pain

2026-05-11 18:19:58 +03:00 · 2026-05-11 18:19:58 +03:00 · cb6af5e7c4
commit cb6af5e7c4
parent 5acdaed42a
16 changed files with 288 additions and 29 deletions
--- a/hosts/kittykat/configuration.nix
+++ b/hosts/kittykat/configuration.nix
@ -9,11 +9,9 @@
    ./disko.nix
    ../../modules/nixos/networking/ssh.nix
    ../../modules/nixos/users/tulg.nix
-    ./traefik.nix
    ./home.nix
-    ../../modules/servers/per-host/kittykat/vaultwarden.nix
-
-    ../../modules/servers/per-host/kittykat/xray.nix
+    ../../modules/servers/per-host/kittykat
+    ../../modules/servers/common.nix
  ];

  networking.hostName = "kittykat";
@ -27,6 +25,7 @@
      AllowTcpForwarding = true;
      X11Forwarding = true;
      GatewayPorts = "yes";
+      PermitTunnel = "yes";
    };
  };
  programs.bash.interactiveShellInit = ''
--- a/hosts/kittykat/traefik.nix
+++ b/hosts/kittykat/traefik.nix
@ -1,67 +0,0 @@
-{config, ...}: {
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [80 443 25565 25567];
-    extraInputRules = ''
-      tcp dport 2053 drop
-    '';
-  };
-
-  services.static-web-server = {
-    enable = true;
-    listen = "127.0.0.1:8080";
-    root = "/var/www/kittykat";
-  };
-
-  systemd.tmpfiles.rules = [
-    "d /var/www/kittykat 0755 root root -"
-  ];
-
-  services.traefik = {
-    enable = true;
-
-    staticConfigOptions = {
-      entryPoints = {
-        web = {
-          address = ":80";
-          http.redirections.entryPoint = {
-            to = "websecure";
-            scheme = "https";
-          };
-        };
-
-        websecure = {
-          address = ":443";
-          http.tls.certResolver = "letsencrypt";
-        };
-      };
-
-      log = {
-        level = "INFO";
-        filePath = "${config.services.traefik.dataDir}/traefik.log";
-        format = "json";
-      };
-
-      certificatesResolvers.letsencrypt.acme = {
-        email = "tulg@protonmail.ch";
-        storage = "${config.services.traefik.dataDir}/acme.json";
-        httpChallenge.entryPoint = "web";
-      };
-
-      api.dashboard = true;
-    };
-
-    dynamicConfigOptions.http = {
-      routers.plain-html = {
-        rule = "Host(`poggerer.xyz`)";
-        entryPoints = ["websecure"];
-        service = "plain-html";
-        tls.certResolver = "letsencrypt";
-      };
-
-      services.plain-html.loadBalancer.servers = [
-        {url = "http://127.0.0.1:8080";}
-      ];
-    };
-  };
-}