m3-r1
This commit is contained in:
parent
5fa6d0b0ee
commit
16d4ec6928
19
flake.nix
19
flake.nix
|
@ -28,6 +28,10 @@
|
|||
modules =
|
||||
[ allowUnfree ./hosts/lkk-nix-1 agenix.nixosModules.default ];
|
||||
};
|
||||
m3-r1 = lib.nixosSystem {
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [ allowUnfree ./hosts/m3-r1 agenix.nixosModules.default ];
|
||||
};
|
||||
lkk-prod-1 = lib.nixosSystem {
|
||||
specialArgs = { inherit inputs; };
|
||||
modules =
|
||||
|
@ -56,6 +60,12 @@
|
|||
};
|
||||
modules = [ ./home/users/m3tam3re/lkk-nix-1.nix ];
|
||||
};
|
||||
"m3tam3re@m3-r1" = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||
extraSpecialArgs = { # pass things to t
|
||||
};
|
||||
modules = [ ./home/users/m3tam3re/m3-r1.nix ];
|
||||
};
|
||||
};
|
||||
deploy.nodes.lkk-nix-1 = {
|
||||
hostname = "lkk-nix-1";
|
||||
|
@ -66,6 +76,15 @@
|
|||
self.nixosConfigurations.lkk-nix-1;
|
||||
};
|
||||
};
|
||||
deploy.nodes.m3-r1 = {
|
||||
hostname = "lkk-nix-1";
|
||||
sshUser = "root";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||
self.nixosConfigurations.lkk-nix-1;
|
||||
};
|
||||
};
|
||||
deploy.nodes.lkk-prod-1 = {
|
||||
hostname = "lkk-prod-1";
|
||||
sshUser = "root";
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
{ pkgs, ... }: {
|
||||
imports = [ ./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix ];
|
||||
imports =
|
||||
[ ./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix ];
|
||||
|
||||
home.packages = with pkgs;
|
||||
[
|
||||
python3
|
||||
python311Packages.pip
|
||||
guile_3_0
|
||||
tinyscheme
|
||||
];
|
||||
home.packages = with pkgs; [
|
||||
ispell
|
||||
python3
|
||||
python311Packages.pip
|
||||
python311Packages.setuptools
|
||||
guile_3_0
|
||||
tinyscheme
|
||||
];
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ in {
|
|||
handbrake
|
||||
libsForQt5.kdenlive
|
||||
makemkv
|
||||
mediainfo
|
||||
mpv
|
||||
plexamp
|
||||
uxplay
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, ... }: {
|
||||
imports = [ ./base ../../features/cli ];
|
||||
|
||||
features = {
|
||||
cli = {
|
||||
fish.enable = true;
|
||||
starship.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
home.stateVersion = "22.11";
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
{ pkgs, ... }: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../common/users/m3tam3re
|
||||
../common/base
|
||||
./services
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.openssh.settings.PasswordAuthentication = false;
|
||||
networking = {
|
||||
hostName = "m3-r1";
|
||||
firewall.enable = true;
|
||||
firewall.allowedTCPPortRanges = [{
|
||||
from = 3000;
|
||||
to = 3100;
|
||||
}];
|
||||
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
|
||||
firewall.allowedUDPPorts = [ 53 51820 41641 ];
|
||||
firewall.allowedUDPPortRanges = [{
|
||||
from = 3478;
|
||||
to = 3481;
|
||||
}];
|
||||
};
|
||||
programs.fish.enable = true;
|
||||
age = {
|
||||
secrets = {
|
||||
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
|
||||
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
|
||||
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||
|
||||
vaultwarden-env = {
|
||||
file = ../../secrets/vaultwarden-env.age;
|
||||
mode = "770";
|
||||
};
|
||||
|
||||
n8n-env = {
|
||||
file = ../../secrets/n8n-env.age;
|
||||
mode = "770";
|
||||
};
|
||||
|
||||
traefik-env = {
|
||||
file = ../../secrets/traefik-env.age;
|
||||
mode = "770";
|
||||
owner = "traefik";
|
||||
};
|
||||
|
||||
searx-environmentFile = {
|
||||
file = ../../secrets/searx-environmentFile.age;
|
||||
mode = "770";
|
||||
owner = "searx";
|
||||
};
|
||||
|
||||
};
|
||||
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||
};
|
||||
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
optimise.automatic = true;
|
||||
};
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
}
|
|
