patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity
nix-config/hosts/elisabeth/guests.nix

151 lines
4.6 KiB
Nix
Raw Normal View History

feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
{
config,
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
globals,
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
stateVersion,
inputs,
lib,
minimal,
...
reformat
2024-07-26 22:12:48 +02:00
}:
{
chore: simplified nginx setup
2024-03-14 20:07:10 +01:00
reformat
2024-07-26 22:12:48 +02:00
guests =
let
mkGuest =
guestName:
{
enablePanzer ? false,
enableRenaultFT ? false,
enableBunker ? false,
enableSharedPaperless ? false,
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
vlans ? [ "services" ],
reformat
2024-07-26 22:12:48 +02:00
...
}:
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
{
reformat
2024-07-26 22:12:48 +02:00
autostart = true;
zfs."/state" = {
pool = "rpool";
dataset = "local/guests/${guestName}";
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
};
reformat
2024-07-26 22:12:48 +02:00
zfs."/persist" = {
pool = "rpool";
dataset = "safe/guests/${guestName}";
};
zfs."/panzer" = lib.mkIf enablePanzer {
pool = "panzer";
dataset = "safe/guests/${guestName}";
};
zfs."/renaultft" = lib.mkIf enableRenaultFT {
pool = "renaultft";
dataset = "safe/guests/${guestName}";
};
# kinda not necesarry should be removed on next reimaging
zfs."/bunker" = lib.mkIf enableBunker {
pool = "panzer";
dataset = "bunker/guests/${guestName}";
};
zfs."/paperless" = lib.mkIf enableSharedPaperless {
pool = "panzer";
dataset = "bunker/shared/paperless";
};
modules = [
../../config/basic
../../config/services/${guestName}.nix
{
node.secretsDir = config.node.secretsDir + "/${guestName}";
feat: more homeassistant
2025-01-07 21:23:06 +01:00
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-services" ];
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
lib.listToAttrs (
lib.flip map vlans (
name:
fix: desktopnix deploy fix: immich firewall rules
2024-12-24 14:54:17 +01:00
lib.nameValuePair "10-mv-${name}" {
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
matchConfig.Name = "mv-${name}";
fix: desktopnix deploy fix: immich firewall rules
2024-12-24 14:54:17 +01:00
DHCP = lib.mkForce "no";
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
address = [
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
];
feat: more homeassistant
2025-01-07 21:23:06 +01:00
gateway = lib.optionals globals.net.vlans.${name}.internet [
fix: switch to vlan
2024-12-22 19:00:21 +01:00
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
];
}
)
)
);
reformat
2024-07-26 22:12:48 +02:00
}
];
};
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
reformat
2024-07-26 22:12:48 +02:00
mkMicrovm = guestName: cfg: {
${guestName} = mkGuest guestName cfg // {
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
backend = "microvm";
microvm = {
system = "x86_64-linux";
fix: switch to vlan
2024-12-22 19:00:21 +01:00
interfaces.lan-services = { };
feat: immich working
2024-01-21 00:43:50 +01:00
baseMac = config.secrets.secrets.local.networking.interfaces.lan01.mac;
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
};
extraSpecialArgs = {
feat: globals feat: more vlan config
2024-12-20 20:40:27 +01:00
inherit (inputs.self) nodes globals;
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
inherit (inputs.self.pkgs.x86_64-linux) lib;
inherit inputs minimal stateVersion;
};
};
reformat
2024-07-26 22:12:48 +02:00
};
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
feat: cleaner port forwarding
2024-12-22 00:10:37 +01:00
mkContainer =
guestName:
{
vlans ? [ "services" ],
...
}@cfg:
{
${guestName} = mkGuest guestName cfg // {
backend = "container";
container.macvlans = lib.flip map vlans (x: "lan-${x}:mv-${x}");
extraSpecialArgs = {
inherit (inputs.self) nodes globals;
inherit (inputs.self.pkgs.x86_64-linux) lib;
inherit inputs minimal stateVersion;
};
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
};
};
reformat
2024-07-26 22:12:48 +02:00
in
{ }
// mkContainer "oauth2-proxy" { }
// mkContainer "vaultwarden" { }
// mkContainer "ddclient" { }
fix: ollama models on renaultft feat: homeassistant ollama
2025-01-08 17:46:44 +01:00
// mkContainer "ollama" {
enableRenaultFT = true;
}
reformat
2024-07-26 22:12:48 +02:00
// mkContainer "murmur" { }
feat: signald is broken use signal-cli
2024-09-01 19:51:52 +02:00
// mkContainer "homebox" { }
feat: invidious hosting
2024-08-23 00:30:11 +02:00
// mkContainer "invidious" { }
reformat
2024-07-26 22:12:48 +02:00
// mkContainer "ttrss" { }
// mkContainer "firefly" { }
// mkContainer "yourspotify" { }
// mkContainer "netbird" { }
feat: add blog
2024-09-01 15:53:19 +02:00
// mkContainer "blog" { }
reformat
2024-07-26 22:12:48 +02:00
// mkContainer "kanidm" { }
feat: more homeassistant
2025-01-07 21:23:06 +01:00
// mkContainer "homeassistant" {
vlans = [
"services"
"devices"
"iot"
];
}
reformat
2024-07-26 22:12:48 +02:00
// mkContainer "nextcloud" { enablePanzer = true; }
// mkContainer "paperless" { enableSharedPaperless = true; }
// mkContainer "forgejo" { enablePanzer = true; }
// mkMicrovm "immich" { enablePanzer = true; }
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
// mkContainer "samba" {
enablePanzer = true;
enableRenaultFT = true;
feat: paperless
2024-01-18 00:39:25 +01:00
enableBunker = true;
enableSharedPaperless = true;
feat: more homeassistant
2025-01-07 21:23:06 +01:00
vlans = [
"home"
];
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server
2024-01-11 22:42:03 +01:00
};
}
Reference in a new issue Copy permalink