nolan/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: nolan:a0b0a449ca32a903066e5462ff6d8c895f559a44
Branches Tags
nolan:main
..
compare: nolan:838941b56b13512f25c08fccd9e5546834105d2d
Branches Tags
nolan:main

10 commits
a0b0a449ca ... 838941b56b

Author SHA1 Message Date
Nolan Darilek
838941b56b Update password and add new host key. 2025-01-29 16:28:17 -06:00
Nolan Darilek
da0e3e9d56 Bump dependencies. 2025-01-29 14:29:16 -06:00
Nolan Darilek
10dbdcddd0 Update flake. 2025-01-01 15:32:41 -06:00
Nolan Darilek
84e81d9642 Add audiobookshelf. 2025-01-01 15:30:40 -06:00
Nolan Darilek
61b20b94d4 Add adguardhome. 2024-12-31 14:48:47 -06:00
Nolan Darilek
575dd8a7ed Remove defaults. 2024-12-31 13:44:16 -06:00
Nolan Darilek
f111879b6e Add more apps. 2024-12-30 10:10:13 -06:00
Nolan Darilek
d58da536b1 Add Searxng. 2024-12-29 09:34:18 -06:00
Nolan Darilek
5ba548b4b7 Install flac. 2024-12-24 09:11:40 -06:00
Nolan Darilek
b3587531da Install shntool. 2024-12-24 09:05:23 -06:00
16 changed files with 219 additions and 51 deletions
Show stats Expand all files Collapse all files

42
flake.lock generated
View file

@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1736955230,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -45,7 +45,7 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-Q1NbA/o8Q+JSR6wfK7cd9ylc3QWuURATo7c2Q1JCbX4=", "narHash": "sha256-SIKBfviJFGqzP5JJVCW7JRhSqxYKYChMFefASSt9YNU=",
"path": "pkgs/caddy", "path": "pkgs/caddy",
"type": "path" "type": "path"
}, },
@ -56,11 +56,11 @@
}, },
"caddy_2": { "caddy_2": {
"locked": { "locked": {
"lastModified": 1732948222, "lastModified": 1735284852,
"narHash": "sha256-kUWyjeqkU+RHTHVXT61QF19eW2vnWgah5OcPrUlU8oU=", "narHash": "sha256-mQu3IwEO294DuB7XAXOvOLriElDgRTf6rTLoDh3tMFQ=",
"owner": "vincentbernat", "owner": "vincentbernat",
"repo": "caddy-nix", "repo": "caddy-nix",
"rev": "9d13eb684b4ba1b2eb92e76f7ea1f517eccc4fe1", "rev": "b421380ded7c000f432092df0f1a7afd9e187173",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,11 +153,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734366194, "lastModified": 1736373539,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -169,11 +169,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1734954597, "lastModified": 1737751639,
"narHash": "sha256-QIhd8/0x30gEv8XEE1iAnrdMlKuQ0EzthfDR7Hwl+fk=", "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "def1d472c832d77885f174089b0d34854b007198", "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -216,11 +216,11 @@
}, },
"nixpkgsUnstable": { "nixpkgsUnstable": {
"locked": { "locked": {
"lastModified": 1734649271, "lastModified": 1737885589,
"narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -233,8 +233,8 @@
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 0, "lastModified": 0,
"narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=",
"path": "/nix/store/4hpdrd3qvj7nks3rrimqm2jdmcga8isc-source", "path": "/nix/store/50yickar04m51aqnc43gxf45g2i0n3k9-source",
"type": "path" "type": "path"
}, },
"original": { "original": {
@ -244,11 +244,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1734875076, "lastModified": 1738023785,
"narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1807c2b91223227ad5599d7067a61665c52d1295", "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
hosts/garden/default.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
@ -48,5 +48,10 @@
group = config.services.lidarr.group; group = config.services.lidarr.group;
}; };
environment.systemPackages = with pkgs; [
flac
shntool
];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

20
hosts/hub/apps/actual.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, ... }:
{
systemd.tmpfiles.rules = [
"d /var/lib/actual 0755 root root"
];
virtualisation.oci-containers.containers.actual = {
image = "actualbudget/actual-server:latest";
ports = [
"5006:5006"
];
volumes = [ "/var/lib/actual:/data" ];
};
services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = ''
bind tailscale/budget
reverse_proxy http://localhost:5006
'';
}

