Compare commits
No commits in common. "e635fec1f97e276d491a7bdd9e9826f3368f7850" and "baa239dc72559b4bb1e002e30a501eae6bfaf8e1" have entirely different histories.
e635fec1f9
...
baa239dc72
12
flake.lock
12
flake.lock
|
@ -109,11 +109,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable-small": {
|
"nixpkgs-unstable-small": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1655000332,
|
"lastModified": 1654819923,
|
||||||
"narHash": "sha256-G4rs6nRox0146D6uI+zLxl8PwKXEO4PngyNXtY82DJI=",
|
"narHash": "sha256-s3m3dbCVWw7XAFbkIJyPKtlqgbcDD+2BrBOGTRn0fIw=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d64abb978cc2fa4b88b074a64d1b456183c8db17",
|
"rev": "a58de450c514aa1bc5a4999f92656ab6b600dc59",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -125,11 +125,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1654953433,
|
"lastModified": 1654682581,
|
||||||
"narHash": "sha256-TwEeh4r50NdWHFAHQSyjCk2cZxgwUfcCCAJOhPdXB28=",
|
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "90cd5459a1fd707819b9a3fb9c852beaaac3b79a",
|
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -13,11 +13,7 @@
|
||||||
|
|
||||||
cfg = config.my.services.fava;
|
cfg = config.my.services.fava;
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
|
|
||||||
secrets = config.my.secrets;
|
secrets = config.my.secrets;
|
||||||
in {
|
in {
|
||||||
options.my.services.fava = let
|
options.my.services.fava = let
|
||||||
|
@ -69,7 +65,7 @@ in {
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"fava.${domain}" = {
|
"fava.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
# FIXME: hardcoded tailscale IP
|
# FIXME: hardcoded tailscale IP
|
||||||
|
@ -90,7 +86,5 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["fava.${domain}"];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,8 +15,6 @@
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
in {
|
in {
|
||||||
options.my.services.gitea = let
|
options.my.services.gitea = let
|
||||||
inherit (lib) types;
|
inherit (lib) types;
|
||||||
|
@ -103,7 +101,7 @@ in {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"git.${domain}" = {
|
"git.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
||||||
|
@ -112,8 +110,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["git.${domain}"];
|
|
||||||
|
|
||||||
systemd.services.gitea.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.gitea.stateDir}/custom/templates";
|
systemd.services.gitea.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.gitea.stateDir}/custom/templates";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,8 +14,6 @@
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
|
|
||||||
# hardcoded in NixOS module :(
|
# hardcoded in NixOS module :(
|
||||||
jellyfinPort = 8096;
|
jellyfinPort = 8096;
|
||||||
|
@ -33,14 +31,12 @@ in {
|
||||||
# Proxy to Jellyfin
|
# Proxy to Jellyfin
|
||||||
services.nginx.virtualHosts."jellyfin.${domain}" = {
|
services.nginx.virtualHosts."jellyfin.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://localhost:${toString jellyfinPort}/";
|
proxyPass = "http://localhost:${toString jellyfinPort}/";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["jellyfin.${domain}"];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,11 +13,7 @@
|
||||||
|
|
||||||
cfg = config.my.services.lohr;
|
cfg = config.my.services.lohr;
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
|
|
||||||
secrets = config.my.secrets;
|
secrets = config.my.secrets;
|
||||||
lohrPkg = let
|
lohrPkg = let
|
||||||
flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd";
|
flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd";
|
||||||
|
@ -77,14 +73,12 @@ in {
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"lohr.${domain}" = {
|
"lohr.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["lohr.${domain}"];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,10 +32,7 @@
|
||||||
public = 443;
|
public = 443;
|
||||||
private = 11339;
|
private = 11339;
