diff --git a/modules/features/authentik.nix b/modules/features/authentik.nix index 4ea4ea6..8c4218b 100644 --- a/modules/features/authentik.nix +++ b/modules/features/authentik.nix @@ -16,12 +16,6 @@ config = { - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; - }; - sops.secrets = { "authentik/pass" = {}; "authentik/secret_key" = {}; @@ -108,7 +102,7 @@ "/etc/Authentik/data:/data:rw" ]; ports = [ - "${builtins.toString hostPort}:9000/tcp" + "127.0.0.1:${builtins.toString hostPort}:9000/tcp" #"9443:9443/tcp" ]; cmd = [ "server" ]; diff --git a/modules/features/gitea.nix b/modules/features/gitea.nix index 08a190b..835ffc8 100644 --- a/modules/features/gitea.nix +++ b/modules/features/gitea.nix @@ -1,120 +1,5 @@ { ... }: { - flake.nixosModules.gitea = { config, lib, ... }: { - - config = { - - networking = { - nat.internalInterfaces = [ "ve-gitea" ]; - }; - - sops.secrets = { - "gitea/dbpass" = {}; - }; - - containers.gitea = { - - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.20"; - - bindMounts = { - "/etc/gitea/data" = { - hostPath = "/ssd1/Gitea/data"; - isReadOnly = false; - }; - }; - - extraFlags = [ - "--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}" - ]; - - config = { - - systemd.services.secrets_setup = { - wantedBy = [ "gitea.service" ]; - - serviceConfig = { - LoadCredential = [ - "dbpass" - ]; - }; - - script = '' - cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass - chown gitea:gitea /etc/gitea/* - ''; - }; - - services.gitea = { - enable = true; - - stateDir = "/etc/gitea/data"; - - dump.enable = false; - - appName = "Gitea"; - - settings = { - server = { - DOMAIN = "gitea.esotericbytes.com"; - HTTP_PORT = 3000; - ROOT_URL = "https://gitea.esotericbytes.com/"; - }; - service = { - DISABLE_REGISTRATION = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - REQUIRE_SIGNIN_VIEW = false; - }; - oauth2_client = { - ENABLE_AUTO_REGISTRATION = true; - }; - session.COOKIE_SECURE = true; - - cron = { - ENABLED = true; - RUN_AT_START = true; - }; - - repository = { - DEFAULT_BRANCH = "master"; - }; - - migrations = { - ALLOWED_DOMAINS = "*"; - ALLOW_LOCALNETWORKS = true; - SKIP_TLS_VERIFY = true; - BLOCKED_DOMAINS = ""; - }; - }; - - database = { - passwordFile = "/etc/gitea/dbpass"; - type = "postgres"; - }; - - }; - - services.openssh = { - enable = true; - openFirewall = true; - settings = { - PermitRootLogin = lib.mkForce "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - ports = [ 2222 ]; - }; - - networking.firewall.allowedTCPPorts = [ 3000 ]; - - system.stateVersion = "24.11"; - }; - }; - }; - }; - flake.nixosModules.gitea-docker = { config, lib, pkgs, ... }: let subdomain = "gitea"; @@ -175,9 +60,6 @@ "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22"; }; - ports = [ - ]; - extraOptions = [ "--ip=192.168.101.25" ]; @@ -207,12 +89,6 @@ "docker-main" ]; - labels = { - }; - - ports = [ - ]; - extraOptions = [ "--ip=192.168.101.26" ]; diff --git a/modules/features/home-assistant/home-assistant.nix b/modules/features/home-assistant/home-assistant.nix index 58832b2..44f4c98 100644 --- a/modules/features/home-assistant/home-assistant.nix +++ b/modules/features/home-assistant/home-assistant.nix @@ -48,9 +48,6 @@ "--ip=192.168.101.13" ]; - ports = [ - ]; - volumes = [ "vol_home-assistant:/config/" "/etc/home-assistant/configuration.yaml:/config/configuration.yaml" diff --git a/modules/features/jellyfin.nix b/modules/features/jellyfin.nix index 4d44dab..ae31942 100644 --- a/modules/features/jellyfin.nix +++ b/modules/features/jellyfin.nix @@ -15,8 +15,6 @@ config = { - networking.firewall.allowedUDPPorts = [ 7359 ]; - virtualisation.oci-containers.containers.jellyfin = { image = "jellyfin/jellyfin:10.11.6"; @@ -29,10 +27,6 @@ "docker-main" ]; - ports = [ - "7359:7359/udp" - ]; - volumes = [ "vol_jellyfin-config:/config" "vol_jellyfin-cache:/cache" diff --git a/modules/features/n8n.nix b/modules/features/n8n.nix index ffc782d..8484ad3 100644 --- a/modules/features/n8n.nix +++ b/modules/features/n8n.nix @@ -38,9 +38,6 @@ "traefik.http.services.