xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use custom local subdomains for prometheus and adguard webui

Browse source
This commit is contained in:
xunuwu 2025-04-21 23:03:58 +02:00
parent fb2b347ec0
commit dababfe6ee
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
4 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
sys/machines/hopper/lab/caddy.nix
View file

@ -43,6 +43,18 @@ in {
reverse_proxy localhost:${toString config.services.slskd.settings.web.port} reverse_proxy localhost:${toString config.services.slskd.settings.web.port}
''; '';
}; };
prometheus = {
hostName = "prometheus.hopper.xun.host:80";
extraConfig = ''
reverse_proxy ${config.vpnNamespaces."wg".bridgeAddress}:${toString config.services.prometheus.port}
'';
};
adguard = {
hostName = "adguard.hopper.xun.host:80";
extraConfig = ''
reverse_proxy ${config.vpnNamespaces."wg".bridgeAddress}:${toString config.services.adguardhome.port}
'';
};
transmission = { transmission = {
hostName = "transmission.hopper.xun.host:80"; hostName = "transmission.hopper.xun.host:80";
extraConfig = '' extraConfig = ''

4
sys/machines/hopper/lab/homepage.nix
View file

@ -60,13 +60,13 @@ in {
} }
{ {
"adguard home" = { "adguard home" = {
href = "http://${config.networking.hostName}:${toString config.services.adguardhome.port}"; href = "http://adguard.hopper.xun.host";
icon = "adguard-home"; icon = "adguard-home";
}; };
} }
{ {
"prometheus" = { "prometheus" = {
href = "http://${config.networking.hostName}:${toString config.services.prometheus.port}"; href = "http://prometheus.hopper.xun.host";
icon = "prometheus"; icon = "prometheus";
}; };
} }

2
sys/machines/hopper/lab/prometheus.nix
View file

@ -23,7 +23,7 @@
{ {
job_name = "caddy"; job_name = "caddy";
static_configs = lib.singleton { static_configs = lib.singleton {
targets = ["192.168.15.1:2019"]; targets = ["${config.vpnNamespaces."wg".namespaceAddress}:2019"];
}; };
} }
]; ];

16
sys/machines/hopper/lab/vpn-namespace.nix
View file

@ -3,6 +3,22 @@
lib, lib,
... ...
}: { }: {
networking.firewall = let
allowTcpFromVPNToDefaultPorts = [
config.services.prometheus.port
config.services.adguardhome.port
];
in {
extraCommands = builtins.concatStringsSep "\n" (map
(port: "iptables -A nixos-fw -p tcp -s ${config.vpnNamespaces."wg".namespaceAddress} --dport ${toString port} -j nixos-fw-accept")
allowTcpFromVPNToDefaultPorts);
extraStopCommands = builtins.concatStringsSep "\n" (
map
(port: "iptables -D nixos-fw -p tcp -s ${config.vpnNamespaces."wg".namespaceAddress} --dport ${toString port} -j nixos-fw-accept || true")
allowTcpFromVPNToDefaultPorts
);
};
vpnNamespaces."wg" = { vpnNamespaces."wg" = {
enable = true; enable = true;
wireguardConfigFile = config.sops.secrets.wireguard.path; wireguardConfigFile = config.sops.secrets.wireguard.path;