opdavies/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Homelab updates

Browse source 
- Change domain to opdavies.uk as this works with HTTPS/SSL.
- Switch Nginx to Caddy.
This commit is contained in:
Oliver Davies 2025-01-01 14:45:03 +00:00
parent f43069adac
commit 07fde36fb0
17 changed files with 98 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nix/hosts/hetznix/modules/acme.nix
View file

@ -3,13 +3,16 @@
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "oliver@oliverdavies.uk";
defaults.environmentFile = config.age.secrets.cloudflare.path; defaults = {
dnsProvider = "cloudflare";
email = "oliver@oliverdavies.uk";
environmentFile = config.age.secrets.cloudflare.path;
webroot = null;
};
certs."oliverdavies.uk" = { certs."oliverdavies.uk" = {
domain = "oliverdavies.uk"; domain = "oliverdavies.uk";
dnsProvider = "cloudflare";
webroot = null;
extraDomainNames = [ extraDomainNames = [
# TODO Refactor to use a wildcard certificate. # TODO Refactor to use a wildcard certificate.

6
nix/hosts/nixedo/configuration.nix
View file

@ -2,11 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ inputs, pkgs, ... }: { inputs, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./modules/acme.nix
]; ];
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
@ -30,4 +32,6 @@
80 80
443 443
]; ];
services.caddy.enable = true;
} }

2
nix/hosts/nixedo/default.nix
View file

@ -23,7 +23,5 @@
./configuration.nix ./configuration.nix
./secrets.nix ./secrets.nix
./extra.nix ./extra.nix
./modules/nginx.nix
]; ];
} }

19
nix/hosts/nixedo/modules/acme.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
certs = {
"opdavies.uk" = {
domain = "opdavies.uk";
dnsProvider = "cloudflare";
email = "oliver@oliverdavies.uk";
environmentFile = config.age.secrets.cloudflare-opdavies-uk.path;
webroot = null;
extraDomainNames = [ "*.opdavies.uk" ];
};
};
};
}

11
nix/hosts/nixedo/modules/nginx.nix
View file

@ -1,11 +0,0 @@
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"syncthing.localhost".locations."/".proxyPass = "http://localhost:8384/";
};
};
}

1
nix/hosts/nixedo/secrets.nix
View file

@ -1,5 +1,6 @@
{ {
age.secrets = { age.secrets = {
cloudflare-opdavies-uk.file = ../../secrets/cloudflare-opdavies-uk.age;
tubearchivist.file = ../../secrets/tubearchivist.age; tubearchivist.file = ../../secrets/tubearchivist.age;
}; };
} }

14
nix/modules/nixos/features/homelab/audiobookshelf.nix
View file

@ -9,21 +9,17 @@ in
options.features.homelab.audiobookshelf.enable = mkEnableOption "Enable audiobookshelf"; options.features.homelab.audiobookshelf.enable = mkEnableOption "Enable audiobookshelf";
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.audiobookshelf = { services = {
audiobookshelf = {
enable = true; enable = true;
host = "audiobookshelf.oliverdavies.uk";
port = 4001; port = 4001;
}; };
services.nginx = { caddy.virtualHosts."audiobookshelf.opdavies.uk" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."audiobookshelf.oliverdavies.uk" = { extraConfig = "reverse_proxy localhost:${toString config.services.audiobookshelf.port}";
locations."/" = {
proxyPass = "http://localhost:${toString config.services.audiobookshelf.port}/";
proxyWebsockets = true;
};
}; };
}; };
}; };

13
nix/modules/nixos/features/homelab/forgejo.nix
View file

@ -2,9 +2,6 @@
with lib; with lib;
let
port = 2223;
in
{ {
options.features.homelab.forgejo.enable = mkEnableOption "Enable forgejo"; options.features.homelab.forgejo.enable = mkEnableOption "Enable forgejo";
@ -17,7 +14,8 @@ in
settings = { settings = {
server = { server = {
HTTP_PORT = port; DOMAIN = "forgejo.opdavies.uk";
HTTP_PORT = 2223;
}; };
service = { service = {
@ -26,11 +24,10 @@ in
}; };
}; };
nginx = { caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."forgejo.oliverdavies.uk".locations."/".proxyPass = extraConfig = "reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
"http://localhost:${toString port}/";
}; };
}; };
}; };

7
nix/modules/nixos/features/homelab/freshrss.nix
View file

@ -95,11 +95,10 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
services.nginx = { services.caddy.virtualHosts."freshrss.opdavies.uk" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."freshrss.oliverdavies.uk".locations."/".proxyPass = extraConfig = "reverse_proxy localhost:${toString port}";
"http://localhost:${toString port}/";
}; };
}; };
} }

6
nix/modules/nixos/features/homelab/gitea.nix
View file

@ -26,10 +26,10 @@ in
}; };
}; };
nginx = { caddy.virtualHosts."gitea.opdavies.uk" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."gitea.oliverdavies.uk".locations."/".proxyPass = "http://localhost:${toString port}/"; extraConfig = "reverse_proxy localhost:${toString port}";
}; };
}; };
}; };

7
nix/modules/nixos/features/homelab/immich.nix
View file

@ -19,11 +19,10 @@ with lib;
environment.systemPackages = [ pkgs.immich-cli ]; environment.systemPackages = [ pkgs.immich-cli ];
services.nginx = { services.caddy.virtualHosts."immich.opdavies.uk" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."immich.oliverdavies.uk".locations."/".proxyPass = extraConfig = "reverse_proxy localhost:${toString config.services.immich.port}";
"http://localhost:${toString config.services.immich.port}/";
}; };
}; };
} }