|
||||||
};
|
};
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
in {
|
in {
|
||||||
options.my.services.matrix = let
|
options.my.services.matrix = let
|
||||||
inherit (lib) types;
|
inherit (lib) types;
|
||||||
|
@ -150,7 +147,7 @@ in {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"matrix.${domain}" = {
|
"matrix.${domain}" = {
|
||||||
onlySSL = true;
|
onlySSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations = let
|
locations = let
|
||||||
proxyToClientPort = {
|
proxyToClientPort = {
|
||||||
|
@ -184,7 +181,7 @@ in {
|
||||||
"matrix.${domain}_federation" = rec {
|
"matrix.${domain}_federation" = rec {
|
||||||
onlySSL = true;
|
onlySSL = true;
|
||||||
serverName = "matrix.${domain}";
|
serverName = "matrix.${domain}";
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/".return = "404";
|
locations."/".return = "404";
|
||||||
|
|
||||||
|
@ -208,7 +205,7 @@ in {
|
||||||
|
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."= /.well-known/matrix/server".extraConfig = let
|
locations."= /.well-known/matrix/server".extraConfig = let
|
||||||
server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";};
|
server = {"m.server" = "matrix.${domain}:${toString federationPort.public}";};
|
||||||
|
@ -233,7 +230,7 @@ in {
|
||||||
# Element Web app deployment
|
# Element Web app deployment
|
||||||
#
|
#
|
||||||
"chat.${domain}" = {
|
"chat.${domain}" = {
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
root = pkgs.element-web.override {
|
root = pkgs.element-web.override {
|
||||||
|
@ -262,8 +259,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["chat.${domain}" "matrix.${domain}" domain];
|
|
||||||
|
|
||||||
# For administration tools.
|
# For administration tools.
|
||||||
environment.systemPackages = [pkgs.matrix-synapse];
|
environment.systemPackages = [pkgs.matrix-synapse];
|
||||||
|
|
||||||
|
|
|
@ -15,8 +15,6 @@
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
in {
|
in {
|
||||||
options.my.services.miniflux = let
|
options.my.services.miniflux = let
|
||||||
inherit (lib) types;
|
inherit (lib) types;
|
||||||
|
@ -62,7 +60,7 @@ in {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"reader.${domain}" = {
|
"reader.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
||||||
|
@ -70,7 +68,5 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["reader.${domain}"];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,8 +13,6 @@
|
||||||
|
|
||||||
cfg = config.my.services.monitoring;
|
cfg = config.my.services.monitoring;
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
in {
|
in {
|
||||||
options.my.services.monitoring = let
|
options.my.services.monitoring = let
|
||||||
inherit (lib) types;
|
inherit (lib) types;
|
||||||
|
@ -105,17 +103,15 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts.${cfg.domain} = {
|
virtualHosts.${config.services.grafana.domain} = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = [cfg.domain];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,8 +14,6 @@
|
||||||
|
|
||||||
cfg = config.my.services.navidrome;
|
cfg = config.my.services.navidrome;
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
in {
|
in {
|
||||||
options.my.services.navidrome = let
|
options.my.services.navidrome = let
|
||||||
inherit (lib) types;
|
inherit (lib) types;
|
||||||
|
@ -48,7 +46,7 @@ in {
|
||||||
|
|
||||||
services.nginx.virtualHosts."music.${domain}" = {
|
services.nginx.virtualHosts."music.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
# FIXME: hardcoded tailscale IP
|
# FIXME: hardcoded tailscale IP
|
||||||
|
@ -69,7 +67,5 @@ in {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["music.${domain}"];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,8 +16,6 @@ let
|
||||||
cfg = config.my.services.nextcloud;
|
cfg = config.my.services.nextcloud;
|
||||||
my = config.my;
|
my = config.my;
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
dbName = "nextcloud";
|
dbName = "nextcloud";
