mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

caddy

Browse Source
This commit is contained in:
mjallen18
2026-02-11 22:23:00 -06:00
parent 89275509f3
commit 92b6e7a822
12 changed files with 702 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/nixos/services/ai/default.nix
View File

@@ -7,13 +7,19 @@
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.services.ai;
aiConfig = lib.${namespace}.mkModule {
inherit config;
name = "ai";
description = "AI Services";
options = { };
options = {
llama-cpp = {
model = mkOpt types.str "Qwen3-Coder-Next-UD-Q3_K_XL" "";
};
};
moduleConfig = {
services = {
ollama = {
@@ -34,7 +40,7 @@ let
port = 8127;
host = "0.0.0.0";
openFirewall = cfg.openFirewall;
model = "${cfg.configDir}/llama-cpp/models/Qwen3-Coder-Next-Q4_0.gguf";
model = "${cfg.configDir}/llama-cpp/models/${cfg.llama-cpp.model}.gguf";
package = pkgs.llama-cpp-rocm;
extraFlags = [
"--fit"
@@ -105,7 +111,7 @@ let
set -euo pipefail
MODEL_DIR="${cfg.configDir}/llama-cpp/models"
MODEL_NAME="Qwen3-Coder-Next-Q4_0.gguf"
MODEL_NAME="${cfg.llama-cpp.model}.gguf"
REPO_ID="unsloth/Qwen3-Coder-Next-GGUF"
# Create model directory if it doesn't exist

58
modules/nixos/services/caddy/default.nix
View File

@@ -11,10 +11,13 @@ let
cfg = config.${namespace}.services.${name};
caddyPackage = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.2" ];
plugins = [
"github.com/caddy-dns/cloudflare@v0.2.2"
];
hash = "sha256-dnhEjopeA0UiI+XVYHYpsjcEI6Y1Hacbi28hVKYQURg=";
};
# "github.com/hslatman/caddy-crowdsec-bouncer/http@v0.9.2"
caddy = lib.${namespace}.mkModule {
inherit config name;
description = "caddy Service";
@@ -87,14 +90,14 @@ let
package = caddyPackage;
environmentFile = config.sops.templates."caddy.env".path;
email = "jalle008@proton.me";
enableReload = false;
enableReload = true;
dataDir = "${cfg.configDir}/caddy";
globalConfig = ''
metrics
http_port 80
https_port 443
default_bind 0.0.0.0
''; # b710da1b0182eadcb1e569408de778f9f3c50
'';
virtualHosts = {
"*.mjallen.dev" = {
extraConfig = ''
@@ -102,19 +105,54 @@ let
dns cloudflare {$CLOUDFLARE_DNS_API_TOKEN}
}
@gitea host gitea.mjallen.dev
handle @gitea {
reverse_proxy http://10.0.1.3:3000
@authentik host authentik.mjallen.dev
handle @authentik {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.authentik.port}
}
@jellyfin host jellyfin.mjallen.dev
handle @jellyfin {
reverse_proxy http://10.0.1.3:8096
@cache host cache.mjallen.dev
handle @cache {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.attic.port}
}
@gitea host gitea.mjallen.dev
handle @gitea {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.gitea.port}
}
@homeassistant host hass.mjallen.dev
handle @homeassistant {
reverse_proxy http://10.0.1.4:8123
reverse_proxy http://nuc-nixos.local:8123
}
@immich host immich.mjallen.dev
handle @immich {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.immich.port}
}
@jellyfin host jellyfin.mjallen.dev
handle @jellyfin {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.jellyfin.port}
}
@jellyseerr host jellyseerr.mjallen.dev
handle @jellyseerr {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.jellyseerr.port}
}
@lubelogger host lubelogger.mjallen.dev
handle @lubelogger {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.lubelogger.port}
}
@matrix host matrix.mjallen.dev
handle @matrix {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.matrix.port}
}
@ntfy host ntfy.mjallen.dev
handle @ntfy {
reverse_proxy http://10.0.1.3:${toString config.${namespace}.services.ntfy.port}
}
'';
};

