about summary refs log tree commit diff
path: root/nix/hosts
diff options
context:
space:
mode:
authorEmile <git@emile.space>2024-03-26 10:30:12 +0100
committerEmile <git@emile.space>2024-03-26 10:32:37 +0100
commitcb20d078360ec9235b9b3a78d7950ded1f601267 (patch)
tree52d5ab591c843d9a7e888369f8315410c86e2203 /nix/hosts
parentdfed6d17ebc3494fc783b7a345b342d59e4e325a (diff)
ports.nix file containing the used ports in a central location
Done and deployed in the 15min train ride to the office, quick and easy!
Diffstat (limited to 'nix/hosts')
-rw-r--r--nix/hosts/corrino/configuration.nix7
-rw-r--r--nix/hosts/corrino/modules/authelia.emile.space.nix13
-rw-r--r--nix/hosts/corrino/ports.nix45
-rw-r--r--nix/hosts/corrino/www/cs.emile.space.nix10
-rw-r--r--nix/hosts/corrino/www/ctf.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/events.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/git.emile.space.nix5
-rw-r--r--nix/hosts/corrino/www/grafana.emile.space.nix16
-rw-r--r--nix/hosts/corrino/www/hydra.emile.space.nix10
-rw-r--r--nix/hosts/corrino/www/jupyter.emile.space.nix14
-rw-r--r--nix/hosts/corrino/www/magic-hash.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/md.emile.space.nix9
-rw-r--r--nix/hosts/corrino/www/netbox.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/pgweb.emile.space.nix6
-rw-r--r--nix/hosts/corrino/www/photo.emile.space.nix8
-rw-r--r--nix/hosts/corrino/www/stream.emile.space.nix12
-rw-r--r--nix/hosts/corrino/www/talks.emile.space.nix5
-rw-r--r--nix/hosts/corrino/www/tickets.emile.space.nix8
18 files changed, 139 insertions, 61 deletions
diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix
index c97d09f..dbc952c 100644
--- a/nix/hosts/corrino/configuration.nix
+++ b/nix/hosts/corrino/configuration.nix
@@ -1,5 +1,8 @@
 { config, pkgs, ... }:
-{
+
+let
+  ports = import ./ports.nix;
+in {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
@@ -57,7 +60,7 @@
           enable = true;
       
           # ssh port during boot for luks decryption
-          port = 2222;
+          port = ports.initrd_ssh;
           authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
           hostKeys = [ "/initrd_ssh_host_ecdsa_key" ];
         };
diff --git a/nix/hosts/corrino/modules/authelia.emile.space.nix b/nix/hosts/corrino/modules/authelia.emile.space.nix
index 774e62f..8a2c62a 100644
--- a/nix/hosts/corrino/modules/authelia.emile.space.nix
+++ b/nix/hosts/corrino/modules/authelia.emile.space.nix
@@ -1,6 +1,9 @@
 { config, pkgs, ... }:
 
-{
+let
+	ports = import ../ports.nix;
+	authelia_port = config.services.authelia.instances.main.settings.server.port;
+in {
 
 	services.nginx.virtualHosts."sso.emile.space" = {
 		forceSSL = true;
@@ -8,7 +11,7 @@
 
 		locations = {
 			"/" = {
-				proxyPass = "http://127.0.0.1:9091";
+				proxyPass = "http://127.0.0.1:${toString authelia_port}";
 
 				extraConfig = ''
 					## Headers
@@ -50,11 +53,11 @@
 			};
 
 			"/api/verify" = {
-				proxyPass = "http://127.0.0.1:9091";
+				proxyPass = "http://127.0.0.1:${toString authelia_port}";
 	    };
 
 	    "/api/authz/" = {
-				proxyPass = "http://127.0.0.1:9091";
+				proxyPass = "http://127.0.0.1:${toString authelia_port}";
 	    };
 		};
 	};
@@ -103,7 +106,7 @@
 
 				server = {
 					host = "127.0.0.1";
-					port = 9091;
+					port = ports.authelia;
 				};
 
