pek0: allocate ports centrally
This commit is contained in:
parent
4464525b03
commit
b2cd2920d8
8 changed files with 56 additions and 19 deletions
|
@ -9,6 +9,7 @@
|
|||
imports = [
|
||||
"${modulesPath}/virtualisation/amazon-image.nix"
|
||||
./anti-feature.nix
|
||||
./ports.nix
|
||||
|
||||
./services/forgejo.nix
|
||||
./services/keycloak.nix
|
||||
|
|
13
hosts/tyo0/ports.nix
Normal file
13
hosts/tyo0/ports.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
lib.ports = {
|
||||
keycloak = 8010;
|
||||
miniflux = 8020;
|
||||
redlib = 8030;
|
||||
vaultwarden = 8040;
|
||||
wastebin = 8050;
|
||||
|
||||
prometheus = 9010;
|
||||
blackbox = 9020;
|
||||
alertmanager = 9030;
|
||||
};
|
||||
}
|
|
@ -1,4 +1,12 @@
|
|||
{ lib, pkgs, ... }:
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
port = config.lib.ports.keycloak;
|
||||
in
|
||||
{
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
|
@ -6,7 +14,7 @@
|
|||
cache = "local";
|
||||
hostname = "id.ny4.dev";
|
||||
http-host = "127.0.0.1";
|
||||
http-port = 8800;
|
||||
http-port = port;
|
||||
proxy = "edge";
|
||||
};
|
||||
database.passwordFile = toString (pkgs.writeText "password" "keycloak");
|
||||
|
@ -18,7 +26,7 @@
|
|||
};
|
||||
handle = lib.singleton {
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [ { dial = "localhost:8800"; } ];
|
||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
port = config.lib.ports.miniflux;
|
||||
in
|
||||
{
|
||||
services.miniflux = {
|
||||
enable = true;
|
||||
adminCredentialsFile = config.sops.secrets."miniflux/environment".path;
|
||||
config = {
|
||||
LISTEN_ADDR = "127.0.0.1:9300";
|
||||
LISTEN_ADDR = "127.0.0.1:${toString port}";
|
||||
BASE_URL = "https://rss.ny4.dev";
|
||||
|
||||
OAUTH2_PROVIDER = "oidc";
|
||||
|
@ -21,7 +24,7 @@
|
|||
};
|
||||
handle = lib.singleton {
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [ { dial = "localhost:9300"; } ];
|
||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,17 +4,20 @@
|
|||
config,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (config.lib) ports;
|
||||
in
|
||||
{
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
port = 9090;
|
||||
port = ports.prometheus;
|
||||
webExternalUrl = "https://prom.ny4.dev";
|
||||
|
||||
exporters.blackbox = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
port = 9093;
|
||||
port = ports.blackbox;
|
||||
configFile = (pkgs.formats.yaml { }).generate "config.yaml" {
|
||||
modules = {
|
||||
http_2xx = {
|
||||
|
@ -73,7 +76,7 @@
|
|||
}
|
||||
{
|
||||
target_label = "__address__";
|
||||
replacement = "127.0.0.1:9093";
|
||||
replacement = "127.0.0.1:${toString ports.blackbox}";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -116,7 +119,7 @@
|
|||
alertmanagers = lib.singleton {
|
||||
static_configs = lib.singleton {
|
||||
targets = [
|
||||
"127.0.0.1:9092"
|
||||
"127.0.0.1:${toString ports.alertmanager}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -124,7 +127,7 @@
|
|||
alertmanager = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
port = 9092;
|
||||
port = ports.alertmanager;
|
||||
|
||||
configuration = {
|
||||
receivers = lib.singleton {
|
||||
|
@ -146,7 +149,7 @@
|
|||
};
|
||||
handle = lib.singleton {
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [ { dial = "127.0.0.1:9090"; } ];
|
||||
upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
{ lib, ... }:
|
||||
{ lib, config, ... }:
|
||||
let
|
||||
port = config.lib.ports.redlib;
|
||||
in
|
||||
{
|
||||
services.redlib = {
|
||||
inherit port;
|
||||
enable = true;
|
||||
address = "127.0.0.1";
|
||||
port = 9400;
|
||||
};
|
||||
|
||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||
|
@ -12,7 +15,7 @@
|
|||
};
|
||||
handle = lib.singleton {
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [ { dial = "localhost:9400"; } ];
|
||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,7 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
port = config.lib.ports.vaultwarden;
|
||||
in
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
|
@ -7,7 +10,7 @@
|
|||
DOMAIN = "https://vault.ny4.dev";
|
||||
IP_HEADER = "X-Forwarded-For";
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 9500;
|
||||
ROCKET_PORT = port;
|
||||
|
||||
EMERGENCY_ACCESS_ALLOWED = false;
|
||||
SENDS_ALLOWED = false;
|
||||
|
@ -22,7 +25,7 @@
|
|||
};
|
||||
handle = lib.singleton {
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [ { dial = "localhost:9500"; } ];
|
||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
{ lib, ... }:
|
||||
{ lib, config, ... }:
|
||||
let
|
||||
port = config.lib.ports.wastebin;
|
||||
in
|
||||
{
|
||||
services.wastebin = {
|
||||
enable = true;
|
||||
settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200";
|
||||
settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
|
||||
};
|
||||
|
||||
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
|
||||
|
@ -11,7 +14,7 @@
|
|||
};
|
||||
handle = lib.singleton {
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [ { dial = "localhost:8200"; } ];
|
||||
upstreams = [ { dial = "localhost:${toString port}"; } ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue