config.lib.ports.wastebin;
in
{ {
services.wastebin = { services.wastebin = {
enable = true; enable = true;
settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200"; settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
}; };
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton { services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
@ -11,7 +14,7 @@
}; };
handle = lib.singleton { handle = lib.singleton {
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [ { dial = "localhost:8200"; } ]; upstreams = [ { dial = "localhost:${toString port}"; } ];
}; };
}; };
} }