 				# we're using a file to store the user information
diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix
new file mode 100644
index 0000000..dc2225c
--- /dev/null
+++ b/nix/hosts/corrino/ports.nix
@@ -0,0 +1,45 @@
+{
+	# 19xx
+	stream_rtmp = 1935;
+	
+	# 20xx
+	initrd_ssh = 2222;
+	photo = 2342;
+
+	# 30xx
+	git = 3000;
+	hydra = 3001;
+	grafana = 3002;
+	md = 3003;
+
+	# 34xx
+	# cs = 3463;
+
+	# 40xx
+	events = 4000;
+	
+
+	# 54xx
+	pgweb = 5432;
+
+	# 80xx
+	stream = 8080;
+	netbox = 8001;
+	# 8002
+	# 8003
+	jupyter = 8004;
+
+	# 83xx
+	ctf = 8338;
+	magic-hash = 8339;
+
+	tickets= 8349;
+	talks = 8350;
+
+	# 90xx
+	authelia = 9091;
+	prometheus_node_exporter = 9002;
+	prometheus = 9003;
+	loki = 9004;
+	promtail = 9005;
+}
diff --git a/nix/hosts/corrino/www/cs.emile.space.nix b/nix/hosts/corrino/www/cs.emile.space.nix
index de4d67e..b095162 100644
--- a/nix/hosts/corrino/www/cs.emile.space.nix
+++ b/nix/hosts/corrino/www/cs.emile.space.nix
@@ -3,16 +3,18 @@
 
 # adapted from https://cs.tvl.fyi/depot/-/blob/ops/modules/sourcegraph.nix
 
-{ ... }:
+{ config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."cs.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:3463";
+        proxyPass = "http://127.0.0.1:${toString ports.cs}";
 
         extraConfig = ''
           location = / {
@@ -37,7 +39,7 @@
     image = "sourcegraph/server:5.1.1";
 
     ports = [
-      "127.0.0.1:3463:7080"
+      "127.0.0.1:${toString ports.cs}:7080"
     ];
 
     volumes = [
diff --git a/nix/hosts/corrino/www/ctf.emile.space.nix b/nix/hosts/corrino/www/ctf.emile.space.nix
index c4de8c5..5c9d49a 100644
--- a/nix/hosts/corrino/www/ctf.emile.space.nix
+++ b/nix/hosts/corrino/www/ctf.emile.space.nix
@@ -1,13 +1,15 @@
 { ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."ctf.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:8338";
+        proxyPass = "http://127.0.0.1:${toString ports.ctf}";
       };
     };
   };
@@ -18,7 +20,7 @@
       "ctfd" = {
         image = "ctfd/ctfd";
         ports = [
-          "8338:8000"
+          "${toString ports.ctf}:8000"
         ];
       };
     };
diff --git a/nix/hosts/corrino/www/events.emile.space.nix b/nix/hosts/corrino/www/events.emile.space.nix
index bb4db38..d7f5d50 100644
--- a/nix/hosts/corrino/www/events.emile.space.nix
+++ b/nix/hosts/corrino/www/events.emile.space.nix
@@ -1,6 +1,8 @@
 { ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."events.emile.space" = {
     forceSSL = true;
     enableACME = true;
@@ -8,7 +10,7 @@
     locations = {
       "/" = {
         extraConfig = ''
-          proxy_pass http://[::1]:4000;
+          proxyPass = "http://[::1]:${toString ports.events}";
         '';
       };
     };
@@ -27,7 +29,7 @@
       settings.":mobilizon" = {
         "Mobilizon.Web.Endpoint" = {
           url.host = "events.emile.space";
-          http.port = 4000;
+          http.port = ports.events;
 
           # The IP address to listen on. Defaults to [::1] notated as a byte
           # tuple.
diff --git a/nix/hosts/corrino/www/git.emile.space.nix b/nix/hosts/corrino/www/git.emile.space.nix
index dceadb6..f05c83d 100644
--- a/nix/hosts/corrino/www/git.emile.space.nix
+++ b/nix/hosts/corrino/www/git.emile.space.nix
@@ -2,6 +2,7 @@
 
 let
   cfg = config.services.gitea;
+  ports = import ../ports.nix;
   authelia-location = ''
     set $upstream_authelia http://127.0.0.1:9091/api/authz/auth-request;
 
