From 98b6f4154700589d93df6415378886039a6d80b1 Mon Sep 17 00:00:00 2001 From: blaknull Date: Sun, 27 Oct 2024 01:12:10 -0500 Subject: [PATCH] traefik and gitlab dont work --- flake.lock | 58 ++++++++-- .../configuration/homebox/default.nix | 59 +++++++--- .../services/containers/gitlab/default.nix | 15 ++- .../services/containers/traefik/default.nix | 103 ++++++++++++++++-- system-config/services/default.nix | 2 +- 5 files changed, 198 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 3a5d7b8..da4f5f8 100644 --- a/flake.lock +++ b/flake.lock @@ -1161,11 +1161,11 @@ "locked": { "lastModified": 0, "narHash": "sha256-vhkyPcraN1gHPR50nUBwPGMdGP1p20/3n4i8uAuragY=", - "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/home-manager", + "path": "/nix/store/lrsmj060ljm23wc76633xbplar1hly3h-source/home-manager", "type": "path" }, "original": { - "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/home-manager", + "path": "/nix/store/lrsmj060ljm23wc76633xbplar1hly3h-source/home-manager", "type": "path" } }, @@ -1272,6 +1272,22 @@ } }, "nixpkgs-stable_2": { + "locked": { + "lastModified": 1729357638, + "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_3": { "locked": { "lastModified": 1720386169, "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", @@ -1688,7 +1704,7 @@ "hyprland", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1728778939, @@ -1730,11 +1746,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=", - "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/programs", + "path": "/nix/store/kkxrpkxcbs8fngdrlmm4hcrxy1cq17w2-source/programs", "type": "path" }, "original": { - "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/programs", + "path": "/nix/store/kkxrpkxcbs8fngdrlmm4hcrxy1cq17w2-source/programs", "type": "path" } }, @@ -1793,6 +1809,7 @@ "nathan": "nathan", "nixpkgs": "nixpkgs_9", "nixvim": "nixvim_3", + "sops-nix": "sops-nix", "system": "system" } }, @@ -1815,14 +1832,35 @@ "locked": { "lastModified": 1, "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", - "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/services/sddm", + "path": "/nix/store/kkxrpkxcbs8fngdrlmm4hcrxy1cq17w2-source/services/sddm", "type": "path" }, "original": { - "path": "/nix/store/5nl92vargx6kx6dikxpfwdr5v0kpvm50-source/services/sddm", + "path": "/nix/store/kkxrpkxcbs8fngdrlmm4hcrxy1cq17w2-source/services/sddm", "type": "path" } }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1729931925, + "narHash": "sha256-3tjYImjVzsSM4sU+wTySF94Yop1spI/XomMBEpljKvQ=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "b2211d1a537136cc1d0d5c0af391e8712016b34e", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "spicetify-ext": { "flake": false, "locked": { @@ -1865,12 +1903,12 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-M4cP5Czkn09N4ckf5hZJ6Oq4ZAP7rp6E0zUjIPrQEMA=", - "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/system-config", + "narHash": "sha256-/D17aRAD/fn6SBS9l3RJln+kTINI8DljIih0qc6Kdh4=", + "path": "/nix/store/lrsmj060ljm23wc76633xbplar1hly3h-source/system-config", "type": "path" }, "original": { - "path": "/nix/store/nlgbyrj29hzjkm7f15v4k6pzm0zwcw9a-source/system-config", + "path": "/nix/store/lrsmj060ljm23wc76633xbplar1hly3h-source/system-config", "type": "path" } }, diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix index f8538a6..88adea4 100644 --- a/system-config/configuration/homebox/default.nix +++ b/system-config/configuration/homebox/default.nix @@ -52,18 +52,6 @@ displayManager.enable = true; }; - sysconfig = { - opts = { - sddm.enable = true; - openssh.enable = true; - pipewire.enable = true; - ags.enable = true; - hyprland.enable = true; - git.enable = true; - nh.enable = true; - steam.enable = false; - }; - }; environment.sessionVariables = { WLR_BACKENDS = "headless"; @@ -98,7 +86,16 @@ hostName = "homebox"; nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; networkmanager.enable = true; - firewall.allowedTCPPorts = [ 22 80 443 9080 9443 ]; + firewall.allowedTCPPorts = [ 22 