diff --git a/.sops.yaml b/.sops.yaml index 0c9b9f8..b24ce7e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,4 @@ -# This example uses YAML anchors which allows reuse of multiple keys -# without having to repeat yourself. -# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml -# for a more complex example. +# See https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml keys: - &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0 - &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 18d5835..9abc788 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -88,6 +88,7 @@ in papirus-icon-theme piper pop-gtk-theme + prismlauncher protonup protontricks protonvpn-gui diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 730b8b9..ff562f1 100644 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -2,8 +2,8 @@ { imports = [ ./apps/arrs - ./apps/jellyfin/jellyfin.nix - ./apps/jellyseerr/jellyseerr.nix + ./apps/jellyfin + ./apps/jellyseerr ./apps/nextcloud ./apps/ollama ./apps/paperless @@ -20,7 +20,7 @@ free-games-claimer.enable = true; - jackett.enable = true; + jackett.enable = false; manyfold.enable = true; diff --git a/hosts/nas/apps/arrs/default.nix b/hosts/nas/apps/arrs/default.nix index 3591daa..3a41231 100644 --- a/hosts/nas/apps/arrs/default.nix +++ b/hosts/nas/apps/arrs/default.nix @@ -4,11 +4,13 @@ let radarrPort = 7878; sonarrPort = 8989; sabnzbdPort = 8280; + jackettPort = 9117; radarrDataDir = "/var/lib/radarr"; downloadDir = "/downloads"; incompleteDir = "/downloads-incomplete"; sonarrDataDir = "/var/lib/sonarr"; sabnzbdConfig = "/var/lib/sabnzbd"; + jackettDir = "/var/lib/jackett/.config/Jackett"; mediaDir = "/media"; arrUserId = config.users.users.nix-apps.uid; arrGroupId = config.users.groups.jallen-nas.gid; @@ -78,6 +80,13 @@ in }; }; + services.jackett = { + enable = true; + user = "arrs"; + group = "media"; + openFirewall = true; + }; + # Create required users and groups users.users.arrs = { isSystemUser = true; @@ -161,6 +170,10 @@ in hostPath = "/media/nas/ssd/ssd_app_data/downloads-incomplete"; isReadOnly = false; }; + "${jackettDir}" = { + hostPath = "/media/nas/ssd/nix-app-data/jackett"; + isReadOnly = false; + }; "/media/movies" = { hostPath = "/media/nas/main/movies"; isReadOnly = false; @@ -194,6 +207,10 @@ in destination = "10.0.1.51:8112"; sourcePort = 8112; } + { + destination = "10.0.1.51:9117"; + sourcePort = 9117; + } ]; }; } \ No newline at end of file diff --git a/hosts/nas/apps/jellyfin/default.nix b/hosts/nas/apps/jellyfin/default.nix index d026f85..d0ca07f 100644 --- a/hosts/nas/apps/jellyfin/default.nix +++ b/hosts/nas/apps/jellyfin/default.nix @@ -1,30 +1,168 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.jellyfin; -in { - imports = [ ./options.nix ]; + config, + pkgs, + lib, + ... +}: - config = mkIf cfg.enable { +# let +# jellyfinPort = 8096; +# jellyfinUserId = config.users.users.nix-apps.uid; +# jellyfinGroupId = config.users.groups.jallen-nas.gid; +# package = pkgs.jellyfin; +# in { +# containers.jellyfin = { +# autoStart = true; +# privateNetwork = true; +# hostAddress = "10.0.1.18"; +# localAddress = "10.0.2.25"; - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ "--device=nvidia.com/gpu=0" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.moviesPath}:/data/movies" - "${cfg.tvPath}:/data/tv" - ]; - ports = [ "${cfg.port}:8096" ]; - environment = { - NVIDIA_VISIBLE_DEVICES = "all"; - NVIDIA_DRIVER_CAPABILITIES = "all"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; +# config = { config, pkgs, lib, ... }: { +# # Enable jellyfin service +# nixpkgs.config.allowUnfree = true; +# hardware = { +# # Nvidia +# nvidia = { +# package = config.boot.kernelPackages.nvidiaPackages.latest; +# # Modesetting