@@ -81,7 +82,8 @@ in {
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:3000";
+        # proxyPass = "http://127.0.0.1:3000";
+        proxyPass = "http://127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}";
 
         # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia
         # extraConfig = authelia-authrequest;
@@ -131,6 +133,7 @@ in {
       server = {
         DOMAIN = pkgs.lib.mkForce "git.emile.space";
         ROOT_URL = pkgs.lib.mkForce "https://git.emile.space";
+        HTTP_PORT = ports.git;
 
         #START_SSH_SERVER = true;
         BUILTIN_SSH_SERVER_USER = "git";
diff --git a/nix/hosts/corrino/www/grafana.emile.space.nix b/nix/hosts/corrino/www/grafana.emile.space.nix
index 0f73147..d3e0e2f 100644
--- a/nix/hosts/corrino/www/grafana.emile.space.nix
+++ b/nix/hosts/corrino/www/grafana.emile.space.nix
@@ -1,6 +1,8 @@
 { config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services = {
     nginx.virtualHosts."grafana.emile.space" = {
       addSSL = true;
@@ -16,7 +18,7 @@
       settings = {
         server = {
           http_addr = "127.0.0.1";
-          http_port = 3002;
+          http_port = ports.grafana;
           domain = "grafana.emile.space";
           root_url = "https://grafana.emile.space/";
         };
@@ -47,13 +49,13 @@
     prometheus = {
       enable = true;
       retentionTime = "356d";
-      port = 9003;
+      port = ports.prometheus;
 
       exporters = {
         node = {
           enable = true;
           enabledCollectors = [ "systemd" ];
-          port = 9002;
+          port = ports.prometheus_node_exporter;
         };
       };
       scrapeConfigs = [
@@ -71,7 +73,7 @@
       configuration = {
         auth_enabled = false;
         server = {
-          http_listen_port = 9004;
+          http_listen_port = ports.loki;
         };
 
         limits_config = {
@@ -112,7 +114,7 @@
       enable = true;
       configuration = {
         server = {
-          http_listen_port = 9005;
+          http_listen_port = ports.promtail;
           grpc_listen_port = 0;
         };
         positions.filename = "/tmp/positions.yml";
@@ -214,4 +216,4 @@
       };
     };
   };
-}
\ No newline at end of file
+}
diff --git a/nix/hosts/corrino/www/hydra.emile.space.nix b/nix/hosts/corrino/www/hydra.emile.space.nix
index 2607ac0..1d1fa0a 100644
--- a/nix/hosts/corrino/www/hydra.emile.space.nix
+++ b/nix/hosts/corrino/www/hydra.emile.space.nix
@@ -1,13 +1,15 @@
- { ... }:
+{ config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."hydra.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:3001";
+        proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}";
       };
     };
   };
@@ -22,7 +24,7 @@
     enable = true;
 
     listenHost = "*";
-    port = 3001;
+    port = ports.hydra;
     hydraURL = "https://hydra.emile.space"; # externally visible URL
 
     # Directory that holds Hydra garbage collector roots.
diff --git a/nix/hosts/corrino/www/jupyter.emile.space.nix b/nix/hosts/corrino/www/jupyter.emile.space.nix
index d1d951c..18e56a0 100644
--- a/nix/hosts/corrino/www/jupyter.emile.space.nix
+++ b/nix/hosts/corrino/www/jupyter.emile.space.nix
@@ -1,22 +1,24 @@
-{ pkgs, lib, config, ... }:
+{ pkgs, config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."jupyter.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:8004";
+        proxyPass = "http://127.0.0.1:${toString config.services.jupyter.port}";
       };
     };
   };
 
-  services.jupyter = rec {
+  services.jupyter = {
     enable = true;
 
     ip = "127.0.0.1";
-    port = 8004;
+    port = ports.jupyter;
 
