2024-06-01 10:37:49 +03:00
|
|
|
{ lib
|
|
|
|
, const
|
|
|
|
, host
|
|
|
|
, storage
|
|
|
|
, domain
|
2024-06-09 23:35:53 +03:00
|
|
|
, media
|
2024-06-14 02:58:39 +03:00
|
|
|
, pkgs
|
2024-06-01 10:37:49 +03:00
|
|
|
, ... }: {
|
|
|
|
inherit host;
|
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Common configuration for all the containers.
|
2024-06-23 16:21:40 +03:00
|
|
|
mkContainer = config: cfg: lib.recursiveUpdate {
|
2024-06-24 03:32:33 +03:00
|
|
|
# Start containers with the system by default.
|
|
|
|
autoStart = true;
|
|
|
|
|
|
|
|
# IP Address of the host. This is required for container to have access to the Internet.
|
|
|
|
hostAddress = host;
|
|
|
|
|
|
|
|
# Container's IP address.
|
|
|
|
localAddress = config.address;
|
|
|
|
|
|
|
|
# Isolate container from other hosts.
|
2024-06-01 10:37:49 +03:00
|
|
|
privateNetwork = true;
|
2024-06-23 16:21:40 +03:00
|
|
|
} cfg;
|
2024-06-01 10:37:49 +03:00
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Common configuration for the system inside the container.
|
2024-06-23 16:21:40 +03:00
|
|
|
mkContainerConfig = config: cfg: lib.recursiveUpdate {
|
2024-06-24 03:32:33 +03:00
|
|
|
# HACK: Do not evaluate nixpkgs inside the container. Use host's instead.
|
2024-06-14 02:58:39 +03:00
|
|
|
nixpkgs.pkgs = lib.mkForce pkgs;
|
2024-06-24 03:32:33 +03:00
|
|
|
|
|
|
|
# Release version.
|
2024-06-01 10:37:49 +03:00
|
|
|
system.stateVersion = const.stateVersion;
|
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Allow passwordless login as root.
|
2024-06-01 10:37:49 +03:00
|
|
|
users.users.root.password = "";
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
|
|
networking = {
|
2024-06-24 03:32:33 +03:00
|
|
|
# Default DNS servers.
|
2024-06-01 10:37:49 +03:00
|
|
|
nameservers = [
|
|
|
|
"1.1.1.1"
|
|
|
|
];
|
2024-06-24 03:32:33 +03:00
|
|
|
|
|
|
|
# HACK: Fix for upstream issue: https://github.com/NixOS/nixpkgs/issues/162686
|
2024-06-01 10:37:49 +03:00
|
|
|
useHostResolvConf = lib.mkForce false;
|
2024-06-24 03:32:33 +03:00
|
|
|
|
|
|
|
# Disable firewall.
|
2024-06-01 10:37:49 +03:00
|
|
|
firewall.enable = false;
|
|
|
|
};
|
2024-06-23 16:21:40 +03:00
|
|
|
} cfg;
|
2024-06-01 10:37:49 +03:00
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Create a directory on the host for container use.
|
2024-06-01 10:37:49 +03:00
|
|
|
mkContainerDir = cfg: dirs: map (path: "d '${cfg.storage}/${path}' 1777 root root - -") dirs;
|
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Common configuration for Nginx server.
|
2024-06-23 16:21:40 +03:00
|
|
|
mkServer = cfg: lib.recursiveUpdate {
|
2024-06-01 10:37:49 +03:00
|
|
|
forceSSL = false;
|
2024-06-23 16:21:40 +03:00
|
|
|
} cfg;
|
2024-06-01 10:37:49 +03:00
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Attach the host media directory to container.
|
|
|
|
# They will be added to /type/{0..9}
|
2024-06-13 17:00:05 +03:00
|
|
|
attachMedia = type: paths: ro: builtins.listToAttrs (lib.imap0 (i: path:
|
|
|
|
{
|
|
|
|
name = "/${type}/${toString i}";
|
|
|
|
value = {
|
|
|
|
hostPath = path;
|
|
|
|
isReadOnly = ro;
|
|
|
|
};
|
|
|
|
}
|
|
|
|
) paths);
|
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Range of local addresses who have access to sensitive paths like admin panels.
