nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

Compare commits

base: nydragon:831cb6b0f45bb1214ea4d522395bbbaf873b3563
Branches Tags
nydragon:main
nydragon:hjemify
..
compare: nydragon:49159caaf51942297aa65a7f1980eb199e5105e9
Branches Tags
nydragon:main
nydragon:hjemify

No commits in common. "831cb6b0f45bb1214ea4d522395bbbaf873b3563" and "49159caaf51942297aa65a7f1980eb199e5105e9" have entirely different histories.
831cb6b0f4 ... 49159caaf5

4 changed files with 22 additions and 60 deletions
Show stats Expand all files Collapse all files

2
hosts/raptus/headscale/acls.nix
View file

@ -53,7 +53,7 @@ in
"tag:server" "tag:server"
"tag:client" "tag:client"
] ]
[ "ny" "deck" ] [ "ny" ]
) # client -> {client, server} ) # client -> {client, server}
]; ];

76
hosts/shan/default.nix
View file

@ -1,7 +1,6 @@
{ {
modulesPath, modulesPath,
pubkeys, pubkeys,
config,
... ...
}: }:
{ {
@ -36,8 +35,12 @@
container = { container = {
kitchenowl = { kitchenowl = {
enable = true; enable = true;
openFirewall = true;
version = "v0.6.4"; version = "v0.6.4";
}; };
nginxproxymanager = {
enable = true;
};
}; };
server = { server = {
@ -128,56 +131,6 @@
}; };
}; };
}; };
security.acme = {
acceptTerms = true;
defaults = {
email = "contact@ccnlc.eu";
dnsProvider = "ovh";
environmentFile = "/run/secrets/ovh";
};
certs."ccnlc.eu" = {
group = "nginx";
extraDomainNames = [ "*.ccnlc.eu" ];
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "100M";
virtualHosts =
let
mkVHLocal = mkVH "http://localhost";
mkVH = domain: port: {
forceSSL = true;
locations."/" = {
proxyPass = "${domain}:${toString port}";
extraConfig = ''
proxy_ssl_server_name on;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
'';
};
useACMEHost = "ccnlc.eu";
};
in
{
"octoprint.ccnlc.eu" = mkVHLocal config.services.octoprint.port;
"immich.ccnlc.eu" = mkVHLocal config.services.immich.port;
"jellyfin.ccnlc.eu" = mkVHLocal 8096;
"ntfy.ccnlc.eu" = mkVHLocal 9393;
"dav.ccnlc.eu" = mkVHLocal 5232;
"assistant.ccnlc.eu" = mkVHLocal config.services.home-assistant.config.http.server_port;
"kitchenowl.ccnlc.eu" = mkVHLocal config.modules.container.kitchenowl.port;
"navidrome.ccnlc.eu" = mkVHLocal config.services.navidrome.settings.Port;
"paperless.ccnlc.eu" = mkVHLocal config.modules.server.paperless.port;
"fritz.ccnlc.eu" = mkVH "http://192.168.178.1" 80;
"truenas.ccnlc.eu" = mkVH "https://192.168.178.21" 443;
};
};
services = { services = {
openssh = { openssh = {
@ -188,15 +141,23 @@
}; };
}; };
jellyfin.enable = true; jellyfin = {
immich.enable = true; enable = true;
openFirewall = true;
};
immich = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
};
radicale = { radicale = {
enable = true; enable = true;
# Documentation at <https://radicale.org/v3.html#configuration> # Documentation at <https://radicale.org/v3.html#configuration>
settings = { settings = {
server = { server = {
hosts = [ "127.0.0.1:5232" ]; hosts = [ "0.0.0.0:5232" ];
}; };
auth = { auth = {
type = "htpasswd"; type = "htpasswd";
@ -217,7 +178,7 @@
in in
{ {
base-url = "https://ntfy.ccnlc.eu"; base-url = "https://ntfy.ccnlc.eu";
listen-http = "127.0.0.1:9393"; listen-http = "0.0.0.0:9393";
auth-default-access = "deny-all"; auth-default-access = "deny-all";
behind-proxy = true; behind-proxy = true;
attachment-cache-dir = "${root}/attachments"; attachment-cache-dir = "${root}/attachments";
@ -228,6 +189,7 @@
octoprint = { octoprint = {
enable = true; enable = true;
openFirewall = true;
port = 5000; port = 5000;
}; };
@ -263,8 +225,8 @@
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
443 5232
80 9393
]; ];
fileSystems = { fileSystems = {

2
options/container/kitchenowl/default.nix
View file

@ -77,7 +77,7 @@ in
ExecStop = "podman network rm -f kitchenowl_default"; ExecStop = "podman network rm -f kitchenowl_default";
}; };
script = '' script = ''
podman network inspect kitchenowl_default || podman network create kitchenowl_default --disable-dns podman network inspect kitchenowl_default || podman network create kitchenowl_default
''; '';
partOf = [ "podman-compose-kitchenowl-root.target" ]; partOf = [ "podman-compose-kitchenowl-root.target" ];
wantedBy = [ "podman-compose-kitchenowl-root.target" ]; wantedBy = [ "podman-compose-kitchenowl-root.target" ];

2
options/container/nginxproxymanager.nix
View file

@ -84,7 +84,7 @@ in
ExecStop = "podman network rm -f nginx_default"; ExecStop = "podman network rm -f nginx_default";
}; };
script = '' script = ''
podman network inspect nginx_default || podman network create nginx_default --disable-dns podman network inspect nginx_default || podman network create nginx_default
''; '';
partOf = [ "podman-compose-nginx-root.target" ]; partOf = [ "podman-compose-nginx-root.target" ];
wantedBy = [ "podman-compose-nginx-root.target" ]; wantedBy = [ "podman-compose-nginx-root.target" ];