ciapa
/
infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Finish up first gen of c3moc config

This commit is contained in:
Ciapa 2024-06-08 11:19:02 +02:00
parent 18198b5d00
commit e15a8bb3eb
1 changed files with 100 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
hosts/phoenix.lewd.wtf/c3moc.nix
View File

@ -17,6 +17,10 @@ in {
device = "/mnt/zbigdata/media"; device = "/mnt/zbigdata/media";
options = [ "bind" ]; options = [ "bind" ];
}; };
"/export/c3moc/games" = lib.mkIf cfg.switchNfs {
device = "/mnt/zbigdata/games";
options = [ "bind" ];
};
"/export/c3moc/dropfolder" = lib.mkIf cfg.switchNfs { "/export/c3moc/dropfolder" = lib.mkIf cfg.switchNfs {
device = "/mnt/zbigdata/c3moc_dropfolder"; device = "/mnt/zbigdata/c3moc_dropfolder";
options = [ "bind" ]; options = [ "bind" ];
@ -27,13 +31,19 @@ in {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "192.168.69.1"; hostAddress = "192.168.69.1";
hostAddress6 = "aa69::1";
localAddress = "192.168.69.10"; localAddress = "192.168.69.10";
localAddress6 = "aa69::69";
bindMounts = { bindMounts = {
"/home/c3moc/media" = { "/home/c3moc/media" = {
hostPath = "/mnt/zbigdata/media"; hostPath = "/mnt/zbigdata/media";
isReadOnly = true; isReadOnly = true;
}; };
"/home/c3moc/games" = {
hostPath = "/mnt/zbigdata/games";
isReadOnly = true;
};
"/home/c3moc/dropfolder" = { "/home/c3moc/dropfolder" = {
hostPath = "/mnt/zbigdata/c3moc_dropfolder"; hostPath = "/mnt/zbigdata/c3moc_dropfolder";
isReadOnly = false; isReadOnly = false;
@ -125,6 +135,8 @@ in {
services.nfs.server.exports = mkIf cfg.switchNfs '' services.nfs.server.exports = mkIf cfg.switchNfs ''
/export (ro,fsid=0,no_subtree_check) /export (ro,fsid=0,no_subtree_check)
/export/c3moc (ro,nohide,insecure,no_subtree_check) /export/c3moc (ro,nohide,insecure,no_subtree_check)
/export/c3moc/games (ro,nohide,insecure,no_subtree_check)
/export/c3moc/media (ro,nohide,insecure,no_subtree_check)
/export/c3moc/dropfolder (rw,nohide,insecure,no_subtree_check) /export/c3moc/dropfolder (rw,nohide,insecure,no_subtree_check)
''; '';
@ -167,8 +179,91 @@ in {
proto = "tcp"; proto = "tcp";
sourcePort = 445; sourcePort = 445;
} }
# FTP
{
destination = "aa69::69:20";
proto = "tcp";
sourcePort = 20;
}
{
destination = "aa69::69:21";
proto = "tcp";
sourcePort = 21;
}
# SFTP
{
destination = "aa69::69:22";
proto = "tcp";
sourcePort = 22;
}
# SMB
{
destination = "aa69::69:137";
proto = "udp";
sourcePort = 137;
}
{
destination = "aa69::69:138";
proto = "udp";
sourcePort = 138;
}
{
destination = "aa69::69:139";
proto = "tcp";
sourcePort = 139;
}
{
destination = "aa69::69:445";
proto = "tcp";
sourcePort = 445;
}
]; ];
# Monitoring Stuff
services.prometheus.exporters.node = {
enable = true;
port = 9100;
enabledCollectors = [
"logind"
"systemd"
];
disabledCollectors = [
"textfile"
];
};
services.prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
];
};
services.grafana = {
enable = true;
settings = {
server = {
# Listening Address
http_addr = "127.0.0.1";
# and Port
http_port = 3000;
# Grafana needs to know on which domain and URL it's running
domain = "gpn22.c3moc.lol";
root_url = "https://gpn22.c3moc.lol/stats/"; # Not needed if it is `https://your.domain/`
serve_from_sub_path = true;
};
"auth.anonymous" = {
enabled = true;
org_name = "Public";
};
};
};
# Nginx Stuff # Nginx Stuff
services.nginx = { services.nginx = {
virtualHosts."gpn22.c3moc.lol" = { virtualHosts."gpn22.c3moc.lol" = {
@ -219,6 +314,11 @@ in {
proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Host $http_host;
''; '';
}; };
"/stats/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
}; };
}; };
}; };