     # ; python3
     # >>> from notebook.auth import passwd
@@ -57,4 +59,4 @@
 
   users.users.jupyter.group = "jupyter";
   users.groups.jupyter = {};
-}
\ No newline at end of file
+}
diff --git a/nix/hosts/corrino/www/magic-hash.emile.space.nix b/nix/hosts/corrino/www/magic-hash.emile.space.nix
index 05446ea..4f57d12 100644
--- a/nix/hosts/corrino/www/magic-hash.emile.space.nix
+++ b/nix/hosts/corrino/www/magic-hash.emile.space.nix
@@ -1,13 +1,15 @@
 { config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."magic-hash.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:8339";
+        proxyPass = "http://127.0.0.1:${toString ports.magic-hash}";
       };
     };
   };
@@ -18,7 +20,7 @@
       "ctfd" = {
         image = "magic-hash";
         ports = [
-          "8338:80"
+          "${toString ports.magic-hash}:80"
         ];
         environment = {
 
diff --git a/nix/hosts/corrino/www/md.emile.space.nix b/nix/hosts/corrino/www/md.emile.space.nix
index 8d9d109..29ddc67 100644
--- a/nix/hosts/corrino/www/md.emile.space.nix
+++ b/nix/hosts/corrino/www/md.emile.space.nix
@@ -1,6 +1,8 @@
 { config, pkgs, ... }:
 
-{
+let
+	ports = import ../ports.nix;
+in {
 	services.nginx.virtualHosts."md.emile.space" = {
 		forceSSL = true;
 		enableACME = true;
@@ -10,7 +12,8 @@
 
 		locations = {
 			"/" = {
-				proxyPass = "http://127.0.0.1:3003";
+				# proxyPass = "http://127.0.0.1:3003";
+        proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
 
 				# TODO(emile): figure out why this doesn't work when enabled, has to do with authelia
 				# extraConfig = authelia-authrequest;
@@ -58,7 +61,7 @@
 
 		settings = {
 			host = "127.0.0.1";
-			port = 3003;
+			port = ports.md;
 
 			domain = "md.emile.space";
 
diff --git a/nix/hosts/corrino/www/netbox.emile.space.nix b/nix/hosts/corrino/www/netbox.emile.space.nix
index a86209c..3f07bf5 100644
--- a/nix/hosts/corrino/www/netbox.emile.space.nix
+++ b/nix/hosts/corrino/www/netbox.emile.space.nix
@@ -1,13 +1,15 @@
 { config, pkgs, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."netbox.emile.space" = {
     forceSSL = true;
     enableACME = true;
     kTLS = true;
 
     locations."/" = {
-      proxyPass = "http://[::1]:8001";
+      proxyPass = "http://[::1]:${toString config.services.netbox.port}";
       proxyWebsockets = true;
     };
     locations."/static/".root = "${config.services.netbox.dataDir}";
@@ -25,7 +27,7 @@
     enableLdap = false;
     settings = {};
     secretKeyFile = config.age.secrets.netbox_secret.path;
-    port = 8001;
+    port = ports.netbox;
     listenAddress = "[::1]";
   };
 
diff --git a/nix/hosts/corrino/www/pgweb.emile.space.nix b/nix/hosts/corrino/www/pgweb.emile.space.nix
index 522a6bf..1ce8063 100644
--- a/nix/hosts/corrino/www/pgweb.emile.space.nix
+++ b/nix/hosts/corrino/www/pgweb.emile.space.nix
@@ -1,13 +1,15 @@
 { pkgs, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."pgweb.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:5432";
+        proxyPass = "http://127.0.0.1:${toString ports.pgweb}";
       };
     };
   };
diff --git a/nix/hosts/corrino/www/photo.emile.space.nix b/nix/hosts/corrino/www/photo.emile.space.nix
index 7f2e9ca..6ebf94d 100644
--- a/nix/hosts/corrino/www/photo.emile.space.nix
+++ b/nix/hosts/corrino/www/photo.emile.space.nix
@@ -1,13 +1,15 @@
 { config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."photo.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:2342";
+        proxyPass = "http://127.0.0.1:${toString config.services.photoprism.port}";
         proxyWebsockets = true;
       };
     };
@@ -17,7 +19,7 @@
     enable = true;
 
