Configuration des domaines générique
This commit is contained in:
parent
bfb50ff90c
commit
69c58eb73e
30
services.nix
30
services.nix
@ -24,20 +24,20 @@ in
|
|||||||
services.haproxy-acme.enable = true;
|
services.haproxy-acme.enable = true;
|
||||||
services.haproxy-acme.domaine = domaine;
|
services.haproxy-acme.domaine = domaine;
|
||||||
services.haproxy-acme.services = {
|
services.haproxy-acme.services = {
|
||||||
grafana = { ip = "127.0.0.1"; port = 3000; auth = false; };
|
"grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = false; };
|
||||||
emby = { ip = "127.0.0.1"; port = 8096; auth = false; };
|
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
|
||||||
radarr = { ip = "127.0.0.1"; port = 7878; auth = false; };
|
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = false; };
|
||||||
sonarr = { ip = "127.0.0.1"; port = 8989; auth = false; };
|
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = false; };
|
||||||
lidarr = { ip = "127.0.0.1"; port = 8686; auth = false; };
|
"lidarr.${domaine}" = { ip = "127.0.0.1"; port = 8686; auth = false; };
|
||||||
transmission = { ip = "127.0.0.1"; port = 9091; auth = true; };
|
"transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
|
||||||
syncthing = { ip = "127.0.0.1"; port = 8384; auth = true; };
|
"syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
|
||||||
jackett = { ip = "127.0.0.1"; port = 9117; auth = true; };
|
"jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
|
||||||
searx = { ip = "127.0.0.1"; port = 8888; auth = false; };
|
"searx.${domaine}" = { ip = "127.0.0.1"; port = 8888; auth = false; };
|
||||||
riot = { ip = "127.0.0.1"; port = riot_port; auth = false; };
|
"riot.${domaine}" = { ip = "127.0.0.1"; port = riot_port; auth = false; };
|
||||||
matrix = { ip = "127.0.0.1"; port = 8008; auth = false; };
|
"matrix.${domaine}" = { ip = "127.0.0.1"; port = 8008; auth = false; };
|
||||||
organizr = { ip = "127.0.0.1"; port = organizr_port; auth = true; };
|
"organizr.${domaine}" = { ip = "127.0.0.1"; port = organizr_port; auth = true; };
|
||||||
calibre = { ip = "127.0.0.1"; port = 8080; auth = false; };
|
"calibre.${domaine}" = { ip = "127.0.0.1"; port = 8080; auth = false; };
|
||||||
pgmanage = { ip = "127.0.0.1"; port = pgmanage_port; auth = true; };
|
"pgmanage.${domaine}" = { ip = "127.0.0.1"; port = pgmanage_port; auth = true; };
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mailserver.enable = true;
|
services.mailserver.enable = true;
|
||||||
@ -205,9 +205,11 @@ in
|
|||||||
|
|
||||||
services.site-musique.enable = true;
|
services.site-musique.enable = true;
|
||||||
services.site-musique.port = musique_port;
|
services.site-musique.port = musique_port;
|
||||||
|
services.site-musique.domaine = "musique.${domaine}";
|
||||||
|
|
||||||
services.site-max.enable = true;
|
services.site-max.enable = true;
|
||||||
services.site-max.port = max_port;
|
services.site-max.port = max_port;
|
||||||
|
services.site-max.domaine = "max.${domaine}";
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
111 2049 4000 4001 4002 # NFS
|
111 2049 4000 4001 4002 # NFS
|
||||||
|
|||||||
@ -71,7 +71,7 @@ in
|
|||||||
|
|
||||||
${concatStrings (
|
${concatStrings (
|
||||||
mapAttrsToList (name: value:
|
mapAttrsToList (name: value:
|
||||||
" acl ${name}-acl hdr(host) -i ${name}.${cfg.domaine}\n"
|
" acl ${name}-acl hdr(host) -i ${name}\n"
|
||||||
+ " use_backend ${name}-backend if ${name}-acl\n"
|
+ " use_backend ${name}-backend if ${name}-acl\n"
|
||||||
) cfg.services)}
|
) cfg.services)}
|
||||||
|
|
||||||
@ -111,9 +111,9 @@ in
|
|||||||
security.acme.certs = {
|
security.acme.certs = {
|
||||||
${cfg.domaine} = {
|
${cfg.domaine} = {
|
||||||
extraDomains = mapAttrs' (name: value:
|
extraDomains = mapAttrs' (name: value:
|
||||||
nameValuePair ("${name}.${cfg.domaine}") (null)
|
nameValuePair ("${name}") (null)
|
||||||
) cfg.services;
|
) cfg.services;
|
||||||
webroot = "/var/www/challenges/";
|
webroot = "/var/www/challenges";
|
||||||
email = "paul@nyanlout.re";
|
email = "paul@nyanlout.re";
|
||||||
user = "haproxy";
|
user = "haproxy";
|
||||||
group = "haproxy";
|
group = "haproxy";
|
||||||
|
|||||||
@ -14,12 +14,18 @@ in
|
|||||||
example = 54321;
|
example = 54321;
|
||||||
description = "Local listening port";
|
description = "Local listening port";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
domaine = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "example.com";
|
||||||
|
description = "Domaine à utiliser";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
services.haproxy-acme.services = {
|
services.haproxy-acme.services = {
|
||||||
max = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
|
${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
|
|||||||
@ -14,12 +14,18 @@ in
|
|||||||
example = 54321;
|
example = 54321;
|
||||||
description = "Local listening port";
|
description = "Local listening port";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
domaine = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "example.com";
|
||||||
|
description = "Domaine à utiliser";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
services.haproxy-acme.services = {
|
services.haproxy-acme.services = {
|
||||||
musique = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
|
${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user