@ -0,0 +1,55 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/6f25ddea-6022-4663-9f5d-58b383de7e52";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=root" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/6f25ddea-6022-4663-9f5d-58b383de7e52";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=home" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/6f25ddea-6022-4663-9f5d-58b383de7e52";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2550-EF31";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/var/backup" =
|
||||
{ device = "46.38.248.210:/voln527829a1";
|
||||
fsType = "nfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ./containers ];
|
||||
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
defaultNetwork.settings = { dns_enabled = true; };
|
||||
};
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."baserow" = {
|
||||
image = "docker.io/baserow/baserow:1.18.0";
|
||||
environment = {
|
||||
BASEROW_PUBLIC_URL = "https://db.lanakk.com";
|
||||
|
||||
POSTGRES_USER = "baserow";
|
||||
POSTGRES_PASSWORD = "baserow";
|
||||
POSTGRES_DB = "baserow";
|
||||
DATABASE_HOST = "postgres";
|
||||
DATABASE_NAME = "baserow";
|
||||
DATABASE_USER = "baserow";
|
||||
DATABASE_PASSWORD = "baserow";
|
||||
|
||||
EMAIL_SMTP = "in-v3.mailjet.com";
|
||||
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
|
||||
EMAIL_SMTP_PORT = "587";
|
||||
EMAIL_SMTP_USER = config.age.secrets.mj-smtp-user.path;
|
||||
EMAIL_SMTP_PASSWORD = config.age.secrets.mj-smtp-pass.path;
|
||||
};
|
||||
ports = [ "3001:80" ];
|
||||
volumes = [ "baserow_data:/baserow/data" ];
|
||||
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.11" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."briefkasten" = {
|
||||
image = "docker.io/ndom91/briefkasten";
|
||||
environmentFiles = [ config.age.secrets.briefkasten-env.path ];
|
||||
ports = [ "3009:3000" ];
|
||||
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.19" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
{
|
||||
imports = [
|
||||
./baserow.nix
|
||||
# ./briefkasten.nix
|
||||
# ./little-link.nix
|
||||
./matomo.nix
|
||||
./mautic.nix
|
||||
# ./nextcloud.nix
|
||||
# ./nginx.nix
|
||||
# ./wordpress.nix
|
||||
];
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."littlelink_lanakk" = {
|
||||
image = "ghcr.io/techno-tim/littlelink-server";
|
||||
environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ];
|
||||
ports = [ "3010:3000" ];
|
||||
extraOptions = [ "--ip=10.88.0.20" ];
|
||||
};
|
||||
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
|
||||
image = "ghcr.io/techno-tim/littlelink-server";
|
||||
environmentFiles = [ config.age.secrets.littlelink-m3tam3re-env.path ];
|
||||
ports = [ "3011:3000" ];
|
||||
extraOptions = [ "--ip=10.88.0.21" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."matomo" = {
|
||||
image = "docker.io/matomo";
|
||||
environment = {
|
||||
MATOMO_DATABASE_HOST = "mysql";
|
||||
MATOMO_DATABASE_USERNAME = "matomo";
|
||||
MATOMO_DATABASE_PASSWORD = "matomo";
|
||||
MATOMO_DATABASE_DBNAME = "matomo";
|
||||
PHP_MEMORY_LIMIT="2048M";
|
||||
|
||||
};
|
||||
ports = [ "3003:80" ];
|
||||
volumes = [ "matomo_data:/var/www/html" ];
|
||||
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.13" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."mautic" = {
|
||||
image = "docker.io/mautic/mautic:v4-apache";
|
||||
environment = {
|
||||
MAUTIC_DB_HOST = "mysql";
|
||||
MAUTIC_DB_USER = "mautic";
|
||||
MAUTIC_DB_PASSWORD = "mautic";
|
||||
MAUTIC_DB_DBNAME = "mautic";
|
||||
PHP_MEMORY_LIMIT="2048M";
|
||||
MAUTIC_RUN_CRON_JOBS="true";
|
||||
};
|
||||
ports = [ "3008:80" ];
|
||||
volumes = [ "mautic_data:/var/www/html" ];
|
||||
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.23" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."nextcloud" = {
|
||||
image = "docker.io/nextcloud";
|
||||
environment = {
|
||||
TRUSTED_PROXIES = "10.88.0.1/16";
|
||||
OVERWRITEPROTOCOL = "https";
|
||||
OVERWRITECLIURL = "https://cloud.lanakk.com";
|
||||
