diff --git a/flake.lock b/flake.lock index 949ef74..467a6b2 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -45,7 +45,7 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-Q1NbA/o8Q+JSR6wfK7cd9ylc3QWuURATo7c2Q1JCbX4=", + "narHash": "sha256-SIKBfviJFGqzP5JJVCW7JRhSqxYKYChMFefASSt9YNU=", "path": "pkgs/caddy", "type": "path" }, @@ -56,11 +56,11 @@ }, "caddy_2": { "locked": { - "lastModified": 1732948222, - "narHash": "sha256-kUWyjeqkU+RHTHVXT61QF19eW2vnWgah5OcPrUlU8oU=", + "lastModified": 1735284852, + "narHash": "sha256-mQu3IwEO294DuB7XAXOvOLriElDgRTf6rTLoDh3tMFQ=", "owner": "vincentbernat", "repo": "caddy-nix", - "rev": "9d13eb684b4ba1b2eb92e76f7ea1f517eccc4fe1", + "rev": "b421380ded7c000f432092df0f1a7afd9e187173", "type": "github" }, "original": { @@ -153,11 +153,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -169,11 +169,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734954597, - "narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", + "lastModified": 1737751639, + "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "def1d472c832d77885f174089b0d34854b007198", + "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1737885589, + "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", "type": "github" }, "original": { @@ -233,8 +233,8 @@ "nixpkgs_2": { "locked": { "lastModified": 0, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", - "path": "/nix/store/4hpdrd3qvj7nks3rrimqm2jdmcga8isc-source", + "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", + "path": "/nix/store/50yickar04m51aqnc43gxf45g2i0n3k9-source", "type": "path" }, "original": { @@ -244,11 +244,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1738023785, + "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89", "type": "github" }, "original": { diff --git a/hosts/garden/default.nix b/hosts/garden/default.nix index 144a69c..f22a9fb 100644 --- a/hosts/garden/default.nix +++ b/hosts/garden/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { imports = [ @@ -48,5 +48,10 @@ group = config.services.lidarr.group; }; + environment.systemPackages = with pkgs; [ + flac + shntool + ]; + system.stateVersion = "23.11"; } diff --git a/hosts/hub/apps/actual.nix b/hosts/hub/apps/actual.nix new file mode 100644 index 0000000..115d411 --- /dev/null +++ b/hosts/hub/apps/actual.nix @@ -0,0 +1,20 @@ +{ config, ... }: + +{ + systemd.tmpfiles.rules = [ + "d /var/lib/actual 0755 root root" + ]; + + virtualisation.oci-containers.containers.actual = { + image = "actualbudget/actual-server:latest"; + ports = [ + "5006:5006" + ]; + volumes = [ "/var/lib/actual:/data" ]; + }; + + services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = '' + bind tailscale/budget + reverse_proxy http://localhost:5006 + ''; +} diff --git a/hosts/hub/apps/adguard.nix b/hosts/hub/apps/adguard.nix new file mode 100644 