pek0: allocate ports centrally

This commit is contained in:
Guanran Wang 2024-09-06 20:19:44 +08:00
parent 4464525b03
commit b2cd2920d8
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
8 changed files with 56 additions and 19 deletions

View file

@ -9,6 +9,7 @@
imports = [
"${modulesPath}/virtualisation/amazon-image.nix"
./anti-feature.nix
./ports.nix
./services/forgejo.nix
./services/keycloak.nix

13
hosts/tyo0/ports.nix Normal file
View file

@ -0,0 +1,13 @@
{
lib.ports = {
keycloak = 8010;
miniflux = 8020;
redlib = 8030;
vaultwarden = 8040;
wastebin = 8050;
prometheus = 9010;
blackbox = 9020;
alertmanager = 9030;
};
}

View file

@ -1,4 +1,12 @@
{ lib, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
port = config.lib.ports.keycloak;
in
{
services.keycloak = {
enable = true;
@ -6,7 +14,7 @@
cache = "local";
hostname = "id.ny4.dev";
http-host = "127.0.0.1";
http-port = 8800;
http-port = port;
proxy = "edge";
};
database.passwordFile = toString (pkgs.writeText "password" "keycloak");
@ -18,7 +26,7 @@
};
handle = lib.singleton {
handler = "reverse_proxy";
upstreams = [ { dial = "localhost:8800"; } ];
upstreams = [ { dial = "localhost:${toString port}"; } ];
};
};
}

View file

@ -1,10 +1,13 @@
{ lib, config, ... }:
let
port = config.lib.ports.miniflux;
in
{
services.miniflux = {
enable = true;
adminCredentialsFile = config.sops.secrets."miniflux/environment".path;
config = {
LISTEN_ADDR = "127.0.0.1:9300";
LISTEN_ADDR = "127.0.0.1:${toString port}";
BASE_URL = "https://rss.ny4.dev";
OAUTH2_PROVIDER = "oidc";
@ -21,7 +24,7 @@
};
handle = lib.singleton {
handler = "reverse_proxy";
upstreams = [ { dial = "localhost:9300"; } ];
upstreams = [ { dial = "localhost:${toString port}"; } ];
};
};
}

View file

@ -4,17 +4,20 @@
config,
...
}:
let
inherit (config.lib) ports;
in
{
services.prometheus = {
enable = true;
listenAddress = "127.0.0.1";
port = 9090;
port = ports.prometheus;
webExternalUrl = "https://prom.ny4.dev";
exporters.blackbox = {
enable = true;
listenAddress = "127.0.0.1";
port = 9093;
port = ports.blackbox;
configFile = (pkgs.formats.yaml { }).generate "config.yaml" {
modules = {
http_2xx = {
@ -73,7 +76,7 @@
}
{
target_label = "__address__";
replacement = "127.0.0.1:9093";
replacement = "127.0.0.1:${toString ports.blackbox}";
}
];
}
@ -116,7 +119,7 @@
alertmanagers = lib.singleton {
static_configs = lib.singleton {
targets = [
"127.0.0.1:9092"
"127.0.0.1:${toString ports.alertmanager}"
];
};
};
@ -124,7 +127,7 @@
alertmanager = {
enable = true;
listenAddress = "127.0.0.1";
port = 9092;
port = ports.alertmanager;
configuration = {
receivers = lib.singleton {
@ -146,7 +149,7 @@
};
handle = lib.singleton {
handler = "reverse_proxy";
upstreams = [ { dial = "127.0.0.1:9090"; } ];
upstreams = [ { dial = "127.0.0.1:${toString ports.prometheus}"; } ];
};
};
}

View file

@ -1,9 +1,12 @@
{ lib, ... }:
{ lib, config, ... }:
let
port = config.lib.ports.redlib;
in
{
services.redlib = {
inherit port;
enable = true;
address = "127.0.0.1";
port = 9400;
};
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
@ -12,7 +15,7 @@
};
handle = lib.singleton {
handler = "reverse_proxy";
upstreams = [ { dial = "localhost:9400"; } ];
upstreams = [ { dial = "localhost:${toString port}"; } ];
};
};
}

View file

@ -1,4 +1,7 @@
{ lib, config, ... }:
let
port = config.lib.ports.vaultwarden;
in
{
services.vaultwarden = {
enable = true;
@ -7,7 +10,7 @@
DOMAIN = "https://vault.ny4.dev";
IP_HEADER = "X-Forwarded-For";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 9500;
ROCKET_PORT = port;
EMERGENCY_ACCESS_ALLOWED = false;
SENDS_ALLOWED = false;
@ -22,7 +25,7 @@
};
handle = lib.singleton {
handler = "reverse_proxy";
upstreams = [ { dial = "localhost:9500"; } ];
upstreams = [ { dial = "localhost:${toString port}"; } ];
};
};
}

View file

@ -1,8 +1,11 @@
{ lib, ... }:
{ lib, config, ... }:
let
port = config.lib.ports.wastebin;
in
{
services.wastebin = {
enable = true;
settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:8200";
settings.WASTEBIN_ADDRESS_PORT = "127.0.0.1:${toString port}";
};
services.caddy.settings.apps.http.servers.srv0.routes = lib.singleton {
@ -11,7 +14,7 @@
};
handle = lib.singleton {
handler = "reverse_proxy";
upstreams = [ { dial = "localhost:8200"; } ];
upstreams = [ { dial = "localhost:${toString port}"; } ];
};
};
}