is required. +# modesetting.enable = true; +# # Nvidia power management. Experimental, and can cause sleep/suspend to fail. +# powerManagement.enable = true; +# # Fine-grained power management. Turns off GPU when not in use. +# # Experimental and only works on modern Nvidia GPUs (Turing or newer). +# powerManagement.finegrained = false; +# # Use the NVidia open source kernel module (not to be confused with the +# # independent third-party "nouveau" open source driver). +# # Support is limited to the Turing and later architectures. Full list of +# # supported GPUs is at: +# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus +# # Only available from driver 515.43.04+ +# # Currently alpha-quality/buggy, so false is currently the recommended setting. +# open = true; + +# # Enable the Nvidia settings menu, +# # accessible via `nvidia-settings`. +# nvidiaSettings = true; +# }; + +# # Enable graphics +# graphics = { +# enable = true; +# enable32Bit = true; +# }; +# }; + +# # Services configs +# services.xserver = { +# # Load nvidia driver for Xorg and Wayland +# videoDrivers = [ "nvidia" ]; +# }; + +# services.jellyfin = { +# enable = true; +# openFirewall = true; +# user = "jellyfin"; +# group = "media"; +# dataDir = "/data"; +# configDir = "/config"; +# # cacheDir = "/cache"; +# }; + +# # Create required users and groups +# users.users.jellyfin = { +# isSystemUser = true; +# uid = lib.mkForce jellyfinUserId; +# group = "media"; +# extraGroups = [ "downloads" ]; +# }; + +# users.groups = { +# media = { gid = lib.mkForce jellyfinGroupId; }; +# downloads = { }; +# }; + +# networking = { +# firewall = { +# enable = true; +# allowedTCPPorts = [ jellyfinPort ]; +# }; +# # Use systemd-resolved inside the container +# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 +# useHostResolvConf = lib.mkForce false; +# }; + +# # System packages +# environment.systemPackages = with pkgs; [ +# sqlite +# mono +# mediainfo +# # ffmpeg +# # nvidiaPackages.gpu +# # nvidiaPackages.nvidia-settings +# # nvidiaPackages.nvidia-x11 +# ]; + +# services.resolved.enable = true; +# system.stateVersion = "23.11"; +# }; + +# # Bind mount directories from host +# bindMounts = { +# "/data" = { +# hostPath = "/media/nas/ssd/nix-app-data/jellyfin"; +# isReadOnly = false; +# }; +# "/tv" = { +# hostPath = "/media/nas/main/tv"; +# isReadOnly = false; +# }; +# "/movies" = { +# hostPath = "/media/nas/main/movies"; +# isReadOnly = false; +# }; +# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device +# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control +# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting +# }; + +# # allowedDevices = [ +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia0"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidiactl"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia-modeset"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia-uvm"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia-uvm-tools"; +# # } +# # ]; +# }; + +# networking.nat = { +# forwardPorts = [{ +# destination = "10.0.2.25:8096"; +# sourcePort = jellyfinPort; +# }]; +# }; +# } +{ + services.jellyfin = { + enable = true; + openFirewall = true; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = "/media/nas/ssd/nix-app-data/jellyfin"; + # cacheDir = "/cache"; }; } diff --git a/hosts/nas/apps/jellyfin/jellyfin.nix b/hosts/nas/apps/jellyfin/jellyfin.nix deleted file mode 100644 index d0ca07f..0000000 --- a/hosts/nas/apps/jellyfin/jellyfin.nix +++ /dev/null @@ -1,168 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -# let -# jellyfinPort = 8096; -# jellyfinUserId = config.users.users.nix-apps.uid; -# jellyfinGroupId = config.users.groups.jallen-nas.gid; -# package = pkgs.jellyfin; -# in { -# containers.jellyfin = { -# autoStart = true; -# privateNetwork = true; -# hostAddress = "10.0.1.18"; -# localAddress = "10.0.2.25"; - -# config = { config, pkgs, lib, ... }: { -# # Enable jellyfin service -# nixpkgs.config.allowUnfree = true; -# hardware = { -# # Nvidia -# nvidia = { -# package = config.boot.kernelPackages.nvidiaPackages.latest; -# # Modesetting is required. -# modesetting.enable = true; -# # Nvidia power management. Experimental, and can cause sleep/suspend to fail. -# powerManagement.enable = true; -# # Fine-grained power management. Turns off GPU when not in use. -# # Experimental and only works on modern Nvidia GPUs (Turing or newer). -# powerManagement.finegrained = false; -# # Use the NVidia open source kernel module (not to be confused with the -# # independent third-party "nouveau" open source driver). -# # Support is limited to the Turing and later architectures. Full list of -# # supported GPUs is at: -# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus -# # Only available from driver 515.43.04+ -# # Currently alpha-quality/buggy, so false is currently the recommended setting. -# open = true; - -# # Enable the Nvidia settings menu, -# # accessible via `nvidia-settings`. -# nvidiaSettings = true; -# }; - -# # Enable graphics -# graphics = { -# enable = true; -# enable32Bit = true; -# }; -# }; - -# # Services configs -# services.xserver = { -# # Load nvidia driver for Xorg and Wayland -# videoDrivers = [ "nvidia" ]; -# }; - -# services.jellyfin = { -# enable = true; -# openFirewall = true; -# user = "jellyfin"; -# group = "media"; -# dataDir = "/data"; -# configDir = "/config"; -# # cacheDir = "/cache"; -# }; - -# # Create required users and groups -# users.users.jellyfin = { -# isSystemUser = true; -# uid = lib.mkForce jellyfinUserId; -# group = "media"; -# extraGroups = [ "downloads" ]; -# }; - -# users.groups = { -# media = { gid = lib.mkForce jellyfinGroupId; }; -# downloads = { }; -# }; - -# networking = { -# firewall = { -# enable = true; -# allowedTCPPorts = [ jellyfinPort ]; -# }; -# # Use systemd-resolved inside the container -# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 -# useHostResolvConf = lib.mkForce false; -# }; - -# # System packages -# environment.systemPackages = with pkgs; [ -# sqlite -# mono -# mediainfo -# # ffmpeg -# # nvidiaPackages.gpu -# # nvidiaPackages.nvidia-settings -# # nvidiaPackages.nvidia-x11 -# ]; - -# services.resolved.enable = true; -# system.stateVersion = "23.11"; -# }; - -# # Bind mount directories from host -# bindMounts = { -# "/data" = { -# hostPath = "/media/nas/ssd/nix-app-data/jellyfin"; -# isReadOnly = false; -# }; -# "/tv" = { -# hostPath = "/media/nas/main/tv"; -# isReadOnly = false; -# }; -# "/movies" = { -# hostPath = "/media/nas/main/movies"; -# isReadOnly = false; -# }; -# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device -# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control -# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting -# }; - -# # allowedDevices = [ -# # { -# # modifier = "rw"; -# # node = "/dev/nvidia0"; -# # } -# # { -# # modifier = "rw"; -# # node = "/dev/nvidiactl"; -# # } -# # { -# # modifier = "rw"; -# # node = "/dev/nvidia-modeset"; -# # } -# # { -# # modifier = "rw"; -# # node = "/dev/nvidia-uvm"; -# # } -# # { -# # modifier = "rw"; -# # node = "/dev/nvidia-uvm-tools"; -# # } -# # ]; -# }; - -# networking.nat = { -# forwardPorts = [{ -# destination = "10.0.2.25:8096"; -# sourcePort = jellyfinPort; -# }]; -# }; -# } -{ - services.jellyfin = { - enable = true; - openFirewall = true; - user = "nix-apps"; - group = "jallen-nas"; - dataDir = "/media/nas/ssd/nix-app-data/jellyfin"; - # cacheDir = "/cache"; - }; -} diff --git a/hosts/nas/apps/jellyfin/options.nix b/hosts/nas/apps/jellyfin/options.nix deleted file mode 100644 index 731eb22..0000000 --- a/hosts/nas/apps/jellyfin/options.