Bos55/nix-config
2
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Updates

Browse source
This commit is contained in:
Tibo De Peuter 2025-10-01 16:33:55 +02:00
parent 59f721f4d7
commit f1ba0a98e8
Signed by: tdpeuter
GPG key ID: 38297DE43F75FFE2
12 changed files with 95 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

34
hosts/Ingress/default.nix
View file

@ -59,6 +59,7 @@ prefixLength = 24;
};
"cloud.depeuter.dev" = { };
"git.depeuter.dev" = { };
"home.depeuter.dev" = { };
"jelly.depeuter.dev" = { };
"vault.depeuter.dev" = { };
};
@ -136,10 +137,27 @@ prefixLength = 24;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
"calendar.depeuter.dev".locations."/".return = "301 https://cloud.depeuter.dev/apps/calendar";
"calendar.depeuter.dev" = {
useACMEHost = "depeuter.dev";
locations."/".return = "301 https://cloud.depeuter.dev/apps/calendar";
};
"tasks.depeuter.dev".locations."/".return = "301 https://cloud.depeuter.dev/apps/tasks";
"notes.depeuter.dev".locations."/".return = "301 https://cloud.depeuter.dev/apps/notes";
"home.depeuter.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://192.168.0.21:8123";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
'';
};
};
"jelly.depeuter.dev" = {
enableACME = true;
forceSSL = true;
@ -176,7 +194,7 @@ prefixLength = 24;
};
};
extraConfig = ''
client_max_body_size 20M;
client_max_body_size 512M;
# Security / XSS Mitigation Headers
# NOTE: X-Frame-Options may cause issues with the webOS app
@ -206,7 +224,7 @@ prefixLength = 24;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 512M;
client_max_body_size 10G;
keepalive_timeout 600s;
proxy_buffers 4 256k; # Number and size of buffers for reading response
proxy_buffer_size 256k; # Buffer for the first part of the response
@ -220,10 +238,18 @@ prefixLength = 24;
enableACME = true;
forceSSL = true;
locations = {
"/".proxyPass = "http://192.168.0.22:10102";
"/" = {
proxyPass = "http://192.168.0.22:10102";
proxyWebSockets = true;
};
"~ ^/admin".return = 403;
};
};
"rss.depeuter.dev" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://192.168.92:${toString config.homelab.apps.freshrss.port}";
};
};
};
};

77
hosts/Niko/default.nix
View file

@ -7,7 +7,10 @@
];
homelab = {
apps.technitiumDNS.enable = true;
apps = {
technitiumDNS.enable = true;
traefik.enable = true;
};
users.deploy.enable = true;
};
@ -34,12 +37,11 @@
hardware = {
enableRedistributableFirmware = true;
enableAllFirmware = true;
pulseaudio.enable = true;
opengl.enable = true;
graphics.enable = true;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.utf8";
i18n.defaultLocale = "en_GB.UTF-8";
networking = {
hostName = "Niko";
@ -79,6 +81,8 @@
user = config.users.users.jellyfin-mpv-shim.name;
};
pulseaudio.enable = true;
tailscale = {
enable = true;
useRoutingFeatures = "server";
@ -94,8 +98,6 @@
# resolved.enable = true;
};
sound.enable = true;
# Define a user account. Don't forget to set a password with 'passwd'.
users.users.jellyfin-mpv-shim = {
description = "Jellyfin MPV Shim User";
@ -114,67 +116,4 @@
systemd.services."cage-tty1".serviceConfig.Restart = "always";
system.stateVersion = "24.05";
virtualisation = {
# Enable Android emulator
# waydroid.enable = true;
docker = {
enable = true;
autoPrune.enable = true;
};
oci-containers = {
backend = "docker";
containers = {
reverse-proxy = {
hostname = "traefik";
image = "traefik:v3.0";
cmd = [
"--api.insecure=true"
# Add Docker provider
"--providers.docker=true"
"--providers.docker.exposedByDefault=false"
# Add web entrypoint
"--entrypoints.web.address=:80/tcp"
"--entrypoints.web.http.redirections.entrypoint.to=websecure"
"--entrypoints.web.http.redirections.entrypoint.scheme=https"
# Add websecure entrypoint
"--entrypoints.websecure.address=:443/tcp"
"--entrypoints.websecure.http.tls=true"
"--entrypoints.websecure.http.tls.certResolver=letsencrypt"
"--entrypoints.websecure.http.tls.domains[0].main=depeuter.dev"
"--entrypoints.websecure.http.tls.domains[0].sans=*.depeuter.dev"
"--entrypoints.websecure.http.tls.domains[1].sans=*.niko.depeuter.dev"
# Certificates
"--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
"--certificatesresolvers.letsencrypt.acme.email=tibo.depeuter@telenet.be"
"--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
];
ports = [
"80:80/tcp"
"443:443/tcp"
# "8080:8080/tcp" # The Web UI (enabled by --api.insecure=true)
];
environment = {
# TODO Hide this!
"CLOUDFLARE_DNS_API_TOKEN" = "6Vz64Op_a6Ls1ljGeBxFoOVfQ-yB-svRbf6OyPv2";
};
environmentFiles = [
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro" # So that Traefik can listen to the Docker events
"letsencrypt:/letsencrypt"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.traefik.rule" = "Host(`traefik.niko.depeuter.dev`)";
"traefik.http.services.traefik.loadbalancer.server.port" = "8080";
};
autoStart = true;
};
};
};
};
}

8
hosts/ProductionGPU/default.nix
View file

@ -17,7 +17,7 @@
defaultGateway = {
address = "192.168.0.1";
interface = "enp6s18";
interface = "ens18";
};
# Open ports in the firewall.
@ -25,7 +25,7 @@
enable = true;
};
interfaces.enp6s18 = {
interfaces.ens18 = {
ipv4.addresses = [
{
address = "192.168.0.94";
@ -40,7 +40,7 @@
];
};
system.stateVersion = "unstable";
system.stateVersion = "24.11";
### Nvidia GPU support ###
@ -64,7 +64,7 @@
};
hardware = {
opengl = {
graphics = {
enable = true;
# driSupport = true;
# driSupport32Bit = true;

5
hosts/Testing/default.nix
View file

@ -3,7 +3,10 @@
{
config = {
homelab = {
apps.freshrss.enable = true;
apps = {
freshrss.enable = true;
traefik.enable = true;
};
virtualisation.guest.enable = true;
};