${name}.loadbalancer.server.port" = "5678"; }; - ports = [ - ]; - extraOptions = [ "--ip=192.168.101.14" ]; diff --git a/modules/features/nginx.nix b/modules/features/nginx.nix index 540e799..018a5d3 100644 --- a/modules/features/nginx.nix +++ b/modules/features/nginx.nix @@ -26,9 +26,6 @@ "docker-main" ]; - ports = [ - ]; - volumes = [ "/ssd1/esotericbytes-com/data:/var/www/data" "/etc/nginx/nginx.conf:/etc/nginx/nginx.conf" diff --git a/modules/features/ollama.nix b/modules/features/ollama.nix index 5e7706f..0b89718 100644 --- a/modules/features/ollama.nix +++ b/modules/features/ollama.nix @@ -40,16 +40,6 @@ ollama ]; - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; - - "ve-openwebui" = { - allowedTCPPorts = [ hostPort ]; - }; - }; - virtualisation.oci-containers.containers.ollama = { image = "ollama/ollama:latest"; @@ -63,7 +53,7 @@ ]; ports = [ - "${builtins.toString hostPort}:11434" + "127.0.0.1:${builtins.toString hostPort}:11434" ]; volumes = [ diff --git a/modules/features/openwebui.nix b/modules/features/openwebui.nix index c812418..ceef7ba 100644 --- a/modules/features/openwebui.nix +++ b/modules/features/openwebui.nix @@ -27,10 +27,6 @@ "docker-main" ]; - /*ports = [ - "${builtins.toString hostPort}:8080" - ];*/ - volumes = [ "vol_openwebui:/app/backend/data" ]; diff --git a/modules/features/pihole.nix b/modules/features/pihole.nix index 56ccbf2..766127c 100644 --- a/modules/features/pihole.nix +++ b/modules/features/pihole.nix @@ -32,12 +32,6 @@ mode = "0664"; }; - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; - }; - virtualisation.oci-containers.containers.pihole = { image = "pihole/pihole:latest"; @@ -66,9 +60,9 @@ ]; ports = [ - "${builtins.toString hostPort}:80" - "127.0.0.1:53:53/tcp" - "127.0.0.1:53:53/udp" + "127.0.0.1:${builtins.toString hostPort}:80" + "127.0.0.1:53:53/tcp" + "127.0.0.1:53:53/udp" ]; volumes = [ diff --git a/modules/features/portainer.nix b/modules/features/portainer.nix index e83e3d1..6d8944e 100644 --- a/modules/features/portainer.nix +++ b/modules/features/portainer.nix @@ -17,12 +17,6 @@ config = { - networking.firewall.interfaces = { - "ve-traefik" = { - allowedTCPPorts = [ hostPort ]; - }; - }; - virtualisation.oci-containers.containers.portainer = { image = "portainer/portainer-ce:latest"; @@ -48,7 +42,7 @@ ports = [ "127.0.0.1:8000:8000" - "${builtins.toString hostPort}:9000" + "127.0.0.1:${builtins.toString hostPort}:9000" ]; extraOptions = [ diff --git a/modules/features/searxng/searxng.nix b/modules/features/searxng/searxng.nix index 9c56d64..8aadef4 100644 --- a/modules/features/searxng/searxng.nix +++ b/modules/features/searxng/searxng.nix @@ -40,9 +40,6 @@ "traefik.http.services.${name}.loadbalancer.server.port" = "8080"; }; - ports = [ - ]; - extraOptions = [ "--ip=192.168.101.9" ]; diff --git a/modules/features/traefik/traefik.nix b/modules/features/traefik/traefik.nix index 7f162d8..97a7eac 100644 --- a/modules/features/traefik/traefik.nix +++ b/modules/features/traefik/traefik.nix @@ -9,7 +9,7 @@ config = { - networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ]; + networking.firewall.allowedTCPPorts = [ 80 443 2222 ]; sops.secrets = { "traefik/cf_email" = {}; @@ -58,11 +58,11 @@ ]; ports = [ - "80:80" - "81:81" - "443:443" - "444:444" - "2222:2222" + #"80:80" + "80:81" + #"443:443" + "443:444" + "2222:2222" ]; labels = {