OVERWRITEHOST = "cloud.lanakk.com";
|
||||
};
|
||||
ports = [ "3005:80" ];
|
||||
volumes = [ "nextcloud_data:/var/www/html" ];
|
||||
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.15" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."http-images" = {
|
||||
image = "docker.io/nginx:alpine";
|
||||
ports = [ "3012:80" ];
|
||||
volumes = [ "/opt/service-data/http-images:/usr/share/nginx/html"];
|
||||
extraOptions = [ "--ip=10.88.0.22" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."wireguard" = {
|
||||
image = "docker.io/weejewel/wg-easy";
|
||||
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1:5353"; };
|
||||
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
|
||||
volumes = [ "wireguard_data:/etc/wireguard" ];
|
||||
extraOptions = [
|
||||
"--cap-add=NET_ADMIN"
|
||||
"--cap-add=SYS_MODULE"
|
||||
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
|
||||
"--sysctl=net.ipv4.ip_forward=1"
|
||||
"--ip=10.88.0.17"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,14 @@
|
|||
{ config, outputs, ... }: {
|
||||
virtualisation.oci-containers.containers."lanakk_blog" = {
|
||||
image = "docker.io/wordpress";
|
||||
environment = {
|
||||
WORDPRESS_DB_HOST = "mysql";
|
||||
WORDPRESS_DB_USER = "wp";
|
||||
WORDPRESS_DB_PASSWORD = "wp";
|
||||
WORDPRESS_DB_NAME = "lanakk_blog";
|
||||
};
|
||||
ports = [ "3002:80" ];
|
||||
volumes = [ "lanakk_blog_data:/var/www/html" ];
|
||||
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.12" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
imports = [
|
||||
./container.nix
|
||||
./gitea.nix
|
||||
./n8n.nix
|
||||
./postgres.nix
|
||||
./searx.nix
|
||||
./syncthing.nix
|
||||
./tailscale.nix
|
||||
./traefik.nix
|
||||
./vaultwarden.nix
|
||||
];
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
settings.server.ROOT_URL = "https://code.lanakk.com";
|
||||
lfs.enable = true;
|
||||
dump = {
|
||||
enable = true;
|
||||
interval = "03:30:00";
|
||||
backupDir = "/var/backup/gitea";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
};
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
calendar = "03:00:00";
|
||||
databases = [ "" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
{ config, pkgs, ... }: {
|
||||
|
||||
services.n8n = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
host = "wf.lanakk.com";
|
||||
protocol = "https";
|
||||
editorBaseUrl="https://wf.lanakk.com";
|
||||
};
|
||||
};
|
||||
systemd.services.n8n.serviceConfig = {
|
||||
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,26 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
package = pkgs.postgresql_15;
|
||||
authentication = pkgs.lib.mkOverride 10 ''
|
||||
local all all trust
|
||||
host all all 127.0.0.1/32 trust
|
||||
host all all ::1/128 trust
|
||||
host all all 10.88.0.1/16 trust
|
||||
'';
|
||||
initialScript = pkgs.writeText "backend-initScript" ''
|
||||
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
|
||||
CREATE DATABASE baserow;
|
||||
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
|
||||
ALTER DATABASE baserow OWNER to baserow;
|
||||
'';
|
||||
};
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
startAt = "03:10:00";
|
||||
databases = [ "baserow" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,11 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.searx = {
|
||||
enable = true;
|
||||
package = pkgs.searxng;
|
||||
settings = {
|
||||
server.port = 3004;
|
||||
server.secret_key = "@SEARX_SECRET_KEY@";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
{ config, pkgs, ... }: {
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
openDefaultPorts = true;
|
||||
guiAddress = "0.0.0.0:8384";
|
||||
overrideDevices = true;
|
||||
overrideFolders = true;
|
||||
devices = {
|
||||
"LK-DATA" = {
|
||||
id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3";
|
||||
};
|
||||
};
|
||||
folders = {
|
||||
"Bildvorschauen" = {
|
||||
path = "/opt/service-data/http-images";
|
