foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-24 18:19:11 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: update services host configurations

Browse Source 
We're making some of them completely on the private network. This way,
they can only be accessed once we're in a tunneling service like
Wireguard or OpenVPN.
This commit is contained in:
Gabriel Arazas 2023-01-21 09:03:10 +08:00
parent 1bb128401e
commit 02eba75d63
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/plover/modules/hardware/networks.nix
View File

@ -13,10 +13,17 @@ rec {
publicIPv6PrefixLength = 64; publicIPv6PrefixLength = 64;
publicIPv6' = "${publicIPv6}/${toString publicIPv6PrefixLength}"; publicIPv6' = "${publicIPv6}/${toString publicIPv6PrefixLength}";
# The private network for this host.
privateIPNetworkRange = "172.16.0.0/32"; privateIPNetworkRange = "172.16.0.0/32";
privateNetworkGatewayIP = "172.16.0.1/32"; privateNetworkGatewayIP = "172.16.0.1/32";
privateNetworkServicesPart = "172.18.25";
privateNetworkHostPart = hostPart: "${privateNetworkServicesPart}.${toString hostPart}";
wireguardIPv6 = "fdee:b0de:54e6:ae74::"; wireguardIPv6 = "fdee:b0de:54e6:ae74::";
wireguardIPv6LengthPrefix = 64; wireguardIPv6LengthPrefix = 64;
wireguardPort = 51820; wireguardPort = 51820;
# Applications that are supposed to be internal.
atuinHost = privateNetworkHostPart 3;
keycloakHost = privateNetworkHostPart 4;
} }

4
hosts/plover/modules/services/atuin.nix
View File

@ -5,6 +5,8 @@
let let
atuinDomain = "atuin.${config.networking.domain}"; atuinDomain = "atuin.${config.networking.domain}";
inherit (import ../hardware/networks.nix) atuinHost;
in in
{ {
# Atuin sync server because why not. # Atuin sync server because why not.
@ -12,6 +14,8 @@ in
enable = true; enable = true;
openFirewall = true; openFirewall = true;
openRegistration = false; openRegistration = false;
host = atuinHost;
port = 8965; port = 8965;
}; };

8
hosts/plover/modules/services/keycloak.nix
View File

@ -2,6 +2,8 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (import ../hardware/networks.nix) keycloakHost;
authDomain = "auth.${config.networking.domain}"; authDomain = "auth.${config.networking.domain}";
# This is also set on our own. # This is also set on our own.
@ -15,7 +17,7 @@ in
services.keycloak = { services.keycloak = {
enable = true; enable = true;
# Pls change at first login. # Pls change at first login. Or just change it through `kcadm.sh`.
initialAdminPassword = "wow what is this thing"; initialAdminPassword = "wow what is this thing";
database = { database = {
@ -25,7 +27,7 @@ in
}; };
settings = { settings = {
host = "127.0.0.1"; host = keycloakHost;
db-schema = keycloakDbName; db-schema = keycloakDbName;
@ -73,7 +75,7 @@ in
# This is based from the reverse proxy guide from the official # This is based from the reverse proxy guide from the official
# documentation at https://www.keycloak.org/server/reverseproxy. # documentation at https://www.keycloak.org/server/reverseproxy.
locations = let locations = let
keycloakPath = path: "http://localhost:${toString config.services.keycloak.settings.http-port}"; keycloakPath = path: "http://${keycloakHost}:${toString config.services.keycloak.settings.http-port}";
in in
lib.listToAttrs lib.listToAttrs
(lib.lists.map (lib.lists.map