|
||||||
in {
|
in {
|
||||||
options.my.services.nextcloud = let
|
options.my.services.nextcloud = let
|
||||||
|
@ -87,13 +85,11 @@ in {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"cloud.${domain}" = {
|
"cloud.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["cloud.${domain}"];
|
|
||||||
|
|
||||||
my.services.restic-backup = let
|
my.services.restic-backup = let
|
||||||
nextcloudHome = config.services.nextcloud.home;
|
nextcloudHome = config.services.nextcloud.home;
|
||||||
in
|
in
|
||||||
|
|
|
@ -54,11 +54,10 @@ in {
|
||||||
|
|
||||||
certs = let
|
certs = let
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
gandiKey = config.my.secrets.gandiKey;
|
gandiKey = config.my.secrets.gandiKey;
|
||||||
in {
|
in {
|
||||||
"${fqdn}" = {
|
"${domain}" = {
|
||||||
|
extraDomainNames = ["*.${domain}"];
|
||||||
dnsProvider = "gandiv5";
|
dnsProvider = "gandiv5";
|
||||||
credentialsFile = config.age.secrets."gandi/api-key".path;
|
credentialsFile = config.age.secrets."gandi/api-key".path;
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
|
|
|
@ -14,8 +14,6 @@
|
||||||
cfg = config.my.services.paperless;
|
cfg = config.my.services.paperless;
|
||||||
my = config.my;
|
my = config.my;
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
paperlessDomain = "paperless.${domain}";
|
paperlessDomain = "paperless.${domain}";
|
||||||
in {
|
in {
|
||||||
options.my.services.paperless = let
|
options.my.services.paperless = let
|
||||||
|
@ -101,7 +99,7 @@ in {
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"${paperlessDomain}" = {
|
"${paperlessDomain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
listen = [
|
listen = [
|
||||||
# FIXME: hardcoded tailscale IP
|
# FIXME: hardcoded tailscale IP
|
||||||
|
@ -124,8 +122,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = [paperlessDomain];
|
|
||||||
|
|
||||||
my.services.restic-backup = mkIf cfg.enable {
|
my.services.restic-backup = mkIf cfg.enable {
|
||||||
paths = [
|
paths = [
|
||||||
config.services.paperless.dataDir
|
config.services.paperless.dataDir
|
||||||
|
|
|
@ -14,8 +14,6 @@
|
||||||
cfg = config.my.services.transmission;
|
cfg = config.my.services.transmission;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
webuiDomain = "transmission.${domain}";
|
webuiDomain = "transmission.${domain}";
|
||||||
|
|
||||||
transmissionRpcPort = 9091;
|
transmissionRpcPort = 9091;
|
||||||
|
@ -75,7 +73,7 @@ in {
|
||||||
|
|
||||||
services.nginx.virtualHosts."${webuiDomain}" = {
|
services.nginx.virtualHosts."${webuiDomain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}";
|
locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}";
|
||||||
|
|
||||||
|
@ -93,8 +91,5 @@ in {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = [webuiDomain];
|
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,8 +15,6 @@
|
||||||
my = config.my;
|
my = config.my;
|
||||||
|
|
||||||
domain = config.networking.domain;
|
domain = config.networking.domain;
|
||||||
hostname = config.networking.hostName;
|
|
||||||
fqdn = "${hostname}.${domain}";
|
|
||||||
in {
|
in {
|
||||||
options.my.services.vaultwarden = let
|
options.my.services.vaultwarden = let
|
||||||
inherit (lib) types;
|
inherit (lib) types;
|
||||||
|
@ -70,7 +68,7 @@ in {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"pass.${domain}" = {
|
"pass.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = fqdn;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
||||||
|
@ -88,8 +86,6 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs.${fqdn}.extraDomainNames = ["pass.${domain}"];
|
|
||||||
|
|
||||||
# FIXME: should be renamed to vaultwarden eventually
|
# FIXME: should be renamed to vaultwarden eventually
|
||||||
my.services.restic-backup = mkIf cfg.enable {
|
my.services.restic-backup = mkIf cfg.enable {
|
||||||
paths = ["/var/lib/bitwarden_rs"];
|
paths = ["/var/lib/bitwarden_rs"];
|
||||||
|
|
Loading…
Reference in a new issue