|
|
|
|
# Other addresses will get 403.
|
2024-06-09 23:35:53 +03:00
|
|
|
localAccess = "192.168.1.0/24";
|
|
|
|
|
2024-06-24 03:32:33 +03:00
|
|
|
# Per-container configurations.
|
2024-06-01 10:37:49 +03:00
|
|
|
config = {
|
2024-06-20 00:29:40 +03:00
|
|
|
camera = {
|
|
|
|
address = "192.168.2.249";
|
|
|
|
domain = "camera.${domain}";
|
|
|
|
port = "554";
|
|
|
|
};
|
2024-06-01 10:37:49 +03:00
|
|
|
change = {
|
|
|
|
address = "10.1.0.41";
|
2024-06-09 23:35:53 +03:00
|
|
|
port = 5000;
|
2024-06-01 10:37:49 +03:00
|
|
|
domain = "change.${domain}";
|
|
|
|
storage = "${storage}/change";
|
|
|
|
};
|
|
|
|
cloud = {
|
|
|
|
address = "10.1.0.13";
|
2024-06-09 23:35:53 +03:00
|
|
|
port = 80;
|
2024-06-01 10:37:49 +03:00
|
|
|
domain = "cloud.${domain}";
|
|
|
|
storage = "${storage}/cloud";
|
|
|
|
};
|
2024-06-09 23:35:53 +03:00
|
|
|
ddns = {
|
|
|
|
address = "10.1.0.31";
|
2024-06-23 16:21:40 +03:00
|
|
|
port = 53;
|
2024-06-09 23:35:53 +03:00
|
|
|
storage = "${storage}/ddns";
|
|
|
|
};
|
|
|
|
dns = {
|
|
|
|
address = "10.1.0.6";
|
|
|
|
};
|
|
|
|
download = {
|
|
|
|
inherit (media) download;
|
|
|
|
address = "10.1.0.12";
|
|
|
|
port = 8112;
|
|
|
|
domain = "download.${domain}";
|
|
|
|
storage = "${storage}/download";
|
|
|
|
};
|
|
|
|
git = {
|
|
|
|
address = "10.1.0.8";
|
|
|
|
port = 3000;
|
|
|
|
domain = "git.${domain}";
|
|
|
|
storage = "${storage}/git";
|
|
|
|
};
|
|
|
|
hdd = {
|
|
|
|
address = "10.1.0.10";
|
|
|
|
port = 8080;
|
|
|
|
domain = "hdd.${domain}";
|
|
|
|
storage = "${storage}/hdd";
|
|
|
|
};
|
|
|
|
home = {
|
|
|
|
address = "10.1.0.18";
|
|
|
|
port = 80;
|
|
|
|
domain = "home.${domain}";
|
|
|
|
};
|
|
|
|
iot = {
|
|
|
|
inherit (media) photo;
|
|
|
|
address = "10.1.0.27";
|
|
|
|
domain = "iot.${domain}";
|
|
|
|
port = 8123;
|
|
|
|
storage = "${storage}/iot";
|
|
|
|
};
|
|
|
|
jobber = {
|
|
|
|
address = "10.1.0.32";
|
|
|
|
storage = "${storage}/jobber";
|
|
|
|
};
|
|
|
|
mail = {
|
|
|
|
address = "10.1.0.5";
|
|
|
|
domain = "mail.${domain}";
|
|
|
|
port = 80;
|
|
|
|
storage = "${storage}/mail";
|
|
|
|
};
|
|
|
|
office = {
|
|
|
|
address = "10.1.0.21";
|
|
|
|
domain = "office.${domain}";
|
|
|
|
port = 8000;
|
2024-06-15 18:38:17 +03:00
|
|
|
storage = "${storage}/office";
|
2024-06-09 23:35:53 +03:00
|
|
|
};
|
|
|
|
paper = {
|
2024-06-13 17:00:05 +03:00
|
|
|
inherit (media) paper;
|
2024-06-09 23:35:53 +03:00
|
|
|
address = "10.1.0.40";
|
|
|
|
domain = "paper.${domain}";
|
|
|
|
port = 28981;
|
|
|
|
storage = "${storage}/paper";
|
|
|
|
};
|
|
|
|
pass = {
|
|
|
|
address = "10.1.0.9";