28
hosts/hub/apps/adguard.nix Normal file
View file

@ -0,0 +1,28 @@
{
containers.adguardhome = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.0.1";
localAddress = "192.168.0.4";
config =
{ lib, ... }:
{
services = {
adguardhome = {
enable = true;
port = 80;
settings = {
filtering = {
protection_enabled = true;
filtering_enabled = true;
};
};
};
tailscale = {
enable = true;
interfaceName = "userspace-networking";
};
};
};
};
}

12
hosts/hub/apps/audiobookshelf.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
services = {
audiobookshelf.enable = true;
caddy.virtualHosts."https://audiobookshelf.tailc50184.ts.net".extraConfig = ''
bind tailscale/audiobookshelf
reverse_proxy localhost:8000
'';
};
environment.systemPackages = with pkgs; [ audible-cli ];
}

7
hosts/hub/apps/ollama.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.ollama.enable = true;
services.caddy.virtualHosts."https://ollama.tailc50184.ts.net".extraConfig = ''
bind tailscale/ollama
reverse_proxy http://localhost:11434
'';
}

14
hosts/hub/apps/searxng.nix Normal file
View file

@ -0,0 +1,14 @@
{
services.searx = {
enable = true;
settings.server = {
port = 8080;
secret_key = "secret_key";
};
};
services.caddy.virtualHosts."https://searxng.tailc50184.ts.net".extraConfig = ''
bind tailscale/searxng
reverse_proxy http://localhost:8080
'';
}

8
hosts/hub/default.nix
View file

@ -22,6 +22,10 @@
../../roles/syncthing.nix ../../roles/syncthing.nix
./apps/dev.nix ./apps/dev.nix
./apps/nextcloud.nix ./apps/nextcloud.nix
./apps/searxng.nix
./apps/actual.nix
./apps/adguard.nix
./apps/audiobookshelf.nix
]; ];
boot.loader.grub = { boot.loader.grub = {
@ -90,13 +94,11 @@
}; };
certificateScheme = "acme"; certificateScheme = "acme";
enableManageSieve = true; enableManageSieve = true;
indexDir = "/var/lib/dovecot/indices";
fullTextSearch = { fullTextSearch = {
enable = true; enable = true;
# index new email as they arrive
autoIndex = true;
# this only applies to plain text attachments, binary attachments are never indexed # this only applies to plain text attachments, binary attachments are never indexed
indexAttachments = true; indexAttachments = true;
enforced = "body";
}; };
}; };

73
pkgs/caddy/flake.lock generated Normal file
View file

@ -0,0 +1,73 @@
{
"nodes": {
"caddy": {
"locked": {
"lastModified": 1735284852,
"narHash": "sha256-mQu3IwEO294DuB7XAXOvOLriElDgRTf6rTLoDh3tMFQ=",
"owner": "vincentbernat",
"repo": "caddy-nix",
"rev": "b421380ded7c000f432092df0f1a7afd9e187173",
"type": "github"
},
"original": {
"owner": "vincentbernat",
"repo": "caddy-nix",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 0,
"narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=",
"path": "/nix/store/50yickar04m51aqnc43gxf45g2i0n3k9-source",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"caddy": "caddy",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

9
secrets/authelia_session.age
View file

@ -1,5 +1,6 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5X7MKw YuRoNT0MBRWhTnjsFZUaft45PhSRkghxREoLSLnH3Ac -> ssh-ed25519 5X7MKw xrpuavAym+fGSiRin+j/3L0nkx1HbQ8KlXeDIeVgJV4
iFZLc/n7K4ZLs5O6m13H64On27735eJBV1UYtVjiq0c Kp/4ez62E9tXEwKWywTFpAB5sIyWj8d46g/2P26nMoo
--- alcDYeP+DzOX1IkyZ18cjsfIKirUPmHsqKXyL5LGHiQ --- Jnp4aP2bYua2WgPK5yXjdmIVsTBtV0SsgijC6OeVB94
ôµ1Yàe\-/†÷ñ&p:Ñç5tWGÙ嶈íC;hÊÄ¿ù¦KJrÅf-ÃÆ]ºõ½|¾ëëÃ?™úP‰|:¦ó #w³Å§*òMµÀ™ŒžôCÓÝ¿±Žýlˆ
8WdÝ΄٬³k)ƒîôMM^¦_õ%0ÌKß÷ ƒô±›|¢½ÓwáÑïØ

BIN
secrets/authelia_storage.age
View file

Binary file not shown.

