.

2025-01-18 11:55:45 +01:00 · 2025-01-18 11:55:45 +01:00 · 269e56b5c6
commit 269e56b5c6
parent bfbc1cb84b
7 changed files with 169 additions and 157 deletions
--- a/sys/machines/hopper/lab/default.nix
+++ b/sys/machines/hopper/lab/default.nix
@ -13,6 +13,7 @@
  slskdUiPort = 23488;
  caddyLocal = 8562;
  ncPort = 46523;
+  adguardWebPort = 23489;
  kanidmPort = 8300;
 in {
  imports = [
@ -55,6 +56,7 @@ in {
    wireguardConfigFile = config.sops.secrets.wireguard.path;
    accessibleFrom = [
      "192.168.0.0/24"
+      # "127.0.0.1"
    ];

    # Forwarded to my vpn, for making things accessible from outside
@ -78,10 +80,10 @@ in {
      passthrough = [
        caddyPort
        slskdUiPort
+        80 # caddy
        1900 # jellyfin discovery
        7359 # jellyfin discovery
-        config.services.transmission.settings.rpc-port
-        80 # homepage
+        # 9001
      ];
    in (l.map (x: {
        from = x;
@ -129,16 +131,31 @@ in {
      };
      slskd = {
        useACMEHost = null;
-        hostName = ":${toString slskdUiPort}";
+        hostName = "slskd.hopper.xun.host:80";
        extraConfig = ''
          reverse_proxy localhost:${toString config.services.slskd.settings.web.port}
        '';
      };
+
+      transmission = {
+        useACMEHost = null;
+        hostName = "transmission.hopper.xun.host:80";
+        extraConfig = ''
+          reverse_proxy localhost:${toString config.services.transmission.settings.rpc-port}
+        '';
+      };
      dash = {
        useACMEHost = null;
-        hostName = ":80";
+        hostName = "dash.hopper.xun.host:80";
        extraConfig = "reverse_proxy localhost:${toString config.services.homepage-dashboard.listenPort}";
      };
+      # prometheus = {
+      #   useACMEHost = null;
+      #   hostName = "prometheus.hopper.xun.host:80";
+      #   extraConfig = ''
+      #     reverse_proxy ${toString config.vpnNamespaces."wg".bridgeAddress}:9001
+      #   '';
+      # };
      other = {
        hostName = ":${toString caddyPort}";
        extraConfig = ''
@ -147,6 +164,15 @@ in {
          }
        '';
      };
+      otherPriv = {
+        useACMEHost = null;
+        hostName = ":80";
+        extraConfig = ''
+          respond 404 {
+            body "uhh that doesnt exist, i hope this isnt my fault.."
+          }
+        '';
+      };
    };
  };

@ -162,22 +188,26 @@ in {
        resources = {
          cpu = true;
          disk = "/";
+          uptime = "";
+          units = "metric";
+          cputemp = true;
          memory = true;
+          network = true;
        };
      }
    ];
    services = [
      {
-        "Obtaining" = [
+        "Downloading" = [
          {
            "transmission" = {
-              href = "http://${config.networking.hostName}:9091";
+              href = "http://transmission.hopper.xun.host";
              icon = "transmission";
            };
          }
          {
            "slskd" = {
-              href = "http://${config.networking.hostName}:23488";
+              href = "http://slskd.hopper.xun.host";
              icon = "slskd";
            };
          }
@ -187,10 +217,28 @@ in {
        "Services" = [
          {
            "jellyfin" = {
-              href = "https://jellyfin.xunuwu.xyz";
+              href = "https://jellyfin.${domain}";
              icon = "jellyfin";
            };
          }
+          {
+            "adguard home" = {
+              href = "http://${config.networking.hostName}:${toString config.services.adguardhome.port}";
+              icon = "adguard-home";
+            };
+          }
+          {
+            "prometheus" = {
+              href = "http://${config.networking.hostName}:${toString config.services.prometheus.port}";
+              icon = "prometheus";
+            };
+          }
+          {
+            "kanidm" = {
+              href = "https://kanidm.${domain}";
+              icon = "kanidm";
+            };
+          }
        ];
      }
    ];
@ -201,9 +249,7 @@ in {
    vpnNamespace = "wg";
  };

-  services.jellyfin = {
-    enable = true;
-  };
+  services.jellyfin.enable = true;

  services.prometheus = {
    enable = true;
@ -310,7 +356,7 @@ in {
      InaccessiblePaths = lib.mkForce [];
    };
  };
-  boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
+  boot.kernel.sysctl."fs.inotify.max_user_watches" = 99999999;
  services.kanidm = {
    package = pkgs.kanidm_1_4.override {enableSecretProvisioning = true;};
    enableServer = true;
@ -338,5 +384,38 @@ in {
    };
  };

+  services.adguardhome = {
+    enable = true;
+    mutableSettings = false;
+    port = adguardWebPort;
+    # host = "100.115.105.144";
+    settings = {
+      dhcp.enabled = false;
+      dns = {
+        # port = adguardDnsPort;
+        upstream_dns = [
+          "quic://dns.nextdns.io"
+          "https://cloudflare-dns.com/dns-query"
+          "tls://unfiltered.adguard-dns.com"
+          "https://dns10.quad9.net/dns-query"
+        ];
+        bind_hosts = ["100.115.105.144"];
+        bootstrap_dns = ["1.1.1.1" "8.8.8.8"];
+      };
+      filtering = {
+        rewrites = [
+          {
+            domain = "*.hopper.xun.host";
+            answer = "100.115.105.144";
+          }
+          {
+            domain = "hopper.xun.host";
+            answer = "100.115.105.144";
+          }
+        ];
+      };
+    };
+  };
+
  ## TODO: add forgejo
 }