mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

actual

Browse Source
This commit is contained in:
mjallen18
2025-04-21 11:01:20 -05:00
parent 3f1945973a
commit 2c06a3b95e
8 changed files with 127 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
flake.lock generated
View File

@@ -678,7 +678,7 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"napalm": "napalm", "napalm": "napalm",
"nixpkgs": [ "nixpkgs": [
"nas-nixpkgs" "nas-nixpkgs-stable"
], ],
"poetry2nix": "poetry2nix", "poetry2nix": "poetry2nix",
"systems": "systems" "systems": "systems"
@@ -748,16 +748,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744117652, "lastModified": 1745016969,
"narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", "narHash": "sha256-nDK8Z+LsNWrUsQ1JjnndNB57lvCmvy2QZUoCakoJCcI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", "rev": "67f60ebce88a89939fb509f304ac554bcdc5bfa6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@@ -821,11 +820,27 @@
}, },
"nas-nixpkgs": { "nas-nixpkgs": {
"locked": { "locked": {
"lastModified": 1744309437, "lastModified": 1744932701,
"narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nas-nixpkgs-stable": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1325,6 +1340,7 @@
"nas-lanzaboote": "nas-lanzaboote", "nas-lanzaboote": "nas-lanzaboote",
"nas-nixos-hardware": "nas-nixos-hardware", "nas-nixos-hardware": "nas-nixos-hardware",
"nas-nixpkgs": "nas-nixpkgs", "nas-nixpkgs": "nas-nixpkgs",
"nas-nixpkgs-stable": "nas-nixpkgs-stable",
"nas-sops-nix": "nas-sops-nix", "nas-sops-nix": "nas-sops-nix",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-stable": "nixpkgs-stable_4",

11
flake.nix
View File

@@ -58,13 +58,18 @@
# nixpgs # nixpgs
nas-nixpkgs = { nas-nixpkgs = {
# url = "github:NixOS/nixpkgs/nixos-24.11";
url = "github:NixOS/nixpkgs/nixos-unstable";
};
nas-nixpkgs-stable = {
url = "github:NixOS/nixpkgs/nixos-24.11"; url = "github:NixOS/nixpkgs/nixos-24.11";
}; };
# Authentik # Authentik
nas-authentik-nix = { nas-authentik-nix = {
url = "github:nix-community/authentik-nix"; url = "github:nix-community/authentik-nix";
inputs.nixpkgs.follows = "nas-nixpkgs"; inputs.nixpkgs.follows = "nas-nixpkgs-stable";
}; };
# cosmic launcher # cosmic launcher
@@ -81,7 +86,8 @@
# Home Manager # Home Manager
nas-home-manager = { nas-home-manager = {
url = "github:nix-community/home-manager/release-24.11"; # url = "github:nix-community/home-manager/release-24.11";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nas-nixpkgs"; inputs.nixpkgs.follows = "nas-nixpkgs";
}; };
@@ -232,6 +238,7 @@
# NAS # NAS
nas-nixpkgs, nas-nixpkgs,
nas-nixpkgs-stable,
nas-authentik-nix, nas-authentik-nix,
nas-cosmic, nas-cosmic,
nas-crowdsec, nas-crowdsec,

2
hosts/nas/apps.nix
View File

@@ -1,11 +1,13 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./apps/actual
./apps/arrs ./apps/arrs
# ./apps/crowdsec # ./apps/crowdsec
./apps/gitea ./apps/gitea
./apps/jellyfin ./apps/jellyfin
./apps/jellyseerr ./apps/jellyseerr
# ./apps/maybe
./apps/netbootxyz ./apps/netbootxyz
./apps/nextcloud ./apps/nextcloud
./apps/ollama ./apps/ollama

21
hosts/nas/apps/actual/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{ ... }:
{
services.actual = {
enable = true;
openFirewall = true;
settings = {
trustedProxies = [ "10.0.1.18" ];
port = 3333;
config = {
dataDir = "/media/nas/ssd/nix-app-data/actual";
openId = {
issuer = "https://authentik.mjallen.dev/application/o/actual-budget/";
client_id = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2";
client_secret = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2";
server_hostname = "https://actual.mjallen.dev";
authMethod = "openid";
};
};
};
};
}