||||
devices = [ "LK-DATA" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
{ config, pkgs, ... }: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "both";
|
||||
};
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
};
|
||||
systemd.services.tailscale-autoconnect = {
|
||||
description = "Automatic connection to Tailscale";
|
||||
|
||||
# make sure tailscale is running before trying to connect to tailscale
|
||||
after = [ "network-pre.target" "tailscale.service" ];
|
||||
wants = [ "network-pre.target" "tailscale.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
# set this service as a oneshot job
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||
};
|
||||
|
||||
# have the job run this shell script
|
||||
script = with pkgs; ''
|
||||
# wait for tailscaled to settle
|
||||
sleep 2
|
||||
|
||||
# check if we are already authenticated to tailscale
|
||||
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||
if [ $status = "Running" ]; then # if so, then do nothing
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# otherwise authenticate with tailscale
|
||||
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -0,0 +1,159 @@
|
|||
{ config, ... }: {
|
||||
services.traefik = {
|
||||
enable = true;
|
||||
staticConfigOptions = {
|
||||
log = { level = "WARN"; };
|
||||
certificatesResolvers = {
|
||||
godaddy = {
|
||||
acme = {
|
||||
email = "dev@lanakk.com";
|
||||
storage = "/var/lib/traefik/acme.json";
|
||||
dnsChallenge = { provider = "godaddy"; };
|
||||
};
|
||||
};
|
||||
lets-encrypt = {
|
||||
acme = {
|
||||
email = "acc@m3tam3re.com";
|
||||
storage = "/var/lib/traefik/acme.json";
|
||||
tlsChallenge = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
api = { };
|
||||
entryPoints = {
|
||||
web = {
|
||||
address = ":80";
|
||||
http.redirections.entryPoint = {
|
||||
to = "websecure";
|
||||
scheme = "https";
|
||||
};
|
||||
};
|
||||
websecure = { address = ":443"; };
|
||||
};
|
||||
};
|
||||
dynamicConfigOptions = {
|
||||
http = {
|
||||
middlewares = {
|
||||
auth = {
|
||||
basicAuth = {
|
||||
users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ];
|
||||
};
|
||||
};
|
||||
nextcloud_redirectregex = {
|
||||
redirectRegex = {
|
||||
permanent = true;
|
||||
regex = "https://(.*)/.well-known/(?:card|cal)dav";
|
||||
replacement = "https://\${1}/remote.php/dav";
|
||||
};
|
||||
};
|
||||
nextcloud_headers = {
|
||||
headers = {
|
||||
referrerPolicy = "no-referrer";
|
||||
stsSeconds = "31536000";
|
||||
forceSTSHeader = true;
|
||||
stsPreload = true;
|
||||
stsIncludeSubdomains = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }];
|
||||
gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }];
|
||||
n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }];
|
||||
lanakk_blog.loadBalancer.servers =
|
||||
[{ url = "http://localhost:3002/"; }];
|
||||
matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }];
|
||||
searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }];
|
||||
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
|
||||
syncthing.loadBalancer.servers =
|
||||
[{ url = "http://localhost:8384/"; }];
|
||||
vaultwarden.loadBalancer.servers =
|
||||
[{ url = "http://localhost:3014/"; }];
|
||||
};
|
||||
routers = {
|
||||
api = {
|
||||
rule = "Host(`r.m3tam3re.com`)";
|
||||
tls = { certResolver = "lets-encrypt"; };
|
||||
service = "api@internal";
|
||||
middlewares = "auth";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
baserow = {
|
||||
rule = "Host(`br.m3tam3re.com`)";
|
||||
tls = { certResolver = "lets-encrypt"; };
|
||||
service = "baserow";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
gitea = {
|
||||
rule = "Host(`code.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "code.m3tam3re.com";
|
||||
};
|
||||
service = "gitea";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
n8n = {
|
||||
rule = "Host(`io.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "io.m3tam3re.com";