9
secrets/cloudflare_api.age
View file

@ -1,6 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5X7MKw ym72T52g1+mR47oSMb2e0wnBz6L15p+AFcn91r1Ge1w -> ssh-ed25519 5X7MKw OkAHr+YJ9t0JBsWcw0EYVGye17zGJoYzAMSiqyggwyU
f13gDhaIrpUS/HYpRFZkIq5YLf4IDckXHkcNg3FOfIM U9tiuehf/rG9yQjZsBqXkY42CHE98mTBOw/7SkQhOwk
--- GKtoiEoq2vhv/dh6/zRXSsbETxloRfcC9PLFn0Y+B7o --- +focODoDCNdQbm8SS0q0USCQ5LUZx+NnKvc0tK5GR5g
„î1 ßv®¶²¶¡£%„òÉþ[KV«¢5ªñfISé<C3A9>•D pÔ¸>/+nŽRêücKÍÙ¼VÛQÖ2<77>Úò´¿Ð ݵ‚&v½3ʃ¤«ò³{.Ì7ÙÅ4 ×~Ë\O×â^òŸ¿“Ïâ¥l€æ/Eï½<C3AF>ÙlÈéζö<>Öç·bŽ ß3xê:Œ”ö)Š¥(‰öVòDAšæô ‰Vúë¦Î0è¨l¯3Ä«»R¯M<C2AF>ÞÐß„ìBH­«Ò‰Û Ê’!Yâ&wJ|×Ë”5v¿r·:\½‹
HSª\Çk-œ¬RÛ<1E>FÒvµ„¥ìµHjßihøý 

8
secrets/jwt.age
View file

@ -1,5 +1,5 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5X7MKw LxFmTWxgYrEE1RsQsdygOOKz9BQLAJevlowuf4+mFXc -> ssh-ed25519 5X7MKw q8mFirtavSJK5ovKFl3l0/Hs/ooHwVy2UmuMwVENrDc
1ZeeOA3Ihyeg4huXqzNf6WaOpA/EbU1G36Rwo6ANMvo PwdMCbPZkr5jF0No+D2p51Y41Df5THYD3u2+lD5lLYE
--- hUkp8RDLowKXNhY3WJe2O4SjrXyt6fGHs1gk95T3RNs --- 11Ll3UGRQQmtLz82aU1WegRlfSowlxakbzcTq/lL4/w
<£ï«ÖÑÞÆuHsºøªë·N5c㿳¾Ñ<!aEÓ<> a;¸¬ècg$£©UæObÌ°”uW\œ³ÝF 4ÂjÄ9¸UH? |ËdO€<4F>Ù(ËÕ©üÿUP°q/]ŽRÞÈð«_Z<5F>];HИëõØ‚[—<>ú¿44þŒÝ1ŠZïê

10
secrets/ldap.age
View file

@ -1,5 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 5X7MKw wZTFdwnfdu6FNEtTN9k4pNvMxWjANQOeGMcfhEFVuEQ -> ssh-ed25519 5X7MKw YFex6K7JkRIA0nRPYtd9kySRTulpG/ks6abtaBZJICk
J3ACr5ChFqZAmnoTvfgkN+/3lxLzcU0i08CRWtpQqqc sZ/EMZTWNvj6Q1Fx9XoBy/whnAB4syYXXTW8iMGXbok
--- 8Iex/gX3YgiuC4hQDfaf2C8EyQawOn7ccghWg9wr/OY --- 49i8zwxAXuJQ4aca4VsLpxij7yjttJoTYZd0po3pDvo
ÍË¥­çÁ“JH 6ÙHwˆà™¥KiV<>eOt']„è»iêK/YCIyíÄÙ®‡µ}vÀßÞtSʆs<E280A0>Å°ÀJ %¼Ç¹ª²3}
¿KL8§3<EFBFBD>ÊÝšoónø,d!¹1ŽÚàì|Ùf¥³ó¶ïë
K>“;âÍ=`e> $Ìä²ý<C2B2>zc

