m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added ports module from m3ta-nixpkgs / prep for rewrite

Browse Source
This commit is contained in:
m3tam3re
2025-10-05 12:24:27 +02:00
parent 6cd1fdd651
commit dea4ca9377
18 changed files with 111 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/common/default.nix
View File

@@ -8,6 +8,7 @@
}: {
imports = [
./extraServices
./ports.nix
./users
inputs.home-manager.nixosModules.home-manager
];

72
hosts/common/ports.nix Normal file
View File

@@ -0,0 +1,72 @@
{config, ...}: {
m3ta.ports = {
enable = true;
definitions = {
# System services
ssh = 22;
# Web & proxy services
traefik = 80;
traefik-ssl = 443;
# Databases
postgres = 5432;
mysql = 3306;
redis = 6379;
# VPN & networking
wireguard = 51820;
tailscale = 41641;
headscale = 3009;
# Containers & web apps
gitea = 3030;
baserow = 3001;
ghost = 3002;
wastebin = 3003;
littlelink = 3004;
searx = 3005;
restreamer = 3006;
paperless = 3012;
vaultwarden = 3013;
slash = 3010;
slash-nemoti = 3016;
kestra = 3018;
outline = 3019;
pangolin = 3020;
pangolin-api = 3021;
pangolin-ws = 3022;
# Home automation
homarr = 7575;
# DNS
adguardhome = 53;
};
hostOverrides = {
# Host-specific overrides
m3-ares = {
# Any custom port overrides for m3-ares
};
m3-atlas = {
# Any custom port overrides for m3-atlas
};
m3-helios = {
# Any custom port overrides for m3-helios
};
m3-kratos = {
# Any custom port overrides for m3-kratos
};
};
};
environment.etc."info/all-ports.json" = {
text = builtins.toJSON {
hostname = config.networking.hostName;
ports = config.m3ta.ports.all; # TODO should only return actually used ports
};
};
}

5
hosts/m3-ares/services/postgres.nix
View File

@@ -1,4 +1,7 @@
{pkgs, ...}: {
{
pkgs,
...
}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_17;

4
hosts/m3-ares/services/sound.nix
View File

@@ -1,6 +1,4 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
];
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;

4
hosts/m3-atlas/services/containers/baserow.nix
View File

@@ -2,7 +2,7 @@
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.34.2";
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["127.0.0.1:3001:80"];
ports = ["127.0.0.1:${toString (config.m3ta.ports.get "baserow")}:80"];
volumes = ["baserow_data:/baserow/data"];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
};
@@ -10,7 +10,7 @@
services.traefik.dynamicConfigOptions.http = {
services.baserow.loadBalancer.servers = [
{
url = "http://localhost:3001/";
url = "http://localhost:${toString (config.m3ta.ports.get "baserow")}/";
}
];

4
hosts/m3-atlas/services/containers/restreamer.nix
View File

@@ -4,7 +4,7 @@
environmentFiles = [config.age.secrets.restreamer-env.path];
# Modified ports to include RTMPS
ports = [
"127.0.0.1:3006:8080" # Web UI
"127.0.0.1:${toString (config.m3ta.ports.get "restreamer")}:8080" # Web UI
"127.0.0.1:1936:1935" # RTMP
];
volumes = [
@@ -20,7 +20,7 @@
http = {
services.restreamer.loadBalancer.servers = [
{
url = "http://localhost:3006/";
url = "http://localhost:${toString (config.m3ta.ports.get "restreamer")}/";
}
];

6
hosts/m3-atlas/services/gitea.nix
View File

@@ -1,10 +1,10 @@
{
{config, ...}: {
services.gitea = {
enable = true;
settings = {
server = {
ROOT_URL = "https://code.m3ta.dev";
HTTP_PORT = 3030;
HTTP_PORT = config.m3ta.ports.get "gitea";
};
mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
service.DISABLE_REGISTRATION = true;
@@ -21,7 +21,7 @@
services.traefik.dynamicConfigOptions.http = {
services.gitea.loadBalancer.servers = [
{
url = "http://localhost:3030/";
url = "http://localhost:${toString (config.m3ta.ports.get "gitea")}/";
}
];

6
hosts/m3-atlas/services/paperless.nix
View File

@@ -1,13 +1,13 @@
{config, ...}: {
services.paperless = {
enable = true;
port = 3012;
port = config.m3ta.ports.get "paperless";
database.createLocally = true;
passwordFile = config.age.secrets.paperless-key.path;
configureTika = true;
settings = {
PAPERLESS_URL = "https://pl.m3ta.dev";
DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:5432/paperless";
DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:${toString (config.m3ta.ports.get "postgres")}/paperless";
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
@@ -25,7 +25,7 @@
services.traefik.dynamicConfigOptions.http = {
services.paperless.loadBalancer.servers = [
{
url = "http://localhost:3012/";
url = "http://localhost:${toString (config.m3ta.ports.get "paperless")}/";
}
];
routers.paperless = {

10
hosts/m3-atlas/services/postgres.nix
View File

@@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
config,
...
}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
@@ -36,8 +40,8 @@
};
networking.firewall = {
extraCommands = ''
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp -s 127.0.0.1 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT
iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT
'';
};
}

8
hosts/m3-helios/services/adguard.nix
View File

@@ -1,10 +1,10 @@
{
{config, ...}: {
services.adguardhome = {
enable = true;
openFirewall = true;
settings = {
dns = {
port = 53;
port = config.m3ta.ports.get "adguardhome";
upstream_dns = [
"1.1.1.1"
"8.8.8.8"
@@ -20,6 +20,6 @@
};
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
networking.firewall.allowedTCPPorts = [(config.m3ta.ports.get "adguardhome")];
networking.firewall.allowedUDPPorts = [(config.m3ta.ports.get "adguardhome")];
}