xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
xunuwu 2025-01-18 11:55:45 +01:00
parent bfbc1cb84b
commit 269e56b5c6
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
7 changed files with 169 additions and 157 deletions
Download patch file Download diff file Expand all files Collapse all files

103
sys/machines/hopper/lab/default.nix
View file

@ -13,6 +13,7 @@
slskdUiPort = 23488;
caddyLocal = 8562;
ncPort = 46523;
adguardWebPort = 23489;
kanidmPort = 8300;
in {
imports = [
@ -55,6 +56,7 @@ in {
wireguardConfigFile = config.sops.secrets.wireguard.path;
accessibleFrom = [
"192.168.0.0/24"
# "127.0.0.1"
];
# Forwarded to my vpn, for making things accessible from outside
@ -78,10 +80,10 @@ in {
passthrough = [
caddyPort
slskdUiPort
80 # caddy
1900 # jellyfin discovery
7359 # jellyfin discovery
config.services.transmission.settings.rpc-port
80 # homepage
# 9001
];
in (l.map (x: {
from = x;
@ -129,16 +131,31 @@ in {
};
slskd = {
useACMEHost = null;
hostName = ":${toString slskdUiPort}";
hostName = "slskd.hopper.xun.host:80";
extraConfig = ''
reverse_proxy localhost:${toString config.services.slskd.settings.web.port}
'';
};
transmission = {
useACMEHost = null;
hostName = "transmission.hopper.xun.host:80";
extraConfig = ''
reverse_proxy localhost:${toString config.services.transmission.settings.rpc-port}
'';
};
dash = {
useACMEHost = null;
hostName = ":80";
hostName = "dash.hopper.xun.host:80";
extraConfig = "reverse_proxy localhost:${toString config.services.homepage-dashboard.listenPort}";
};
# prometheus = {
# useACMEHost = null;
# hostName = "prometheus.hopper.xun.host:80";
# extraConfig = ''
# reverse_proxy ${toString config.vpnNamespaces."wg".bridgeAddress}:9001
# '';
# };
other = {
hostName = ":${toString caddyPort}";
extraConfig = ''
@ -147,6 +164,15 @@ in {
}
'';
};
otherPriv = {
useACMEHost = null;
hostName = ":80";
extraConfig = ''
respond 404 {
body "uhh that doesnt exist, i hope this isnt my fault.."
}
'';
};
};
};
@ -162,22 +188,26 @@ in {
resources = {
cpu = true;
disk = "/";
uptime = "";
units = "metric";
cputemp = true;
memory = true;
network = true;
};
}
];
services = [
{
"Obtaining" = [
"Downloading" = [
{
"transmission" = {
href = "http://${config.networking.hostName}:9091";
href = "http://transmission.hopper.xun.host";
icon = "transmission";
};
}
{
"slskd" = {
href = "http://${config.networking.hostName}:23488";
href = "http://slskd.hopper.xun.host";
icon = "slskd";
};
}
@ -187,10 +217,28 @@ in {
"Services" = [
{
"jellyfin" = {
href = "https://jellyfin.xunuwu.xyz";
href = "https://jellyfin.${domain}";
icon = "jellyfin";
};
}
{
"adguard home" = {
href = "http://${config.networking.hostName}:${toString config.services.adguardhome.port}";
icon = "adguard-home";
};
}
{
"prometheus" = {
href = "http://${config.networking.hostName}:${toString config.services.prometheus.port}";
icon = "prometheus";
};
}
{
"kanidm" = {
href = "https://kanidm.${domain}";
icon = "kanidm";
};
}
];
}
];
@ -201,9 +249,7 @@ in {
vpnNamespace = "wg";
};
services.jellyfin = {
enable = true;
};
services.jellyfin.enable = true;
services.prometheus = {
enable = true;
@ -310,7 +356,7 @@ in {
InaccessiblePaths = lib.mkForce [];
};
};
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
boot.kernel.sysctl."fs.inotify.max_user_watches" = 99999999;
services.kanidm = {
package = pkgs.kanidm_1_4.override {enableSecretProvisioning = true;};
enableServer = true;
@ -338,5 +384,38 @@ in {
};
};
services.adguardhome = {
enable = true;
mutableSettings = false;
port = adguardWebPort;
# host = "100.115.105.144";
settings = {
dhcp.enabled = false;
dns = {
# port = adguardDnsPort;
upstream_dns = [
"quic://dns.nextdns.io"
"https://cloudflare-dns.com/dns-query"
"tls://unfiltered.adguard-dns.com"
"https://dns10.quad9.net/dns-query"
];
bind_hosts = ["100.115.105.144"];
bootstrap_dns = ["1.1.1.1" "8.8.8.8"];
};
filtering = {
rewrites = [
{
domain = "*.hopper.xun.host";
answer = "100.115.105.144";
}
{
domain = "hopper.xun.host";
answer = "100.115.105.144";
}
];
};
};
};
## TODO: add forgejo
}