index 0000000..fa0d758 --- /dev/null +++ b/hosts/hub/apps/adguard.nix @@ -0,0 +1,28 @@ +{ + containers.adguardhome = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.0.1"; + localAddress = "192.168.0.4"; + config = + { lib, ... }: + { + services = { + adguardhome = { + enable = true; + port = 80; + settings = { + filtering = { + protection_enabled = true; + filtering_enabled = true; + }; + }; + }; + tailscale = { + enable = true; + interfaceName = "userspace-networking"; + }; + }; + }; + }; +} diff --git a/hosts/hub/apps/audiobookshelf.nix b/hosts/hub/apps/audiobookshelf.nix new file mode 100644 index 0000000..8ed3581 --- /dev/null +++ b/hosts/hub/apps/audiobookshelf.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + services = { + audiobookshelf.enable = true; + caddy.virtualHosts."https://audiobookshelf.tailc50184.ts.net".extraConfig = '' + bind tailscale/audiobookshelf + reverse_proxy localhost:8000 + ''; + }; + environment.systemPackages = with pkgs; [ audible-cli ]; +} diff --git a/hosts/hub/apps/ollama.nix b/hosts/hub/apps/ollama.nix new file mode 100644 index 0000000..e4fc202 --- /dev/null +++ b/hosts/hub/apps/ollama.nix @@ -0,0 +1,7 @@ +{ + services.ollama.enable = true; + services.caddy.virtualHosts."https://ollama.tailc50184.ts.net".extraConfig = '' + bind tailscale/ollama + reverse_proxy http://localhost:11434 + ''; +} \ No newline at end of file diff --git a/hosts/hub/apps/searxng.nix b/hosts/hub/apps/searxng.nix new file mode 100644 index 0000000..df20ddb --- /dev/null +++ b/hosts/hub/apps/searxng.nix @@ -0,0 +1,14 @@ +{ + services.searx = { + enable = true; + settings.server = { + port = 8080; + secret_key = "secret_key"; + }; + }; + + services.caddy.virtualHosts."https://searxng.tailc50184.ts.net".extraConfig = '' + bind tailscale/searxng + reverse_proxy http://localhost:8080 + ''; +} diff --git a/hosts/hub/default.nix b/hosts/hub/default.nix index 59f0a96..e7855eb 100644 --- a/hosts/hub/default.nix +++ b/hosts/hub/default.nix @@ -22,6 +22,10 @@ ../../roles/syncthing.nix ./apps/dev.nix ./apps/nextcloud.nix + ./apps/searxng.nix + ./apps/actual.nix + ./apps/adguard.nix + ./apps/audiobookshelf.nix ]; boot.loader.grub = { @@ -90,13 +94,11 @@ }; certificateScheme = "acme"; enableManageSieve = true; + indexDir = "/var/lib/dovecot/indices"; fullTextSearch = { enable = true; - # index new email as they arrive - autoIndex = true; # this only applies to plain text attachments, binary attachments are never indexed indexAttachments = true; - enforced = "body"; }; }; diff --git a/pkgs/caddy/flake.lock b/pkgs/caddy/flake.lock new file mode 100644 index 0000000..c377a1e --- /dev/null +++ b/pkgs/caddy/flake.lock @@ -0,0 +1,73 @@ +{ + "nodes": { + "caddy": { + "locked": { + "lastModified": 