alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-22 02:13:55 -05:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

raffauflabs: enable vaultwarden and homepage
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
Details
nix-build / default-build (push) Waiting to run
Details
nix-build / fallarbor-build (push) Waiting to run
Details
nix-build / lavaridge-build (push) Waiting to run
Details
nix-build / mauville-build (push) Waiting to run
Details
nix-build / petalburg-build (push) Waiting to run
Details
nix-build / rustboro-build (push) Waiting to run
Details
nix-build / slateport-build (push) Waiting to run
Details
nix-check / fmt-check (push) Waiting to run
Details
nix-check / eval-check (push) Waiting to run
Details

Browse source
This commit is contained in:
Aly Raffauf 2024-08-27 14:51:16 -04:00
parent b02c450f9d
commit 4ae9d2ce10
2 changed files with 209 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
hosts/mauville/raffauflabs.nix
View file

@ -29,7 +29,7 @@
}; };
in { in {
networking = { networking = {
firewall.allowedTCPPorts = [80 443 2379 2380 3000 6443]; firewall.allowedTCPPorts = [80 443 2379 2380 3000 6443 61208];
firewall.allowedUDPPorts = [8472]; firewall.allowedUDPPorts = [8472];
}; };
@ -91,12 +91,12 @@ in {
}; };
}; };
k3s = { # k3s = {
enable = true; # enable = true;
role = "server"; # role = "server";
tokenFile = config.age.secrets.k3s.path; # tokenFile = config.age.secrets.k3s.path;
serverAddr = "https://192.168.0.104:6443"; # serverAddr = "https://192.168.0.104:6443";
}; # };
navidrome = { navidrome = {
enable = true; enable = true;
@ -123,7 +123,15 @@ in {
}; };
}; };
systemd.services.navidrome.serviceConfig = let systemd.services = {
glances = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
path = [pkgs.glances];
script = "glances --webserver --bind 0.0.0.0 --port 61208";
};
navidrome.serviceConfig = let
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} { navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
Address = "0.0.0.0"; Address = "0.0.0.0";
DefaultTheme = "Auto"; DefaultTheme = "Auto";
@ -163,4 +171,5 @@ in {
--datafolder /var/lib/navidrome/ --datafolder /var/lib/navidrome/
''; '';
}; };
};
} }

171
hosts/slateport/raffauflabs.nix
View file

@ -20,6 +20,7 @@ in {
"bt.${domain}" "bt.${domain}"
"git.${domain}" "git.${domain}"
"music.${domain}" "music.${domain}"
"passwords.${domain}"
"plex.${domain}" "plex.${domain}"
"podcasts.${domain}" "podcasts.${domain}"
domain domain
@ -39,12 +40,133 @@ in {
bantime = "1h"; bantime = "1h";
}; };
k3s = { homepage-dashboard = {
enable = true; enable = true;
clusterInit = true; openFirewall = true;
role = "server";
tokenFile = config.age.secrets.k3s.path; bookmarks = [
# {
# Websites = [
# {
# "Aly Raffauf" = [
# {
# abbr = "AR";
# description = "Personal website and portfolio.";
# href = "https://aly.raffauflabs.com/";
# }
# ];
# }
# ];
# }
];
services = [
{
Websites = [
{
"Aly Raffauf" = {
abbr = "AR";
description = "Personal website and portfolio.";
href = "https://aly.raffauflabs.com/";
}; };
}
{
"Specular Anomalies" = {
abbr = "SA";
description = "Academic & tech blog.";
href = "https://distort.jp/";
};
}
];
}
{
Media = [
{
"Audiobookshelf" = {
description = "Audiobooks & podcasts.";
href = "https://podcasts.raffauflabs.com";
icon = "audiobookshelf";
};
}
{
"Plex" = {
description = "TV Shows, movies & music.";
href = "https://plex.raffauflabs.com";
icon = "plex";
};
}
{
"Navidrome" = {
description = "Subsonic-compatible music streaming.";
href = "https://music.raffauflabs.com";
icon = "navidrome";
};
}
];
}
{
Tools = [
{
"Forĝejo" = {
description = "Git forge for open source projects.";
href = "https://git.raffauflabs.com";
icon = "forgejo";
};
}
{
"Transmission (Tailnet only)" = {
description = "Torrent client with web UI.";
href = "http://mauville:9091";
icon = "transmission";
};
}
{
"Vaultwarden" = {
description = "Secure password manager.";
href = "https://passwords.raffauflabs.com";
icon = "vaultwarden";
};
}
];
}
];
settings = {
color = "sky";
target = "_self";
title = "RaffaufLabs.com";
};
widgets = [
{
glances = {
url = "http:/mauville:61208/";
cpu = true;
mem = true;
disk = "/mnt/Media";
};
}
{
search = {
provider = "brave";
showSearchSuggestions = true;
};
}
{
datetime = {
text_size = "xl";
format.timeStyle = "short";
};
}
];
};
# k3s = {
# enable = true;
# clusterInit = true;
# role = "server";
# tokenFile = config.age.secrets.k3s.path;
# };
nginx = { nginx = {
enable = true; enable = true;
@ -53,19 +175,18 @@ in {
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
# "bt.${domain}" = { "${domain}" = {
# enableACME = true; enableACME = true;
# forceSSL = true; forceSSL = true;
# locations."/" = { locations."/" = {
# proxyPass = "http://${ip}:${toString 9091}"; proxyPass = "http://localhost:${toString config.services.homepage-dashboard.listenPort}";
# proxyWebsockets = true;
# extraConfig = '' extraConfig = ''
# proxy_buffering off; client_max_body_size 512M;
# ''; '';
# }; };
# }; };
"git.${domain}" = { "git.${domain}" = {
enableACME = true; enableACME = true;
@ -94,6 +215,14 @@ in {
}; };
}; };
"passwords.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
"plex.${domain}" = { "plex.${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
@ -129,5 +258,17 @@ in {
}; };
}; };
}; };
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://passowrds.raffauflabs.com";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_LOG = "critical";
ROCKET_PORT = 8222;
SIGNUPS_ALLOWED = false;
};
};
}; };
} }