forked from Bos55/nix-config
Tibo De Peuter
1c437333f3
Migrated authorized SSH keys and personal metadata (emails, tokens) to sops-nix to prevent infrastructure fingerprinting. Introduced centralized secrets module with placeholder fallbacks.
74 lines
1.7 KiB
Nix
74 lines
1.7 KiB
Nix
{ config, pkgs, lib, system, ... }:
|
|
|
|
{
|
|
config = {
|
|
homelab = {
|
|
networking.hostIp = "192.168.0.91";
|
|
apps = {
|
|
bind9.enable = true;
|
|
homepage = {
|
|
enable = true;
|
|
exposePort = true;
|
|
};
|
|
traefik.enable = true;
|
|
plex.enable = true;
|
|
};
|
|
virtualisation.guest.enable = true;
|
|
users.deploy.enable = true;
|
|
};
|
|
|
|
networking = {
|
|
hostId = "aaaa9100";
|
|
domain = "roxanne.depeuter.dev";
|
|
|
|
useDHCP = false;
|
|
|
|
enableIPv6 = true;
|
|
|
|
defaultGateway = {
|
|
address = "192.168.0.1";
|
|
interface = "ens18";
|
|
};
|
|
|
|
# Open ports in the firewall.
|
|
firewall = {
|
|
enable = true;
|
|
};
|
|
|
|
interfaces.ens18 = {
|
|
ipv4.addresses = [
|
|
{
|
|
address = config.homelab.networking.hostIp;
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
};
|
|
|
|
nameservers = [
|
|
"1.1.1.1" # Cloudflare
|
|
"1.0.0.1" # Cloudflare
|
|
];
|
|
};
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
pgadmin = {
|
|
image = "dpage/pgadmin4:8.11.0";
|
|
ports = [
|
|
"30056:80/tcp"
|
|
];
|
|
environment = {
|
|
# NOTE Required
|
|
# The email address used when setting up the initial administrator account to login to pgAdmin.
|
|
# TODO Hugo: Populate 'pgadmin_email' in sops.
|
|
PGADMIN_DEFAULT_EMAIL = config.sops.placeholder.pgadmin_email or "pgadmin-admin@example.com";
|
|
# NOTE Required
|
|
# The password used when setting up the initial administrator account to login to pgAdmin.
|
|
PGADMIN_DEFAULT_PASSWORD = "ChangeMe";
|
|
};
|
|
autoStart = true;
|
|
};
|
|
};
|
|
};
|
|
}
|