1735284852, + "narHash": "sha256-mQu3IwEO294DuB7XAXOvOLriElDgRTf6rTLoDh3tMFQ=", + "owner": "vincentbernat", + "repo": "caddy-nix", + "rev": "b421380ded7c000f432092df0f1a7afd9e187173", + "type": "github" + }, + "original": { + "owner": "vincentbernat", + "repo": "caddy-nix", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 0, + "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", + "path": "/nix/store/50yickar04m51aqnc43gxf45g2i0n3k9-source", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "caddy": "caddy", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/secrets/authelia_session.age b/secrets/authelia_session.age index a7f7db0..a3525c4 100644 --- a/secrets/authelia_session.age +++ b/secrets/authelia_session.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw YuRoNT0MBRWhTnjsFZUaft45PhSRkghxREoLSLnH3Ac -iFZLc/n7K4ZLs5O6m13H64On27735eJBV1UYtVjiq0c ---- alcDYeP+DzOX1IkyZ18cjsfIKirUPmHsqKXyL5LGHiQ -1Ye\-/&p:5tWG嶈C;hĿKJrf-]|?P|: \ No newline at end of file +-> ssh-ed25519 5X7MKw xrpuavAym+fGSiRin+j/3L0nkx1HbQ8KlXeDIeVgJV4 +Kp/4ez62E9tXEwKWywTFpAB5sIyWj8d46g/2P26nMoo +--- Jnp4aP2bYua2WgPK5yXjdmIVsTBtV0SsgijC6OeVB94 +#wŧ*MCݿl +8Wd΄٬k)MM^_%0K |w \ No newline at end of file diff --git a/secrets/authelia_storage.age b/secrets/authelia_storage.age index 4782c97..c1c3846 100644 Binary files a/secrets/authelia_storage.age and b/secrets/authelia_storage.age differ diff --git a/secrets/cloudflare_api.age b/secrets/cloudflare_api.age index dfdff5d..6c467ed 100644 --- a/secrets/cloudflare_api.age +++ b/secrets/cloudflare_api.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw ym72T52g1+mR47oSMb2e0wnBz6L15p+AFcn91r1Ge1w -f13gDhaIrpUS/HYpRFZkIq5YLf4IDckXHkcNg3FOfIM ---- GKtoiEoq2vhv/dh6/zRXSsbETxloRfcC9PLFn0Y+B7o -1v%[KV5fIS邍DpԸ>/+nRcKټVQ2w ݵ&v3ʃ{.74 -HS\k-RFvHjih  \ No newline at end of file +-> ssh-ed25519 5X7MKw OkAHr+YJ9t0JBsWcw0EYVGye17zGJoYzAMSiqyggwyU +U9tiuehf/rG9yQjZsBqXkY42CHE98mTBOw/7SkQhOwk +--- +focODoDCNdQbm8SS0q0USCQ5LUZx+NnKvc0tK5GR5g +w~\O^l/Eplζb 3x:)(VDAV0l3īRM߄BH҉ ʒ!Yâ&wJ|˔5vr:\ \ No newline at end of file diff --git a/secrets/jwt.age b/secrets/jwt.age index 17fe60b..2e3622f 100644 --- a/secrets/jwt.age +++ b/secrets/jwt.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw LxFmTWxgYrEE1RsQsdygOOKz9BQLAJevlowuf4+mFXc -1ZeeOA3Ihyeg4huXqzNf6WaOpA/EbU1G36Rwo6ANMvo ---- hUkp8RDLowKXNhY3WJe2O4SjrXyt6fGHs1gk95T3RNs -<uHsN5c㿳 ssh-ed25519 5X7MKw q8mFirtavSJK5ovKFl3l0/Hs/ooHwVy2UmuMwVENrDc +PwdMCbPZkr5jF0No+D2p51Y41Df5THYD3u2+lD5lLYE +--- 11Ll3UGRQQmtLz82aU1WegRlfSowlxakbzcTq/lL4/w +4jċ9UH? |dO(թUPq/]R_Z];H؂[441Z \ No newline at end of file diff --git a/secrets/ldap.age b/secrets/ldap.age index 19c2f7e..dc576a1 100644 --- a/secrets/ldap.age +++ b/secrets/ldap.age @@ -1,5 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 5X7MKw wZTFdwnfdu6FNEtTN9k4pNvMxWjANQOeGMcfhEFVuEQ -J3ACr5ChFqZAmnoTvfgkN+/3lxLzcU0i08CRWtpQqqc ---- 8Iex/gX3YgiuC4hQDfaf2C8EyQawOn7ccghWg9wr/OY -˥JH 6HwKiVeOt']iK/YCIyٮ}vtSʆsŰJ \ No newline at end of file +-> ssh-ed25519 5X7MKw YFex6K7JkRIA0nRPYtd9kySRTulpG/ks6abtaBZJICk +sZ/EMZTWNvj6Q1Fx9XoBy/whnAB4syYXXTW8iMGXbok +--- 49i8zwxAXuJQ4aca4VsLpxij7yjttJoTYZd0po3pDvo +%ǹ3} +KL83ݚon,d!1|f +K>;=`e> $zc \ No newline at end of file diff --git a/secrets/nolan.age b/secrets/nolan.age index 3c9d623..0416bc9 100644 --- a/secrets/nolan.age +++ b/secrets/nolan.age @@ -1,5 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 WXu6hQ xPIs0RMmg8qzbe5u0fkmd52vwUWtPFbp8OT+PWKfBmk -AlgW3FNZMZZKQP2WBxBtkz/fkn7D36jH6RQqQqPTFLQ ---- Fbjl6JMOoyxErJQ2vxx/JiZyjMK7aoWFqIH3WMZxbrk ->2[\R!VlC/v5iFbNɇo}t\|0F;2{qp2Ћ*B.JAC7? [ y%xڠ \ No newline at end of file +-> ssh-rsa exbmLg +owZ2BSARW2S2gsT4JCuCYPqPy0rHTU5WlKbGdiFF1HzYHFmzjYlpvdVXNnoIbAz3 +mg7y2HaOpa/DaVHkoj6yYL0AOEXka4SdYAIBqnXIAZefGTbGHuzUl518zlgq41tx +ODwgChYaSR6EOFO7zCjyfdeYMfjU65zKNttgDngS8BfeiMKAc2ok6H/4/w/gIs57 +FYDk1kXigJg+55omrTpex2aDg/D9kc6njbHcHijB7gFYtnN5Yc73JfY6QeoAf9Re +U8/gnA4CTRDMkuYjXPKZKEvU6VDoiKsdQuuHAwlXHjO9JE2JHz3IXd4ODwP/A47f +yDusR5yWk1ZvYjPZNjS8pQ +-> ssh-ed25519 revz+g zQStUkTc1AhVSg+u87WdvWaG5YcZUop7q6Ld6rCXKhM +WokTf8Ap9QZqJv1Qf8ich+9OjCRzFwdXjkW0owdMISk +--- 8NYNJtWhxmiFoR0GAafRsoGQKfPXM+3sP6zZSbCzpGo +@i?3rQSAlئRi+W*C̦ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 282f810..e873b7f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,13 +1,11 @@ let - nolan = "ssh-rsa - AAAAB3NzaC1yc2EAAAADAQABAAABAQDPk6C4eOYzTZ8XOuUA2tErGnSTLS/l9kRDl9+5Ql+m7VtaH/KRFbu6x+C0QAIKOrRcQOjpGYUjL1aIn0HCcoEW2PSihDmOHC+W8cy8ucScy4fPI5KpFFqTZU336Fje+NS4n587gcoaa5LjKcr2KZy/ljgzl4eNSRIqy85khfH4puxsj7LwTIqsZoqDhtD/jSqaKP1C2wuYSsijLF85UnRcT9jErnL757yUv/4xb4Is+gB0zan9GiBXRca4lzb0mY8rmMXmKhc2lm/mu8ogZRdYX5R2JP1AukzYGSdOFs4iUauihgvakuou9AugD2CC+ygYIEbWkUjwKfT9nRN93Qi9 - id_rsa"; - nixbox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPChjQ4PCvOkknZitrMS89GVjyxIbb/TPfczOWZ+rY6C"; + nolan = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPk6C4eOYzTZ8XOuUA2tErGnSTLS/l9kRDl9+5Ql+m7VtaH/KRFbu6x+C0QAIKOrRcQOjpGYUjL1aIn0HCcoEW2PSihDmOHC+W8cy8ucScy4fPI5KpFFqTZU336Fje+NS4n587gcoaa5LjKcr2KZy/ljgzl4eNSRIqy85khfH4puxsj7LwTIqsZoqDhtD/jSqaKP1C2wuYSsijLF85UnRcT9jErnL757yUv/4xb4Is+gB0zan9GiBXRca4lzb0mY8rmMXmKhc2lm/mu8ogZRdYX5R2JP1AukzYGSdOFs4iUauihgvakuou9AugD2CC+ygYIEbWkUjwKfT9nRN93Qi9 id_rsa"; hub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHygBPmz5T8IH/D60CiA5mOlKFTtYnk8JaK6cB+RJ4rk"; garden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3GEJ8fp2P10tKXGz7Oh4wg/CN1IvfS7s06hWLuA573"; + flynode = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhYhgpzyqIbSX779o6TI9yZA1qvha+SUfrdHwndj69I"; in { - "nolan.age".publicKeys = [ nixbox ]; + "nolan.age".publicKeys = [ nolan flynode ]; "ldap.age".publicKeys = [ hub ]; "jwt.age".publicKeys = [ hub ]; "authelia_session.age".publicKeys = [ hub ];