15
secrets/nolan.age
View file

@ -1,5 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 WXu6hQ xPIs0RMmg8qzbe5u0fkmd52vwUWtPFbp8OT+PWKfBmk -> ssh-rsa exbmLg
AlgW3FNZMZZKQP2WBxBtkz/fkn7D36jH6RQqQqPTFLQ owZ2BSARW2S2gsT4JCuCYPqPy0rHTU5WlKbGdiFF1HzYHFmzjYlpvdVXNnoIbAz3
--- Fbjl6JMOoyxErJQ2vxx/JiZyjMK7aoWFqIH3WMZxbrk mg7y2HaOpa/DaVHkoj6yYL0AOEXka4SdYAIBqnXIAZefGTbGHuzUl518zlgq41tx
>2ïïæ”ø÷[\R!ùìVlC/v5iFbšN´É‡oí}tÏ\|ñ0F;·2{í¥ÏõqúÁp2£Ð•í¯*žéŠB.JAÙCŸ‰Äöñ7?Þ ‡¨Ûy%óäÂxÚ  ODwgChYaSR6EOFO7zCjyfdeYMfjU65zKNttgDngS8BfeiMKAc2ok6H/4/w/gIs57
FYDk1kXigJg+55omrTpex2aDg/D9kc6njbHcHijB7gFYtnN5Yc73JfY6QeoAf9Re
U8/gnA4CTRDMkuYjXPKZKEvU6VDoiKsdQuuHAwlXHjO9JE2JHz3IXd4ODwP/A47f
yDusR5yWk1ZvYjPZNjS8pQ
-> ssh-ed25519 revz+g zQStUkTc1AhVSg+u87WdvWaG5YcZUop7q6Ld6rCXKhM
WokTf8Ap9QZqJv1Qf8ich+9OjCRzFwdXjkW0owdMISk
--- 8NYNJtWhxmiFoR0GAafRsoGQKfPXM+3sP6zZSbCzpGo
纓驛<EFBFBD>怨i¢到?ナ3ィrQSA麝リヲR<EFBDA6>ョ+W*Cレフヲネン

8
secrets/secrets.nix
View file

@ -1,13 +1,11 @@
let let
nolan = "ssh-rsa nolan = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPk6C4eOYzTZ8XOuUA2tErGnSTLS/l9kRDl9+5Ql+m7VtaH/KRFbu6x+C0QAIKOrRcQOjpGYUjL1aIn0HCcoEW2PSihDmOHC+W8cy8ucScy4fPI5KpFFqTZU336Fje+NS4n587gcoaa5LjKcr2KZy/ljgzl4eNSRIqy85khfH4puxsj7LwTIqsZoqDhtD/jSqaKP1C2wuYSsijLF85UnRcT9jErnL757yUv/4xb4Is+gB0zan9GiBXRca4lzb0mY8rmMXmKhc2lm/mu8ogZRdYX5R2JP1AukzYGSdOFs4iUauihgvakuou9AugD2CC+ygYIEbWkUjwKfT9nRN93Qi9 id_rsa";
AAAAB3NzaC1yc2EAAAADAQABAAABAQDPk6C4eOYzTZ8XOuUA2tErGnSTLS/l9kRDl9+5Ql+m7VtaH/KRFbu6x+C0QAIKOrRcQOjpGYUjL1aIn0HCcoEW2PSihDmOHC+W8cy8ucScy4fPI5KpFFqTZU336Fje+NS4n587gcoaa5LjKcr2KZy/ljgzl4eNSRIqy85khfH4puxsj7LwTIqsZoqDhtD/jSqaKP1C2wuYSsijLF85UnRcT9jErnL757yUv/4xb4Is+gB0zan9GiBXRca4lzb0mY8rmMXmKhc2lm/mu8ogZRdYX5R2JP1AukzYGSdOFs4iUauihgvakuou9AugD2CC+ygYIEbWkUjwKfT9nRN93Qi9
id_rsa";
nixbox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPChjQ4PCvOkknZitrMS89GVjyxIbb/TPfczOWZ+rY6C";
hub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHygBPmz5T8IH/D60CiA5mOlKFTtYnk8JaK6cB+RJ4rk"; hub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHygBPmz5T8IH/D60CiA5mOlKFTtYnk8JaK6cB+RJ4rk";
garden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3GEJ8fp2P10tKXGz7Oh4wg/CN1IvfS7s06hWLuA573"; garden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3GEJ8fp2P10tKXGz7Oh4wg/CN1IvfS7s06hWLuA573";
flynode = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOhYhgpzyqIbSX779o6TI9yZA1qvha+SUfrdHwndj69I";
in in
{ {
"nolan.age".publicKeys = [ nixbox ]; "nolan.age".publicKeys = [ nolan flynode ];
"ldap.age".publicKeys = [ hub ]; "ldap.age".publicKeys = [ hub ];
"jwt.age".publicKeys = [ hub ]; "jwt.age".publicKeys = [ hub ];
"authelia_session.age".publicKeys = [ hub ]; "authelia_session.age".publicKeys = [ hub ];