     address = "127.0.0.1";
-    port = 2342;
+    port = ports.photo;
 
     passwordFile = config.age.secrets.photoprism_password.path;
 
diff --git a/nix/hosts/corrino/www/stream.emile.space.nix b/nix/hosts/corrino/www/stream.emile.space.nix
index 7340d4f..21ee627 100644
--- a/nix/hosts/corrino/www/stream.emile.space.nix
+++ b/nix/hosts/corrino/www/stream.emile.space.nix
@@ -1,13 +1,15 @@
-{ ... }:
+{ config, ... }:
 
-{
+let
+  ports = import ../ports.nix;
+in {
   services.nginx.virtualHosts."stream.emile.space" = {
     forceSSL = true;
     enableACME = true;
 
     locations = {
       "/" = {
-        proxyPass = "http://127.0.0.1:8080";
+        proxyPass = "http://127.0.0.1:${toString config.services.owncast.port}";
         proxyWebsockets = true;
       };
     };
@@ -18,7 +20,7 @@
     openFirewall = true;
     listen = "0.0.0.0";
     dataDir = "/var/lib/owncast";
-    rtmp-port = 1935;
-    port = 8080; # web interface
+    rtmp-port = ports.stream_rtmp;
+    port = ports.stream; # web interface
   };
 }
diff --git a/nix/hosts/corrino/www/talks.emile.space.nix b/nix/hosts/corrino/www/talks.emile.space.nix
index 4833fa7..80c264e 100644
--- a/nix/hosts/corrino/www/talks.emile.space.nix
+++ b/nix/hosts/corrino/www/talks.emile.space.nix
@@ -1,6 +1,7 @@
 { config, pkgs, ... }:
 
 let
+  ports = import ../ports.nix;
   pretalx_config = pkgs.writeText "/etc/pretalx.cfg" ''
     [filesystem]
     media = /public/media
@@ -42,7 +43,7 @@ in {
     locations = {
       "/" = {
         extraConfig = ''
-          proxy_pass http://127.0.0.1:8350;
+          proxy_pass http://127.0.0.1:${toString ports.talks};
 
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
@@ -61,7 +62,7 @@ in {
     pretalx = {
       image = "pretalx/standalone:latest";
       ports = [
-        "127.0.0.1:8350:80"
+        "127.0.0.1:${toString ports.talks}:80"
       ];
       volumes = [
         "/var/pretalx-data:/data" # {static, media}
diff --git a/nix/hosts/corrino/www/tickets.emile.space.nix b/nix/hosts/corrino/www/tickets.emile.space.nix
index f479263..f7d7b94 100644
--- a/nix/hosts/corrino/www/tickets.emile.space.nix
+++ b/nix/hosts/corrino/www/tickets.emile.space.nix
@@ -6,8 +6,7 @@
 # times... sorry
 
 let
-  # pretix_config = config.age.secrets.pretix.path;
-
+  ports = import ../ports.nix;
   pretix_config = pkgs.writeText "pretix.cfg" ''
     [pretix]
     instance_name=tickets.emile.space
@@ -57,7 +56,7 @@ in {
     locations = {
       "/" = {
         extraConfig = ''
-          proxy_pass http://127.0.0.1:8349;
+          proxy_pass http://127.0.0.1:${toString ports.tickets};
 
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
@@ -70,7 +69,7 @@ in {
     pretix = {
       image = "pretix/standalone:stable";
       ports = [
-        "127.0.0.1:8349:80"
+        "127.0.0.1:${toString ports.tickets}:80"
       ];
       volumes = [
         "/var/pretix-data:/data"
@@ -116,5 +115,4 @@ in {
   # services.redis.settings.unixsocketperm = "770";
 
   # trace: warning: The option `services.redis.settings' defined in `/nix/store/ib5271hcbjqrxb0yrmrjcypvpacmnp2s-source/ops/modules/www/tickets.emile.space.nix' has been renamed to `services.redis.servers."".settings'.
-
 }