diff --git a/flake.nix b/flake.nix index 06ec83a..f0e8afe 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ services = { vm_nginx = { enable = true; + proxy_ip = proxy_host; }; }; } diff --git a/services/grafana/default.nix b/services/grafana/default.nix index e3f9f2d..670d17e 100644 --- a/services/grafana/default.nix +++ b/services/grafana/default.nix @@ -151,7 +151,7 @@ in { job_name = "gitea"; static_configs = [ { - targets = ["192.168.1.14:9100"]; + targets = ["192.168.1.14:9002"]; } ]; } @@ -159,7 +159,7 @@ in { job_name = "postgresql"; static_configs = [ { - targets = ["192.168.1.13:9100"]; + targets = ["192.168.1.13:9002"]; } ]; } @@ -171,14 +171,6 @@ in { } ]; } - { - job_name = "deluge"; - static_configs = [ - { - targets = ["192.168.1.18:9100"]; - } - ]; - } { job_name = "jellyfin"; static_configs = [ @@ -197,7 +189,7 @@ in { auth_enabled = false; ingester = { lifecycler = { - address = "127.0.0.1"; + address = "192.168.1.27"; ring = { kvstore = { store = "inmemory"; diff --git a/services/nginx/default.nix b/services/nginx/default.nix index f64308c..6c3ef29 100644 --- a/services/nginx/default.nix +++ b/services/nginx/default.nix @@ -9,6 +9,10 @@ in { options.services.vm_nginx = { enable = lib.mkEnableOption "Enable minimal config"; + proxy_ip = lib.mkOption { + type = lib.types.str; + description = "The Nginx proxy IP address"; + }; }; config = lib.mkIf cfg.enable { age.secrets = { @@ -30,7 +34,7 @@ in { package = inputs.crowdsec.packages."x86_64-linux".crowdsec-firewall-bouncer; settings = { api_key = "XIgNVuxdP74m+UPbd3WJnHHJdLhRiTbhuH6z2mPRIFg"; - api_url = "http://localhost:8080"; + api_url = "http://127.0.0.1:8080"; }; }; crowdsec = { @@ -43,12 +47,12 @@ in { api = { server = { enable = true; - listen_uri = "127.0.0.1:8080"; + listen_uri = "${cfg.proxy_ip}:8080"; }; }; prometheus.listen_addr = "0.0.0.0"; }; - lapi.credentialsFile = "${config.age.secrets.cs-api-key.path}"; + lapi.credentialsFile = "${config.age.secrets.cs-lapi-key.path}"; }; hub.collections = [ "firix/authentik" @@ -65,7 +69,7 @@ in { acquisitions = [ { source = "journalctl"; - journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ]; + journalctl_filter = [ "_SYSTEMD_UNIT=nginx.service" ]; labels = { type = "syslog"; }; @@ -74,6 +78,7 @@ in { }; }; fail2ban = { + enable = lib.mkForce false; jails = { nginx-http-auth = '' enabled = true @@ -185,24 +190,6 @@ in { recommendedProxySettings = true; }; }; - "office.le43.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://192.168.1.125:8000"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; - "collabora.le43.eu" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://192.168.1.19:9980"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; "git.le43.eu" = { forceSSL = true; enableACME = true;