oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/services: remove some uses of secret ports

This commit is contained in:
Oystein Kristoffer Tveit 2023-10-06 18:05:38 +02:00
parent 6cd17fb71c
commit 7193a12ac2
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
10 changed files with 16 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/tsuki/services/grafana/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, secrets, ... }: { pkgs, config, lib, ... }:
{ {
imports = [ imports = [
./prometheus.nix ./prometheus.nix

4
hosts/tsuki/services/grafana/prometheus.nix
View File

@ -1,4 +1,4 @@
{ secrets, ... }: { { ... }: {
# TODO: Autogenerate port infrastructure # TODO: Autogenerate port infrastructure
imports = [ imports = [
@ -17,6 +17,6 @@
services.prometheus = { services.prometheus = {
enable = true; enable = true;
port = secrets.ports.prometheus; port = 7001;
}; };
} }

4
hosts/tsuki/services/headscale.nix
View File

@ -1,4 +1,4 @@
{ pkgs, secrets, config, ... }: { config, pkgs, ... }:
{ {
sops.secrets."headscale/oauth2_secret" = rec { sops.secrets."headscale/oauth2_secret" = rec {
restartUnits = [ "headscale.service" ]; restartUnits = [ "headscale.service" ];
@ -17,7 +17,7 @@
# TODO: make PR # TODO: make PR
# dataDir = "${config.machineVars.dataDrives.default}/var/headscale"; # dataDir = "${config.machineVars.dataDrives.default}/var/headscale";
port = secrets.ports.headscale; port = 39304;
settings = { settings = {
server_url = "https://vpn.nani.wtf"; server_url = "https://vpn.nani.wtf";

4
hosts/tsuki/services/matrix/bridges/matrix-appservice-irc.nix
View File

@ -1,4 +1,4 @@
{ config, secrets, ... }: let { config, ... }: let
cfg = config.services.matrix-appservice-irc; cfg = config.services.matrix-appservice-irc;
in { in {
services.matrix-appservice-irc = { services.matrix-appservice-irc = {
@ -14,7 +14,7 @@ in {
database = { database = {
engine = "postgres"; engine = "postgres";
connectionString = "postgres://matrix-appservice-irc:@localhost:${toString secrets.ports.postgres}/matrix-appservice-irc?sslmode=disable"; connectionString = "postgres://matrix-appservice-irc:@localhost:${toString config.services.postgresql.port}/matrix-appservice-irc?sslmode=disable";
}; };
ircService.servers."irc.lainchan.org" = { ircService.servers."irc.lainchan.org" = {

6
hosts/tsuki/services/matrix/bridges/mx-puppet-discord.nix
View File

@ -1,4 +1,4 @@
{ secrets, ... }: { config, ... }:
{ {
services.mx-puppet-discord = { services.mx-puppet-discord = {
enable = false; enable = false;
@ -15,11 +15,11 @@
# TODO: connect via localhost # TODO: connect via localhost
homeserverUrl = "https://matrix.nani.wtf"; homeserverUrl = "https://matrix.nani.wtf";
port = secrets.ports.matrix.mx-puppet-discord; port = 8434;
enableGroupSync = true; enableGroupSync = true;
}; };
database.connString = "postgres://mx-puppet-discord:@localhost:${toString secrets.ports.postgres}/mx-puppet-discord?sslmode=disable"; database.connString = "postgres://mx-puppet-discord:@localhost:${toString config.services.postgresql.port}/mx-puppet-discord?sslmode=disable";
namePatterns = { namePatterns = {
room = ":name"; room = ":name";

2
hosts/tsuki/services/matrix/postgres.nix
View File

@ -1,4 +1,4 @@
{ lib, config, secrets, ... }: { lib, config, ... }:
{ {
services.postgresql = let services.postgresql = let
o = lib.optional; o = lib.optional;

3
hosts/tsuki/services/osuchan.nix
View File

@ -2,9 +2,8 @@
{ {
services.osuchan = { services.osuchan = {
enable = true; enable = true;
port = secrets.ports.osuchan; port = 9283;
secretFile = "${config.machineVars.dataDrives.default}/keys/osuchan/envfile"; secretFile = "${config.machineVars.dataDrives.default}/keys/osuchan/envfile";
}; };
systemd.services.osuchan.after = [ systemd.services.osuchan.after = [

4
hosts/tsuki/services/plex.nix
View File

@ -1,4 +1,4 @@
{ config, secrets, ... }: let { config, ... }: let
cfg = config.services.plex; cfg = config.services.plex;
in { in {
services.plex = { services.plex = {
@ -29,6 +29,4 @@ in {
# RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; # RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
}; };
# networking.firewall.allowedTCPPorts = [ secrets.ports.plex ];
} }

3
hosts/tsuki/services/postgres.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, secrets, ... }: let { config, pkgs, lib, ... }: let
cfg = config.services.postgresql; cfg = config.services.postgresql;
in { in {
services.postgresql = { services.postgresql = {
@ -10,7 +10,6 @@ in {
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 trust
host all all ::1/128 trust host all all ::1/128 trust
''; '';
port = secrets.ports.postgres;
dataDir = "${config.machineVars.dataDrives.drives.postgres}/${config.services.postgresql.package.psqlSchema}"; dataDir = "${config.machineVars.dataDrives.drives.postgres}/${config.services.postgresql.package.psqlSchema}";
settings = { settings = {
max_connections = 150; max_connections = 150;

4
hosts/tsuki/services/taskserver.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, secrets, ... }: { pkgs, config, ... }:
{ {
security.acme.certs."tasks.nani.wtf" = { security.acme.certs."tasks.nani.wtf" = {
group = config.services.taskserver.group; group = config.services.taskserver.group;
@ -11,7 +11,7 @@
services.taskserver = { services.taskserver = {
enable = true; enable = true;
fqdn = "todo.nani.wtf"; fqdn = "todo.nani.wtf";
listenPort = secrets.ports.taskserver; listenPort = 19233;
dataDir = "${config.machineVars.dataDrives.default}/var/taskserver"; dataDir = "${config.machineVars.dataDrives.default}/var/taskserver";
organisations.h7x4 = { organisations.h7x4 = {