122
sys/profiles/secrets/hopper/default.nix
View file

@ -7,14 +7,14 @@ in {
format = "binary";
sopsFile = ./wireguard;
};
grafana-pass = {
format = "binary";
sopsFile = ./grafana-pass;
};
wireguard-config = {
format = "binary";
sopsFile = ./wireguard-config;
};
# grafana-pass = {
# format = "binary";
# sopsFile = ./grafana-pass;
# };
# wireguard-config = {
# format = "binary";
# sopsFile = ./wireguard-config;
# };
slskd = {
format = "binary";
@ -25,26 +25,26 @@ in {
format = "binary";
sopsFile = ./cloudflare;
};
jackett = {
format = "binary";
sopsFile = ./jackett;
restartUnits = ["podman-qbittorrent.service"];
};
betanin = {
format = "binary";
sopsFile = ./betanin;
restartUnits = ["podman-betanin.service"];
};
# jackett = {
# format = "binary";
# sopsFile = ./jackett;
# restartUnits = ["podman-qbittorrent.service"];
# };
# betanin = {
# format = "binary";
# sopsFile = ./betanin;
# restartUnits = ["podman-betanin.service"];
# };
transmission = {
format = "binary";
sopsFile = ./transmission;
};
authentik = {
format = "binary";
sopsFile = ./authentik;
};
# authentik = {
# format = "binary";
# sopsFile = ./authentik;
# };
"kanidm/admin_pass" = {
sopsFile = ./kanidm.yaml;
@ -71,45 +71,45 @@ in {
# };
# authelia
authelia_lldap_password = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "lldap_password";
# owner = autheliaUser;
};
authelia_jwt_secret = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "jwt_secret";
# owner = autheliaUser;
};
authelia_session_secret = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "session_secret";
#owner = autheliaUser;
};
authelia_encryption_key = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "encryption_key";
#owner = autheliaUser;
};
authelia_storage_password = {
format = "yaml";
sopsFile = ./authelia.yaml;
key = "storage_password";
#owner = autheliaUser;
};
# authelia_lldap_password = {
# format = "yaml";
# sopsFile = ./authelia.yaml;
# key = "lldap_password";
# # owner = autheliaUser;
# };
# authelia_jwt_secret = {
# format = "yaml";
# sopsFile = ./authelia.yaml;
# key = "jwt_secret";
# # owner = autheliaUser;
# };
# authelia_session_secret = {
# format = "yaml";
# sopsFile = ./authelia.yaml;
# key = "session_secret";
# #owner = autheliaUser;
# };
# authelia_encryption_key = {
# format = "yaml";
# sopsFile = ./authelia.yaml;
# key = "encryption_key";
# #owner = autheliaUser;
# };
# authelia_storage_password = {
# format = "yaml";
# sopsFile = ./authelia.yaml;
# key = "storage_password";
# #owner = autheliaUser;
# };
brawlstars-api-key = {
format = "binary";
sopsFile = ./brawlstars;
};
wakapi = {
format = "binary";
sopsFile = ./wakapi;
mode = "004";
};
# brawlstars-api-key = {
# format = "binary";
# sopsFile = ./brawlstars;
# };
# wakapi = {
# format = "binary";
# sopsFile = ./wakapi;
# mode = "004";
# };
};
}