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.jellyfin = { - enable = mkEnableOption "jellyfin docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "8096"; - }; - - name = mkOption { - type = types.str; - default = "jellyfin"; - }; - - image = mkOption { - type = types.str; - default = "lscr.io/linuxserver/jellyfin"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/jellyfin"; - }; - - moviesPath = mkOption { - type = types.str; - default = "/media/nas/main/movies"; - }; - - tvPath = mkOption { - type = types.str; - default = "/media/nas/main/tv"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/hosts/nas/apps/jellyseerr/default.nix b/hosts/nas/apps/jellyseerr/default.nix index 4284476..b5359cc 100644 --- a/hosts/nas/apps/jellyseerr/default.nix +++ b/hosts/nas/apps/jellyseerr/default.nix @@ -1,22 +1,67 @@ -{ lib, config, ... }: -with lib; +{ + config, + pkgs, + lib, + ... +}: + let - cfg = config.nas-apps.jellyseerr; + jellyseerrPort = 5055; + dataDir = "/var/lib/jellyseerr"; in { - imports = [ ./options.nix ]; + containers.jellyseerr = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.1.52"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::4"; - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:5055" ]; - volumes = [ "${cfg.configPath}:/app/config" ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + bindMounts = { + ${dataDir} = { + hostPath = "/media/nas/ssd/nix-app-data/jellyseerr"; + isReadOnly = false; }; }; + + config = + { + config, + pkgs, + lib, + ... + }: + { + # Enable jellyseerr service + services.jellyseerr = { + enable = true; + port = jellyseerrPort; + # package = package; + openFirewall = true; + }; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ jellyseerrPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.1.52:5055"; + sourcePort = jellyseerrPort; + } + ]; }; } diff --git a/hosts/nas/apps/jellyseerr/jellyseerr.nix b/hosts/nas/apps/jellyseerr/jellyseerr.nix deleted file mode 100644 index 8a0d13d..0000000 --- a/hosts/nas/apps/jellyseerr/jellyseerr.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - jellyseerrPort = 5055; - dataDir = "/var/lib/jellyseerr"; - downloadDir = "/downloads"; - mediaDir = "/media"; - jellyseerrUserId = config.users.users.nix-apps.uid; - jellyseerrGroupId = config.users.groups.jallen-nas.gid; - package = pkgs.jellyseerr; -in -{ - containers.jellyseerr = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.18"; - localAddress = "10.0.1.52"; - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::4"; - - config = - { - config, - pkgs, - lib, - ... - }: - { - # Enable jellyseerr service - services.jellyseerr = { - enable = true; - port = jellyseerrPort; - # package = package; - openFirewall = true; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ jellyseerrPort ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - }; - - networking.nat = { - forwardPorts = [ - { - destination = "10.0.1.52:5055"; - sourcePort = jellyseerrPort; - } - ]; - }; -} diff --git a/hosts/nas/apps/jellyseerr/options.nix b/hosts/nas/apps/jellyseerr/options.nix deleted file mode 100644 index f3b65d5..0000000 --- a/hosts/nas/apps/jellyseerr/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.jellyseerr = { - enable = mkEnableOption "jellyseerr docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "5055"; - }; - - name = mkOption { - type = types.str; - default = "jellyseerr"; - }; - - image = mkOption { - type = types.str; - default = "fallenbagel/jellyseerr"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/jellyseerr"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index 2b07908..62d17dd 100644 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -1,7 +1,6 @@ { config, ... }: let adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - dbpass = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; smtppassword = config.sops.templates."nextcloud-smtp".content; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; diff --git a/hosts/nas/apps/ollama/default.nix b/hosts/nas/apps/ollama/default.nix index e8bbd40..a52cadf 100644 --- a/hosts/nas/apps/ollama/default.nix +++ b/hosts/nas/apps/ollama/default.nix @@ -12,9 +12,10 @@ services.open-webui = { enable = true; + host = "0.0.0.0"; port = 8888; openFirewall = true; - stateDir = "/media/nas/ssd/nix-app-data/open-webui"; + # stateDir = "/media/nas/ssd/nix-app-data/open-webui"; environment = { OAUTH_CLIENT_ID = "P4YrtPrdwoQkwYs4e5AHQx7xiz4FV6OpT24rjqXa"; OAUTH_CLIENT_SECRET = "XpZ1Y9RUMD6FVxBSxg8evHkRYuSUJ3saN99uCFfeNo4Z8vrmnqZBHJQzSSCFig1fgqEYCr3SmcOvCHGHUsz9FJT2aZFlZxKv6bZZpuMQYASHiQtuX2pTVEspiNab3129"; @@ -26,6 +27,7 @@ DO_NOT_TRACK = "True"; SCARF_NO_ANALYTICS = "True"; OLLAMA_API_BASE_URL = "http://127.0.0.1:11434"; + LOCAL_FILES_ONLY = "False"; }; }; } \ No newline at end of file diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index e1751be..c6e8ced 100644 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -1,15 +1,15 @@ { config, ... }: let - traefikDataDir = "/var/lib/traefik"; - traefikUserId = config.users.users.nix-apps.uid; - traefikGroupId = config.users.groups.jallen-nas.gid; domain = "mjallen.dev"; + authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io"; authentikUrl = "http://10.0.1.18:9000"; collaboraUrl = "http://10.0.1.18:9980"; cloudUrl = "http://10.0.2.18:80"; jellyfinUrl = "http://10.0.1.18:8096"; - jellyseerrUrl = "http://10.0.1.18:5055"; + jellyseerrUrl = "http://10.0.1.52:5055"; + hassUrl = "http://10.0.1.183:8123"; + openWebUIUrl = "http://10.0.1.18:8888"; in { networking.firewall = { @@ -67,7 +67,7 @@ in api.dashboard = true; # Access the Traefik dashboard on :8080 of your server - # api.insecure = true; + api.insecure = true; }; dynamicConfigOptions = { @@ -76,7 +76,7 @@ in authentik = { forwardAuth = { tls.insecureSkipVerify = true; - address = "https://authentik.${domain}/outpost.goauthentik.io/auth/traefik"; + address = "http://10.0.1.18:9000/outpost.goauthentik.io/auth/traefik"; trustForwardHeader = true; authResponseHeaders = [ "X-authentik-username" @@ -93,9 +93,25 @@ in ]; }; }; + # test-errors = { + # errors = { + # status = [ + # "500" + # "501" + # "503" + # "505-599" + # ]; + # service = + # }; + # } }; services = { + auth.loadBalancer.servers = [ + { + url = authUrl; + } + ]; authentik.loadBalancer.servers = [ { url = authentikUrl; @@ -121,9 +137,26 @@ in url = jellyseerrUrl; } ]; + hass.loadBalancer.servers = [ + { + url = hassUrl; + } + ]; + chat.loadBalancer.servers = [ + { + url = openWebUIUrl; + } + ]; }; routers = { + auth = { + entryPoints = ["websecure"]; + rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)"; + service = "auth"; + priority = 15; + tls.certResolver = "letsencrypt"; + }; authentik = { entryPoints = ["websecure"]; rule = "Host(`authentik.${domain}`)"; @@ -154,6 +187,22 @@ in service = "jellyseerr"; tls.certResolver = "letsencrypt"; }; + hass = { + entryPoints = ["websecure"]; + rule = "Host(`hass.${domain}`)"; + service = "hass"; + middlewares = "authentik"; + priority = 10; + tls.certResolver = "letsencrypt"; + }; + open-webui = { + entryPoints = ["websecure"]; + rule = "Host(`chat.${domain}`)"; + service = "chat"; + # middlewares = [ "authentik" ]; + priority = 10; + tls.certResolver = "letsencrypt"; + }; }; }; };