hosts/prefect-vps: init
This is temporary until the current server is taken down.
This commit is contained in:
parent
e7b50385aa
commit
e6039f5407
8 changed files with 156 additions and 0 deletions
|
@ -117,6 +117,14 @@
|
|||
];
|
||||
specialArgs = {inherit self inputs;};
|
||||
};
|
||||
nixosConfigurations.prefect-vps = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
./hosts/prefect-vps/configuration.nix
|
||||
./hosts/prefect-vps/bootloader.nix
|
||||
];
|
||||
specialArgs = {inherit self inputs;};
|
||||
};
|
||||
nixosConfigurations.zaphod = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
|
|
17
hosts/prefect-vps/bootloader.nix
Normal file
17
hosts/prefect-vps/bootloader.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot = {
|
||||
cleanTmpDir = true;
|
||||
loader = {
|
||||
grub.device = "/dev/sda";
|
||||
};
|
||||
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
|
||||
initrd.kernelModules = [ "nvme" ];
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
};
|
||||
}
|
28
hosts/prefect-vps/configuration.nix
Normal file
28
hosts/prefect-vps/configuration.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, lib, inputs, ... }: {
|
||||
imports = [
|
||||
# Common Config
|
||||
../common/packages.nix
|
||||
../common/nixConfig.nix
|
||||
../common/nixpkgsConfig.nix
|
||||
../common/root.nix
|
||||
../common/ssh.nix
|
||||
|
||||
# My user, also a default.
|
||||
../../users/thehedgehog/default.nix
|
||||
|
||||
# Machine-specific configurations.
|
||||
./firewall.nix
|
||||
./networking.nix
|
||||
./hardware.nix
|
||||
|
||||
# Running Services
|
||||
./services/caddy.nix
|
||||
./services/tailscale.nix
|
||||
];
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
fsType = "ext4";
|
||||
device = "scsi-0QEMU_QEMU_HARDDISK_21170924-part1";
|
||||
};
|
||||
};
|
||||
}
|
3
hosts/prefect-vps/firewall.nix
Normal file
3
hosts/prefect-vps/firewall.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
}
|
3
hosts/prefect-vps/hardware.nix
Normal file
3
hosts/prefect-vps/hardware.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
zramSwap.enable = true;
|
||||
}
|
15
hosts/prefect-vps/networking.nix
Normal file
15
hosts/prefect-vps/networking.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ lib, ...}: {
|
||||
networking = {
|
||||
hostName = "prefect-vps";
|
||||
interfaces.enp1s0 = {
|
||||
ipv6.addresses = [{
|
||||
address = "2a01:4ff:f0:98bf::";
|
||||
prefixLength = 64;
|
||||
}];
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "enp1s0";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
74
hosts/prefect-vps/services/caddy.nix
Normal file
74
hosts/prefect-vps/services/caddy.nix
Normal file
|
@ -0,0 +1,74 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
package = pkgs.callPackage ../../../pkgs/caddy.nix {
|
||||
plugins = [
|
||||
"github.com/greenpau/caddy-security"
|
||||
];
|
||||
vendorSha256 = "sha256-W1/6D5KvKFzS26+6bCik0frPsXlVZ/XlyHE5FGu1uEc=";
|
||||
};
|
||||
email = "hedgehog@mrhedgehog.xyz";
|
||||
# globalConfig = ''
|
||||
# '';
|
||||
virtualHosts = {
|
||||
"reddit.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:4000
|
||||
'';
|
||||
};
|
||||
"adguard.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:2500
|
||||
'';
|
||||
};
|
||||
"rss.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:6000
|
||||
'';
|
||||
};
|
||||
"media.thehedgehog.me" = {
|
||||
serverAliases = [ "jellyfin.thehedgehog.me" ];
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:8096
|
||||
'';
|
||||
};
|
||||
"hydra.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:3000
|
||||
'';
|
||||
};
|
||||
"dav.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:5352
|
||||
'';
|
||||
};
|
||||
"rss-bridge.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:80
|
||||
'';
|
||||
};
|
||||
"git.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:3001
|
||||
'';
|
||||
};
|
||||
"bw.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:8000
|
||||
'';
|
||||
};
|
||||
"dash.thehedgehog.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy http://marvin:3003
|
||||
'';
|
||||
};
|
||||
};
|
||||
extraConfig = ''
|
||||
'';
|
||||
};
|
||||
}
|
8
hosts/prefect-vps/services/tailscale.nix
Normal file
8
hosts/prefect-vps/services/tailscale.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{config, ...}: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
};
|
||||
networking.firewall.trustedInterfaces = [ "tailscale0"];
|
||||
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
|
||||
networking.firewall.checkReversePath = "loose";
|
||||
}
|
Loading…
Reference in a new issue