6
nix/modules/nixos/features/homelab/jellyfin.nix
View file

@ -13,10 +13,10 @@ with lib;
configDir = "/mnt/media/jellyfin"; configDir = "/mnt/media/jellyfin";
}; };
services.nginx = { services.caddy.virtualHosts."jellyfin.opdavies.uk" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."jellyfin.oliverdavies.uk".locations."/".proxyPass = "http://localhost:8096/"; extraConfig = "reverse_proxy localhost:8096";
}; };
}; };
} }

14
nix/modules/nixos/features/homelab/paperless.nix
View file

@ -6,8 +6,20 @@ with lib;
options.features.homelab.paperless.enable = mkEnableOption "Enable paperless"; options.features.homelab.paperless.enable = mkEnableOption "Enable paperless";
config = mkIf config.features.homelab.paperless.enable { config = mkIf config.features.homelab.paperless.enable {
services.paperless = { services = {
paperless = {
enable = true; enable = true;
settings = {
PAPERLESS_URL = "https://paperless.opdavies.uk";
};
};
caddy.virtualHosts."paperless.opdavies.uk" = {
useACMEHost = "opdavies.uk";
extraConfig = "reverse_proxy localhost:28981";
};
}; };
}; };
} }

4
nix/modules/nixos/features/homelab/pi-hole.nix
View file

@ -95,9 +95,5 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
}; };
services.nginx.virtualHosts."pihole.localhost" = {
locations."/".proxyPass = "http://localhost:${toString port}/";
};
}; };
} }

9
nix/modules/nixos/features/homelab/tubearchivist-container.nix
View file

@ -10,7 +10,7 @@ with lib;
let let
cfg = config.features.homelab.tubearchivist-container; cfg = config.features.homelab.tubearchivist-container;
port = 8000; port = 8085;
in in
{ {
options.features.homelab.tubearchivist-container = { options.features.homelab.tubearchivist-container = {
@ -286,11 +286,10 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
services.nginx = { services.caddy.virtualHosts."tubearchivist.opdavies.uk" = {
enable = true; useACMEHost = "opdavies.uk";
virtualHosts."tubearchivist.oliverdavies.uk".locations."/".proxyPass = extraConfig = "reverse_proxy localhost:${toString port}";
"http://localhost:${toString port}/";
}; };
}; };
} }

18
nix/secrets/cloudflare-opdavies-uk.age Normal file
View file

@ -0,0 +1,18 @@
age-encryption.org/v1
-> ssh-ed25519 IsVD3g kacSrvgn/CGIwU05AkK6UGhxVm5oO/FRK2jgH1qHVg0
JXzp1+Al5O8sBw3a4td7RA3HVP6C9tIdvvgZFZ9Se5w
-> ssh-rsa +vTWQw
ndPfUjqCzN5uqcrRvb/OGKmBouyM6qwf5ZmnfMg49NXcxt7bwCK0v7iPtOOOgDI2
34Oi1EGgjkJ/YY+nxKuHZtRlq+wySbqeLVXUmb52reW4sj4PHEZOsFIO8Dnxmx9P
9AtISLIrdJd3V39v4+pXOo9tBvBcTAs7JKqDGFcfp7gcVH0vLga0l3jLUspZiNB9
DXW6Gbttg8Z6El9J1fAqVXcDE3q7pPZE//zu/cIRyt4/kbK76bx7yEaKAy2GycZS
SCjjxsRtkBHOKQEQnFdKfWD/AG1USNmoiv4zHx1G9pIVJJA47yNWLwsx8Q7VrfNS
CXpxQt+ElOH5pRTpXMAx1/rHs/NpXMMUm0EVvWKTNbrbHvepTUvEYABo+DKicRVI
3H6RYWedXZ9ggpfID66CbF4HFtVJTXwHhvdzGfdna8J1Dy7nJyevT/fCz8tqlVIa
EFEFqUardSWj0zFL3PQgk2qmrC9W1+isp83Rioi/n/ow8O0Q+XlzO3rQjNYWtEgp
jufzw+3YI9HuNLPXB0xBfSgwP8Ao6iYskE+8IL+xu4ITCec/ItpoYk1Yeb38G2HQ
6JlIseQIgpOzw8DlMMWtWjO4U+9JAZh5XOlEgwFPFL25m//24UM7RB3/Yd1/it8i
cNaHR1L2/P8k5FnbR2jhxcTb2tEzlFo422brC0r/Ilc
--- MqcbFcs1myK1Dn1h/PQKZ59BdgYXIifkp0DkvoNQaL4
€ÒWٱ෹Üy
šj`šÊ$ÜEŠ¬n¥ï‡_<‡íý¤²í%s`#¦d,x¿MGëdf:õÄ*`z‰öRX–¯>ýÄKJâ¶0ž€ÙBÄØDÂj<Å£¤´§=%

6
nix/secrets/secrets.nix
View file

@ -13,11 +13,15 @@ in
{ {
"cloudflare.age".publicKeys = [ "cloudflare.age".publicKeys = [
hosts.hetznix hosts.hetznix
hosts.nixedo
hosts.t490 hosts.t490
users.opdavies users.opdavies
]; ];
"cloudflare-opdavies-uk.age".publicKeys = [
hosts.nixedo
users.opdavies
];
"tubearchivist.age".publicKeys = [ "tubearchivist.age".publicKeys = [
hosts.lemp11 hosts.lemp11
hosts.nixedo hosts.nixedo