diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index 7e12414..1fa6e13 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -21,26 +21,45 @@ ]; networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 8384 22000]; + allowedTCPPorts = [ 8384 22000]; allowedUDPPortRanges = [ { from = 4000; to = 4007; } { from = 8000; to = 8010; } ]; }; + +services.k3s = { + enable = true; + role = "server"; + token = "supersupersecretkey"; + extraFlags = toString ([ + "--write-kubeconfig-mode \"0644\"" + "--cluster-init" + "--disable local-storage" + "--disable traefik" + ]); + clusterInit = true; + }; + + services.openiscsi = { + enable = true; + name = "iqn.2016-04.com.open-iscsi:desktop"; + }; + networking.firewall.allowedUDPPorts = [ 22000 21027 ]; services = { openssh = { enable = true; - ports = [55502]; + # ports = [55502]; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; X11Forwarding = true; }; extraConfig = '' - AllowUsers fw ios + AllowUsers fw ios jw ''; }; syncthing = { diff --git a/shared/nginx.nix b/shared/nginx.nix index 5c7cba0..6e60cba 100644 --- a/shared/nginx.nix +++ b/shared/nginx.nix @@ -15,167 +15,234 @@ recommendedTlsSettings = true; virtualHosts = { - "wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8081"; - proxyWebsockets = true; - }; - }; - "pico.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:6976"; - proxyWebsockets = true; - }; - }; - "budget.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8098"; - proxyWebsockets = true; - }; - }; - "bilder.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:2283"; - proxyWebsockets = true; - }; - }; - "git.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://192.168.16.1:3000"; - proxyWebsockets = true; - }; - }; - "cal.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:5232"; - proxyWebsockets = true; - }; - }; - "pass.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.24.0.1:9445"; - proxyWebsockets = true; - }; - }; - "home.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8081"; - proxyWebsockets = true; - }; - }; - "drive.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:3001"; - proxyWebsockets = true; - }; - }; - - "sandbox.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:3001"; - proxyWebsockets = true; - }; - }; - "files.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8380"; - proxyWebsockets = true; - }; - }; - "text.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:7000"; - proxyWebsockets = true; - }; - }; - "docs.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8000"; - proxyWebsockets = true; - }; - }; - "carpool.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8080"; - proxyWebsockets = true; - }; - }; - "search.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:40080"; - proxyWebsockets = true; - }; - }; - "latex.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:3080"; - proxyWebsockets = true; - }; - }; - "yt.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + "brfmidgard.se" = { + sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem"; + sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem"; forceSSL = true; locations."/" = { - proxyPass = "http://localhost:40000"; - proxyWebsockets = true; + proxyPass = "http://172.17.0.1:8005"; + proxyWebsockets = true; }; }; - "talk.wastring.com" = { + # "pass.brfmidgard.se" = { + # sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem"; + # sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:21456"; + # proxyWebsockets = true; + # }; + # }; + # "drive.brfmidgard.se" = { + # sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem"; + # sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.16.57.1:13001"; + # proxyWebsockets = true; + # }; + # }; + # "sandbox.brfmidgard.se" = { + # forceSSL = true; + # sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem"; + # sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem"; + # locations."/" = { + # proxyPass = "http://172.16.57.1:13001"; + # proxyWebsockets = true; + # }; + # }; + # "todo.brfmidgard.se" = { + # forceSSL = true; + # sslCertificateKey = "/etc/letsencrypt/archive/brfmidgard.se/privkey1.pem"; + # sslCertificate = "/etc/letsencrypt/archive/brfmidgard.se/fullchain1.pem"; + # locations."/" = { + # proxyPass = "http://172.17.0.1:13456"; + # proxyWebsockets = true; + # }; + # }; + "wastring.com" = { sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; forceSSL = true; locations."/" = { - proxyPass = "http://localhost:9000"; - proxyWebsockets = true; + proxyPass = "http://172.17.0.1:8003"; + proxyWebsockets = true; + }; + }; + "calibre.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8880"; + proxyWebsockets = true; + }; + }; + "download.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:28000"; + proxyWebsockets = true; + }; + }; + "books.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8083"; + proxyWebsockets = true; + }; + }; + "rss.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.16.59.1:18080"; + proxyWebsockets = true; + }; + }; + "shop.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8980"; + proxyWebsockets = true; + }; + }; + "todo.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.16.58.1:3456"; + proxyWebsockets = true; + }; + }; + "secret.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:3004"; + proxyWebsockets = true; + }; + }; + "budget.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8098"; + proxyWebsockets = true; + }; + }; + "bilder.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:2283"; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + "git.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://192.168.16.1:3000"; + proxyWebsockets = true; + }; + }; + "cal.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:5232"; + proxyWebsockets = true; + }; + }; + "pass.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.24.0.1:9445"; + proxyWebsockets = true; + }; + }; + "home.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + # proxyPass = "http://172.17.0.1:8081"; + proxyPass = "http://172.17.0.1:38080"; + proxyWebsockets = true; + }; + }; + "drive.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:3001"; + proxyWebsockets = true; + }; + }; + + "sandbox.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:3001"; + proxyWebsockets = true; + }; + }; + "files.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8380"; + proxyWebsockets = true; + }; + }; + "docs.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8000"; + proxyWebsockets = true; + }; + }; + "search.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:40080"; + proxyWebsockets = true; + }; + }; + "latex.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:3080"; + proxyWebsockets = true; }; }; "soulseek.wastring.com" = { @@ -183,8 +250,8 @@ sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; forceSSL = true; locations."/" = { - proxyPass = "http://localhost:5030"; - proxyWebsockets = true; + proxyPass = "http://localhost:5030"; + proxyWebsockets = true; }; }; "board.wastring.com" = { @@ -192,17 +259,62 @@ sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; forceSSL = true; locations."/" = { - proxyPass = "http://localhost:8038"; - proxyWebsockets = true; + proxyPass = "http://localhost:8038"; + proxyWebsockets = true; }; }; - "ha.wastring.com" = { + "status.wastring.com" = { sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; forceSSL = true; locations."/" = { - proxyPass = "http://172.17.0.1:8123"; - proxyWebsockets = true; + proxyPass = "http://172.17.0.1:3008"; + proxyWebsockets = true; + }; + }; + "music.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:4747"; + proxyWebsockets = true; + }; + }; + "wedding.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:8002"; + proxyWebsockets = true; + }; + }; + "message.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://172.17.0.1:2203"; + proxyWebsockets = true; + }; + }; + "filmer.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://192.168.80.1:8096"; + proxyWebsockets = true; + }; + }; + "kube.wastring.com" = { + sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + forceSSL = true; + locations."/" = { + proxyPass = "http://192.168.1.100"; + proxyWebsockets = true; }; }; };