nolan/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updates.

Browse source
This commit is contained in:
Nolan Darilek 2025-02-14 13:01:44 -06:00
parent 838941b56b
commit a5f06924da
11 changed files with 123 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/hub/apps/actual.nix
View file

@ -10,6 +10,9 @@
ports = [
"5006:5006"
];
environment = {
ACTUAL_LOGIN_METHOD = "header";
};
volumes = [ "/var/lib/actual:/data" ];
};

9
hosts/hub/apps/audiobookshelf.nix
View file

@ -8,5 +8,12 @@
reverse_proxy localhost:8000
'';
};
environment.systemPackages = with pkgs; [ audible-cli ];
environment.systemPackages = with pkgs; [
audible-cli
ffmpeg
lame
jq
mp4v2
mediainfo
];
}

73
hosts/hub/apps/dev.nix
View file

@ -1,42 +1,81 @@
{ pkgs, config, ... }:
let
name = "dev";
domain = "dev.thewordnerd.info";
appName = "Nolan's Projects";
in
{
age.secrets."${name}_runner_linux".file = ../../../secrets/${name}_runner_linux.age;
services = {
postgresql = {
ensureDatabases = [ "dev" ];
ensureDatabases = [ name ];
ensureUsers = [
{
name = "dev";
name = name;
ensureDBOwnership = true;
}
];
};
authelia.instances.main.settings.access_control.rules = [
{
domain = "dev.thewordnerd.info";
domain = domain;
policy = "bypass";
}
];
caddy.virtualHosts.${domain}.extraConfig = ''
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy ${name}:3000
'';
gitea-actions-runner = {
package = pkgs.unstable.forgejo-runner;
instances."${name}-linux" = {
name = "Linux";
enable = true;
url = "https://${domain}";
labels = [
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
"native:host"
];
tokenFile = config.age.secrets."${name}_runner_linux".path;
};
};
};
containers.dev = {
environment.systemPackages = with pkgs; [ unstable.forgejo-runner ];
networking.firewall.trustedInterfaces = [ "br-+" ];
containers."${name}" = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.0.1";
localAddress = "192.168.0.2";
config =
let
hostPkgs = pkgs;
in
{
config,
pkgs,
lib,
...
}:
{
services.gitea = {
services.forgejo = {
enable = true;
appName = "Nolan's projects";
package = hostPkgs.unstable.forgejo;
settings = {
DEFAULT = {
APP_NAME = appName;
};
server = {
ROOT_URL = "https://dev.thewordnerd.info";
DOMAIN = "dev.thewordnerd.info";
ROOT_URL = "https://${domain}";
DOMAIN = domain;
DISABLE_SSH = true;
LANDING_PAGE = "explore";
};
@ -55,8 +94,8 @@
lfs.enable = true;
database = {
type = "postgres";
name = "dev";
user = "dev";
name = name;
user = name;
socket = "/run/postgresql";
createDatabase = false;
};
@ -67,7 +106,7 @@
};
services.resolved.enable = true;
environment.sessionVariables = {
PATH = [ "${pkgs.gitea}/bin" ];
PATH = [ "${pkgs.forgejo}/bin" ];
GITEA_WORK_DIR = "/var/lib/gitea";
};
};
@ -77,12 +116,4 @@
};
};
};
services.caddy.virtualHosts."dev.thewordnerd.info".extraConfig = ''
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy dev:3000
'';
}

35
hosts/hub/apps/nextcloud.nix
View file

@ -32,12 +32,18 @@
configureRedis = true;
maxUploadSize = "16G";
# autoUpdateApps.enable = true;
notify_push.enable = true;
notify_push = {
enable = true;
bendDomainToLocalhost = true;
};
webfinger = true;
settings = {
overwriteprotocol = "https";
trusted_proxies = [ "192.168.0.1" ];
trusted_proxies = [
"192.168.0.1"
];
default_phone_region = "US";
# loglevel = 0;
};
config = {
dbtype = "pgsql";
@ -46,10 +52,6 @@
};
phpOptions."opcache.interned_strings_buffer" = "23";
};
onlyoffice = {
enable = true;
hostname = "onlyoffice.thewordnerd.info";
};
resolved.enable = true;
};
programs.nix-ld.enable = true;
@ -57,12 +59,19 @@
firewall.allowedTCPPorts = [ 80 ];
useHostResolvConf = lib.mkForce false;
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
virtualisation.docker.enable = true;
users.users.nextcloud.extraGroups = [ "docker" ];
environment.systemPackages = [
(pkgs.writeScriptBin "occ" ''
#!${pkgs.bash}/bin/bash
exec nextcloud-occ "$@"
'')
];
};
# https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12
additionalCapabilities = [
''all" --system-call-filter="add_key keyctl bpf" --capability="all''
];
bindMounts = {
"/run/postgresql" = {
hostPath = "/run/postgresql";
@ -74,4 +83,8 @@
reverse_proxy nextcloud
header Strict-Transport-Security max-age=31536000;
'';
services.caddy.virtualHosts."collabora.thewordnerd.info".extraConfig = ''
reverse_proxy nextcloud:9980
'';
}

11
hosts/hub/apps/ollama.nix
View file

@ -1,7 +1,6 @@
{
services.ollama.enable = true;
services.caddy.virtualHosts."https://ollama.tailc50184.ts.net".extraConfig = ''
bind tailscale/ollama
reverse_proxy http://localhost:11434
'';
}
services.ollama = {
enable = true;
host = "0.0.0.0";
};
}

16
hosts/hub/default.nix
View file

@ -26,6 +26,7 @@
./apps/actual.nix
./apps/adguard.nix
./apps/audiobookshelf.nix
./apps/ollama.nix
];
boot.loader.grub = {
@ -116,6 +117,15 @@
443
];
services.caddy.virtualHosts."thewordnerd.info".extraConfig =
''redir https://www.thewordnerd.info{uri}'';
services.caddy.virtualHosts."www.thewordnerd.info".extraConfig = ''
file_server
root * /var/www/thewordnerd.info
header /.well-known/matrix/* content-type application/json
'';
services.caddy.virtualHosts."users.thewordnerd.info".extraConfig =
''reverse_proxy localhost:17170'';
@ -139,12 +149,6 @@
}
'';
services.caddy.virtualHosts."www.thewordnerd.info".extraConfig = ''
file_server
root * /var/www/thewordnerd.info
header /.well-known/matrix/* content-type application/json
'';
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#