80 443 9080 9443 8080 ]; + hosts = { + "127.0.0.1" = [ "blunkall.us" "www.blunkall.us" ]; + }; + nftables = {}; + nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "enp6s0"; + }; }; system.stateVersion = "23.05"; # Did you read the comment? @@ -112,9 +109,12 @@ ]; }; - nix.settings = { - experimental-features = [ "nix-command" "flakes" ]; - }; + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; + }; boot.initrd.postDeviceCommands = lib.mkAfter '' mkdir /btrfs_tmp @@ -188,6 +188,33 @@ }; }; + sysconfig = { + opts = { + + sddm.enable = true; + + openssh.enable = true; + + pipewire.enable = true; + + ags.enable = true; + + hyprland.enable = true; + + git.enable = true; + + nh.enable = true; + + steam.enable = false; + + virtualization = { + + traefik.enable = false; + + gitlab.enable = false; + }; + }; + }; fonts.packages = with pkgs; [ nerdfonts ]; diff --git a/system-config/services/containers/gitlab/default.nix b/system-config/services/containers/gitlab/default.nix index 8d0e402..9b73738 100644 --- a/system-config/services/containers/gitlab/default.nix +++ b/system-config/services/containers/gitlab/default.nix @@ -7,12 +7,18 @@ config = lib.mkIf config.sysconfig.opts.virtualization.gitlab.enable { - virtualisation.containers.gitlab = { + containers.gitlab = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; + localAddress = "192.168.100.12"; + bindMounts = { + "/root/data" = { + hostPath = "/ssd1/Gitlab/data"; + isReadOnly = false; + }; + }; config = { services.gitlab = { @@ -27,6 +33,11 @@ }; }; + + + networking.firewall.allowedTCPPorts = [ 22 80 ]; + + system.stateVersion = "24.05"; }; }; }; diff --git a/system-config/services/containers/traefik/default.nix b/system-config/services/containers/traefik/default.nix index b106bac..9f62409 100644 --- a/system-config/services/containers/traefik/default.nix +++ b/system-config/services/containers/traefik/default.nix @@ -7,20 +7,103 @@ config = lib.mkIf config.sysconfig.opts.virtualization.traefik.enable { - services.traefik = { + containers.traefik = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + forwardPorts = [ + { + containerPort = 80; + hostPort = 80; + } + { + containerPort = 443; + hostPort = 443; + } + { + containerPort = 9080; + hostPort = 9080; + } + { + containerPort = 9443; + hostPort = 9443; + } + { + containerPort = 8080; + hostPort = 8080; + } + ]; - enable = true; - - staticConfigOpts = { - entryPoints = { - web = {}; - websecure = {}; - log = {}; - certificatesResolvers + bindMounts = { + "/root/data" = { + hostPath = "/ssd1/Traefik/data"; + isReadOnly = false; }; }; - dynamicConfigOpts = {}; + config = { + + services.traefik = { + + enable = true; + + dataDir = "/root/data"; + + staticConfigOptions = { + api = { + dashboard = true; + + }; + entryPoints = { + local = { + address = ":80"; + http.redirections.entryPoint = { + to = "localsecure"; + scheme = "https"; + }; + }; + localsecure = { + address = ":443"; + }; + web = { + address = ":9080"; + http.redirections.entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + websecure = { + address = ":9443"; + asDefault = true; + http.tls.certResolver = "letsencrypt"; + }; + log = { + level = "INFO"; + filePath = "${config.services.traefik.dataDir}/traefik.log"; + format = "json"; + }; + certificatesResolvers.cloudflare.acme = { + email = "nathanblunkall5@gmail.com"; + storage = "${config.services.traefik.dataDir}/acme.json"; +#httpChallenge.entryPoint = "web"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ "1.1.1.1:53" "1.0.0.1:53" ]; +#disablePropagationCheck = true; + }; + }; + }; + }; + + dynamicConfigOptions = {}; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 9080 9443 8080]; + + system.stateVersion = "24.05"; + }; }; }; } diff --git a/system-config/services/default.nix b/system-config/services/default.nix index ea512f9..e260988 100644 --- a/system-config/services/default.nix +++ b/system-config/services/default.nix @@ -4,6 +4,6 @@ ./ollama ./openssh ./pipewire -# ./containers + ./containers ]; }