46
hosts/nas/apps/maybe/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.maybe-web = {
autoStart = true;
image = "ghcr.io/maybe-finance/maybe";
ports = [ "3300:3000" ];
volumes = [ "/media/nas/ssd/nix-app-data/maybe-finance:/rails/storage" ];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
SECRET_KEY_BASE = "37d9b98e93c03acb9c14020165666efa6ac3013be88b421aa49fbe5d3f3e4303daf5e883ef847b73c4bbaa90b02773d7319ee2844cce9ed13a286039c8d38226";
PESTGRES_PASSWORD = "BogieDudie1";
SELF_HOSTED = "true";
RAILS_FORCE_SSL = "false";
RAILS_ASSUME_SSL = "false";
DB_HOST = "10.0.1.18";
DB_PORT = "5432";
REDIS_URL = "redis://10.0.1.18:6381/1";
POSTGRES_USER = "maybe_finance";
POSTGRES_PASSWORD = "BogieDudie1";
POSTGRES_DB = "maybe_finance";
};
};
virtualisation.oci-containers.containers.maybe-worker = {
image = "ghcr.io/maybe-finance/maybe";
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
SECRET_KEY_BASE = "37d9b98e93c03acb9c14020165666efa6ac3013be88b421aa49fbe5d3f3e4303daf5e883ef847b73c4bbaa90b02773d7319ee2844cce9ed13a286039c8d38226";
PESTGRES_PASSWORD = "BogieDudie1";
SELF_HOSTED = "true";
RAILS_FORCE_SSL = "false";
RAILS_ASSUME_SSL = "false";
DB_HOST = "10.0.1.18";
DB_PORT = "5432";
REDIS_URL = "redis://10.0.1.18:6381/1";
POSTGRES_USER = "maybe_finance";
POSTGRES_PASSWORD = "BogieDudie1";
POSTGRES_DB = "maybe_finance";
};
cmd = [ "bundle" "exec" "sidekiq" ];
};
}

12
hosts/nas/apps/traefik/default.nix
View File

@@ -13,6 +13,7 @@ let
paperlessUrl = "http://10.0.1.20:28981"; paperlessUrl = "http://10.0.1.20:28981";
cacheUrl = "http://10.0.1.18:5000"; cacheUrl = "http://10.0.1.18:5000";
giteaUrl = "http://10.0.1.18:3000"; giteaUrl = "http://10.0.1.18:3000";
actualUrl = "http://10.0.1.18:3333";
in in
{ {
networking.firewall = { networking.firewall = {
@@ -183,6 +184,11 @@ in
url = giteaUrl; url = giteaUrl;
} }
]; ];
actual.loadBalancer.servers = [
{
url = actualUrl;
}
];
}; };
routers = { routers = {
@@ -230,6 +236,12 @@ in
service = "gitea"; service = "gitea";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
tls.certResolver = "letsencrypt";
};
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";

1
hosts/nas/networking.nix
View File

@@ -16,6 +16,7 @@ let
4000 # netbootxyz 4000 # netbootxyz
4080 # netbootxyz 4080 # netbootxyz
3000 # gitea 3000 # gitea
3300
]; ];
in in
{ {

14
hosts/nas/services.nix
View File

@@ -183,12 +183,16 @@ in
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
dataDir = "/media/nas/ssd/nix-app-data/postgresql"; dataDir = "/media/nas/ssd/nix-app-data/postgresql";
ensureDatabases = [ "authentik" ]; ensureDatabases = [ "authentik" "maybe_finance" ];
ensureUsers = [ ensureUsers = [
{ {
name = "authentik"; name = "authentik";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "maybe_finance";
ensureDBOwnership = true;
}
]; ];
}; };
@@ -204,6 +208,11 @@ in
port = 6380; port = 6380;
# user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}"; # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}";
}; };
maybe = {
enable = true;
port = 6381;
};
}; };
}; };
@@ -211,7 +220,8 @@ in
enable = true; enable = true;
dataDir = "/media/nas/main/backup/restic"; dataDir = "/media/nas/main/backup/restic";
prometheus = true; prometheus = true;
listenAddress = "8008"; listenAddress = "0.0.0.0:8008";
htpasswd-file = "/media/nas/main/backup/restic/.htpasswd";
}; };
}; };