|
||||
};
|
||||
service = "n8n";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
matomo-m3tam3re = {
|
||||
rule = "Host(`stats.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "stats.m3tam3re.com";
|
||||
};
|
||||
service = "matomo";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
searx = {
|
||||
rule = "Host(`search.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "search.m3tam3re.com";
|
||||
};
|
||||
service = "searx";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
mautic = {
|
||||
rule = "Host(`ma.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "ma.m3tam3re.com";
|
||||
};
|
||||
service = "mautic";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
syncthing = {
|
||||
rule = "Host(`sync.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "sync.m3tam3re.com";
|
||||
};
|
||||
service = "syncthing";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
vaultwarden = {
|
||||
rule = "Host(`vw.m3tam3re.com`)";
|
||||
tls = {
|
||||
certResolver = "lets-encrypt";
|
||||
domains = "vw.m3tam3re.com";
|
||||
};
|
||||
service = "vaultwarden";
|
||||
middlewares = "auth";
|
||||
entrypoints = "websecure";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.traefik.serviceConfig = {
|
||||
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
{ config, pkgs, ... }: {
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
backupDir = "/var/backup/vaultwarden";
|
||||
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
|
||||
};
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
{ ordercollect = import ./ordercollect.nix; }
|
|
@ -0,0 +1,31 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let cfg = config.services.ordercollect;
|
||||
|
||||
in {
|
||||
options.services.ordercollect = {
|
||||
enable = mkEnableOption "Enable Ordercollect";
|
||||
port = mkOption {
|
||||
type = types.str;
|
||||
description = "The http port to run on";
|
||||
default = "";
|
||||
};
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.ordercollect;
|
||||
description = ''
|
||||
The package for ordercollect
|
||||
'';
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.ordercollect = {
|
||||
ExecStart = "${cfg.package}/bin/ordercollect --port ${cfg.port}";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{ stdenv, lib, fetchFromGitHub, bash, pkgs, makeWrapper }:
|
||||
|
||||
with lib;
|
||||
with pkgs;
|
||||
|
||||
stdenv.mkDerivation {
|
||||
pname = "wofi-pass";
|
||||
version = "0.1";
|
||||
src = fetchFromGitHub {
|
||||
owner = "TinfoilSubmarine";
|
||||
repo = "wofi-pass";
|
||||
rev = "869c545";
|
||||
sha256 = "gcfW8E/3/dqv0P3S4z9fDv8k4R7czcIKwpo/OHFFWj0=";
|
||||
};
|
||||
buildInputs = [ bash coreutils wl-clipboard wofi wtype ];
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin
|
||||
cp wofi-pass $out/bin/wofi-pass
|
||||
wrapProgram $out/bin/wofi-pass \
|
||||
--prefix PATH : ${makeBinPath [ bash coreutils wl-clipboard wofi wtype ]}
|
||||
'';
|
||||
}
|
|
@ -2,5 +2,6 @@
|
|||
|
||||
wofi-pass = pkgs.callPackage ./wofi-pass { };
|
||||
bemoji = pkgs.callPackage ./bemoji { };
|
||||
ordercollect = pkgs.callPackage ./ordercollect { };
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
{ buildGoModule, fetchFromGitea, lib }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "ordercollect";
|
||||
version = "0.1.0";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "code.lanakk.com";
|
||||
owner = "LANAKK";
|
||||
repo = "ordercollect";
|
||||
rev = "9ecbfa46f6758214aa2fcee7ad96aa7730301a06";
|
||||
hash = "sha256-n4njl7LwG6GuoTj7x3rWOjErZ/a1Fog0qAymYxvsR2w=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-G6k331XRuVN/cM4sNcdUV9/BzdISQI7Ljc4tesJnmH0=";
|
||||
|
||||
meta = with lib; {
|
||||
description = "A simple Api for creating orders, written in Go";
|
||||
homepage = "https://code.lanakk.com/LANAKK/ordercollect";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ m3tam3re ];
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue