patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

Compare commits

base: patrick:2cfaf4c11618bb55aa44d5a1fffafb4aa5034591
Branches Tags
patrick:master
...
compare: patrick:9c005cc42cd6bff2a5222fea69361dd5f947476a
Branches Tags
patrick:master

4 commits
2cfaf4c116 ... 9c005cc42c

Author SHA1 Message Date
Patrick 9c005cc42c
feat: added paperless for david 2024-02-13 19:18:05 +01:00
Patrick 1268fb07d0
feat: switch to freshrss 2024-02-13 18:35:45 +01:00
Patrick 13f8e0b127
feat: ttrss 2024-02-13 18:07:45 +01:00
Patrick 930753181c
feat: added openttd 2024-02-12 23:28:21 +01:00
10 changed files with 73 additions and 5 deletions
Show stats Expand all files Collapse all files

24
hosts/elisabeth/guests.nix
View file

@ -8,12 +8,13 @@
...
}: let
adguardhomedomain = "adguardhome.${config.secrets.secrets.global.domains.web}";
nextclouddomain = "nc.${config.secrets.secrets.global.domains.web}";
giteadomain = "git.${config.secrets.secrets.global.domains.web}";
vaultwardendomain = "pw.${config.secrets.secrets.global.domains.web}";
paperlessdomain = "ppl.${config.secrets.secrets.global.domains.web}";
immichdomain = "immich.${config.secrets.secrets.global.domains.web}";
nextclouddomain = "nc.${config.secrets.secrets.global.domains.web}";
ollamadomain = "ollama.${config.secrets.secrets.global.domains.web}";
paperlessdomain = "ppl.${config.secrets.secrets.global.domains.web}";
ttrssdomain = "rss.${config.secrets.secrets.global.domains.web}";
vaultwardendomain = "pw.${config.secrets.secrets.global.domains.web}";
ipOf = hostName: lib.net.cidr.host config.secrets.secrets.global.net.ips."${config.guests.${hostName}.nodeName}" config.secrets.secrets.global.net.privateSubnetv4;
in {
services.nginx = {
@ -145,6 +146,22 @@ in {
'';
};
upstreams.tt-rss = {
servers."${ipOf "ttrss"}:80" = {};
extraConfig = ''
zone tt-rss 64k ;
keepalive 5 ;
'';
};
virtualHosts.${ttrssdomain} = {
forceSSL = true;
useACMEHost = "web";
locations."/".proxyPass = "http://tt-rss";
extraConfig = ''
'';
};
upstreams.nextcloud = {
servers."${ipOf "nextcloud"}:80" = {};
@ -248,6 +265,7 @@ in {
// mkContainer "vaultwarden" {}
// mkContainer "ddclient" {}
// mkContainer "ollama" {}
// mkContainer "ttrss" {}
// mkContainer "nextcloud" {
enablePanzer = true;
}

15
hosts/elisabeth/secrets/ttrss/generated/freshrsspasswd.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 KeayMdkWoIyLZu47yQdC+NKUeBli7y/KhyFrbvQKMjo
RFNC0waSc89REZ+uRWTYyKYcM0oW9Q8m92buzX9OlaY
-> piv-p256 XTQkUA Aqrx2ok2XeZvJWsPvOi7o7T3/PvZcZ5naOEvSouqGDxt
PW6G4aqvzq4JoJecPp7bP4Rzc6rgAV4NaTfeRCF5OYA
-> piv-p256 ZFgiIw A7pQOh63jVeS6WHnWusY2FuLk8ezS/lu6h+LmTqgArA3
4IkRO5JXgBggCYSI0lOaccyqVmHupOiFqZZwHsdlBDc
-> piv-p256 5vmPtQ A7kRH2YuvwTE+wCqpvE8FBlHthHv8cMWVLQOWxbKbgHq
OudUFhREd4J2cQQG9eEeKIjAqHkp+XznKFpvsJjgEHk
-> piv-p256 ZFgiIw AsojcZKNzLUdTgOekkqwisrOy7t8hup9sVla7PbL1RKH
cpG56veIp+cpW9JXsK2/4NXQ7kJM7g1Hg/sEnFSuW8k
-> ~yTrd-grease ox]5\ *89S8!#
Bfh0HDXNORM8GT6noqoh2KcVvUOksp09VOfG/dUFCC4DUUo
--- EJSmnzU8XIhaFIkPRjyFZxi+kEHap903mrUuc2MpUkY
þöžéüÀ<C3BC>­s¬àl•3i±ßp}©êøܨd…*†mŽEþ =FCÓ}Jé2î×ɽùpMvô,¢ˆ„®ÿspÀ<70>Dõðé]˜L3¨ÎÎÚ

1
hosts/elisabeth/secrets/ttrss/host.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAr7ezOf0v2GMMA1LgMbneaWv4S7vQzH6fq1qbSu/Xwa

1
modules/config/default.nix
View file

@ -14,7 +14,6 @@
./system.nix
./users.nix
./xdg.nix
./usbguard.nix
../../users/root

2
modules/config/users.nix
View file

@ -26,6 +26,8 @@
redis-paperless = uidGid 216;
microvm = uidGid 217;
maddy = uidGid 218;
tt_rss = uidGid 219;
freshrss = uidGid 220;
paperless = uidGid 315;
systemd-oom = uidGid 300;
systemd-coredump = uidGid 301;

3
modules/services/samba.nix
View file

@ -162,10 +162,11 @@
hasBunker = true;
} {})
(mkShare {
name = "david-data";
name = "david";
user = "david";
group = "david";
hasBunker = true;
hasPaperless = true;
} {})
(mkShare {
name = "family-data";

22
modules/services/ttrss.nix Normal file
View file

@ -0,0 +1,22 @@
{config, ...}: {
age.secrets.freshrsspasswd = {
generator.script = "alnum";
owner = config.services.freshrss.user;
};
networking.firewall.allowedTCPPorts = [80];
services.freshrss = {
enable = true;
passwordFile = config.age.secrets.freshrsspasswd.path;
defaultUser = "patrick";
baseUrl = "https://rss.lel.lol";
virtualHost = "rss.lel.lol";
};
environment.persistence."/persist".directories = [
{
inherit (config.services.freshrss) user;
directory = config.services.freshrss.dataDir;
group = config.services.freshrss.user;
mode = "0750";
}
];
}

BIN
secrets/secrets.nix.age
View file

Binary file not shown.

9
users/common/programs/openttd.nix Normal file
View file

@ -0,0 +1,9 @@
{pkgs, ...}: {
home.persistence."/persist".directories = [
".local/share/openttd"
];
home.packages = [
pkgs.openttd
];
}

1
users/patrick/default.nix
View file

@ -67,6 +67,7 @@ lib.optionalAttrs (!minimal) {
../common/programs/git.nix
../common/programs/kitty.nix
../common/programs/minecraft.nix
../common/programs/openttd.nix
../common/programs/poe.nix
../common/programs/spicetify.nix
../common/programs/thunderbird.nix