|
|
|
|
domain = "pass.${domain}";
|
|
|
|
port = 8000;
|
|
|
|
storage = "${storage}/pass";
|
|
|
|
};
|
2024-06-01 10:37:49 +03:00
|
|
|
paste = {
|
|
|
|
address = "10.1.0.14";
|
|
|
|
domain = "paste.${domain}";
|
2024-06-09 23:35:53 +03:00
|
|
|
port = 80;
|
2024-06-01 10:37:49 +03:00
|
|
|
storage = "${storage}/paste";
|
|
|
|
};
|
2024-06-09 23:35:53 +03:00
|
|
|
print = {
|
|
|
|
domain = "print.${domain}";
|
|
|
|
address = "10.1.0.46";
|
|
|
|
port = 631;
|
|
|
|
storage = "${storage}/print";
|
|
|
|
};
|
|
|
|
printer = {
|
|
|
|
address = "192.168.2.237";
|
|
|
|
domain = "printer.${domain}";
|
|
|
|
port = 80;
|
|
|
|
};
|
2024-06-01 10:37:49 +03:00
|
|
|
proxy = {
|
|
|
|
address = "10.1.0.2";
|
2024-06-24 14:15:46 +03:00
|
|
|
port = 443;
|
2024-06-01 10:37:49 +03:00
|
|
|
storage = "${storage}/proxy";
|
|
|
|
};
|
|
|
|
postgres = {
|
|
|
|
address = "10.1.0.3";
|
2024-06-09 23:35:53 +03:00
|
|
|
port = 5432;
|
2024-06-01 10:37:49 +03:00
|
|
|
storage = "${storage}/postgres";
|
|
|
|
};
|
2024-06-09 23:35:53 +03:00
|
|
|
rabbitmq = {
|
|
|
|
address = "10.1.0.28";
|
|
|
|
port = 5672;
|
|
|
|
storage = "${storage}/rabbitmq";
|
|
|
|
};
|
|
|
|
read = {
|
2024-06-13 17:00:05 +03:00
|
|
|
inherit (media) book manga;
|
2024-06-09 23:35:53 +03:00
|
|
|
address = "10.1.0.39";
|
|
|
|
domain = "read.${domain}";
|
|
|
|
port = 5000;
|
|
|
|
storage = "${storage}/read";
|
|
|
|
};
|
|
|
|
redis = {
|
|
|
|
address = "10.1.0.38";
|
|
|
|
port = 6379;
|
|
|
|
};
|
|
|
|
router = {
|
|
|
|
address = "192.168.1.1";
|
|
|
|
domain = "router.${domain}";
|
|
|
|
port = 80;
|
|
|
|
};
|
|
|
|
search = {
|
|
|
|
address = "10.1.0.26";
|
|
|
|
domain = "search.${domain}";
|
|
|
|
port = 8080;
|
|
|
|
};
|
|
|
|
status = {
|
|
|
|
address = "10.1.0.22";
|
|
|
|
domain = "status.${domain}";
|
|
|
|
port = 3001;
|
|
|
|
storage = "${storage}/status";
|
|
|
|
};
|
|
|
|
stock = {
|
|
|
|
address = "10.1.0.45";
|
|
|
|
domain = "stock.${domain}";
|
|
|
|
port = 80;
|
|
|
|
storage = "${storage}/stock";
|
|
|
|
};
|
|
|
|
vpn = {
|
|
|
|
address = "10.1.0.23";
|
|
|
|
port = 51820;
|
|
|
|
storage = "${storage}/vpn";
|
|
|
|
};
|
|
|
|
watch = {
|
2024-06-14 01:18:50 +03:00
|
|
|
inherit (media) anime download movie music photo porn show study work youtube;
|
2024-06-09 23:35:53 +03:00
|
|
|
address = "10.1.0.11";
|
|
|
|
domain = "watch.${domain}";
|
|
|
|
port = 8096;
|
|
|
|
storage = "${storage}/watch";
|
|
|
|
};
|
|
|
|
yt = {
|
|
|
|
address = "10.1.0.19";
|
|
|
|
domain = "yt.${domain}";
|
|
|
|
port = 3000;
|
|
|
|
};
|
2024-06-01 10:37:49 +03:00
|
|
|
};
|
|
|
|
}
|