56
modules/nixos/services/coturn/default.nix
View File

@@ -14,38 +14,59 @@ let
description = "config";
options = { };
moduleConfig = {
# Add ACME certificate configuration for TLS support
# security.acme.certs."turn.mjallen.dev" = {
# group = "turnserver";
# dnsProvider = "cloudflare";
# credentialsFile = config.sops.templates."traefik.env".path;
# dnsPropagationCheck = true;
# };
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
# Removed no-tcp-relay to enable TCP relay for better VoIP support
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret = "Lucifer008!";
listening-port = cfg.port;
realm = "turn.mjallen.dev";
# cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
# Enable TLS support with ACME certificates
# cert = "${config.security.acme.certs.${realm}.directory}/fullchain.pem";
# pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
# Add public IP address for NAT traversal
external-ip=73.242.17.96
# Allow localhost for testing
allowed-peer-ip=127.0.0.0-127.255.255.255
allowed-peer-ip=::1
# ban private IP ranges - modified to allow local connections
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
# Allow internal networks for testing
# denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
# Localhost now explicitly allowed above
# denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
# Allow local network
# denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
# Localhost now explicitly allowed above
# denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
@@ -53,9 +74,30 @@ let
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
# Add better logging for debugging
log-file=/var/log/turnserver.log
syslog
'';
};
networking.firewall = {
# Open ports on all interfaces for better connectivity
allowedUDPPortRanges = with config.services.coturn; [
{
from = min-port;
to = max-port;
}
];
allowedUDPPorts = [
3478 # STUN/TURN standard port
5349 # STUN/TURN TLS port
];
allowedTCPPorts = [
3478 # STUN/TURN standard port
5349 # STUN/TURN TLS port
];
# Keep the specific interface rules too for backward compatibility
interfaces.enp197s0 =
let
range = with config.services.coturn; [

9
modules/nixos/services/crowdsec/default.nix
View File

@@ -119,6 +119,15 @@ let
capi.credentialsFile = lib.mkDefault "${cfg.configDir}/crowdsec/capi.yaml";
};
};
crowdsec-firewall-bouncer = {
enable = true;
registerBouncer = {
enable = true;
bouncerName = "nas-bouncer";
};
# secrets.apiKeyPath = config.sops.secrets."jallen-nas/crowdsec-firewall-bouncer-api-key".path;
};
};
};
};

2
modules/nixos/services/matrix/default.nix
View File

@@ -122,9 +122,11 @@ let
turn_uris = [
"turn:${config.services.coturn.realm}:3478?transport=udp"
"turn:${config.services.coturn.realm}:3478?transport=tcp"
"turns:${config.services.coturn.realm}:5349?transport=tcp" # TLS version for secure connections
];
turn_shared_secret = config.services.coturn.static-auth-secret;
turn_user_lifetime = "1h";
turn_allow_guests = true; # Allow guest users to use TURN server
};
};

147
modules/nixos/services/traefik/default.nix
View File

@@ -58,70 +58,12 @@ let
configDir = "/media/nas/main/appdata";
in
{
imports = [ ./options.nix ];
imports = [
./options.nix
./sops.nix
];
config = mkIf cfg.enable {
sops = {
secrets = {
"jallen-nas/traefik/crowdsec/lapi-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/crowdsec/capi-machine-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/crowdsec/capi-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-zone-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-api-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-email" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
};
templates = {
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
};
};
networking.firewall = {
allowedTCPPorts = forwardPorts;
@@ -131,11 +73,12 @@ in
services.traefik = {
enable = true;
dataDir = "${configDir}/traefik";
dynamic.dir = "${configDir}/traefik";
group = "jallen-nas"; # group;
environmentFiles = [ config.sops.templates."traefik.env".path ];
staticConfigOptions = {
static = {
# dir = "${configDir}/traefik";
settings = {
entryPoints = {
web = {
address = ":${toString httpPort}";
@@ -197,9 +140,12 @@ in
plugins = traefikPlugins;
};
};
};
dynamicConfigOptions = {
http = {
dynamic = {
dir = "/run/traefik";
files = {
"serversTransports".settings.http = {
serversTransports = {
internal-https = {
insecureSkipVerify = true;
@@ -209,7 +155,9 @@ in
disableHTTP2 = true;
};
};
};
"middlewares-authentik".settings.http = {
middlewares = {
authentik = {
forwardAuth = {
@@ -231,6 +179,11 @@ in
];
};
};
};
};
"middlewares-crowdsec".settings.http = {
middlewares = {
crowdsec = {
plugin = {
bouncer = {
@@ -246,6 +199,11 @@ in
};
};
};
};
};
"middlewares-geoblock".settings.http = {
middlewares = {
whitelist-geoblock = {
plugin = {
geoblock = {
@@ -268,6 +226,11 @@ in
};
};
};
};
};
"middlewares-ipallowlist".settings.http = {
middlewares = {
internal-ipallowlist = {
ipAllowList = {
sourceRange = [
@@ -277,13 +240,20 @@ in
};
};
};
};
"services-auth".settings.http = {
services = {
auth.loadBalancer.servers = [
{
url = authUrl;
}
];
};
};
"services-cache".settings.http = {
services = {
cache.loadBalancer = {
servers = [
{
@@ -292,19 +262,22 @@ in
];
serversTransport = "http1";
};
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
};
};
"services-nginx".settings.http = {
services = {
nginx.loadBalancer.servers = [
{
url = "http://localhost:8188";
}
];
}
// reverseProxyServiceConfigs;
};
};
"services-generated".settings.http = reverseProxyServiceConfigs;
"routers-auth".settings.http = {
routers = {
auth = {
entryPoints = [ "websecure" ];
@@ -317,7 +290,11 @@ in
priority = 15;
tls.certResolver = "letsencrypt";
};
};
};
"routers-matrix2".settings.http = {
routers = {
matrix2 = {
entryPoints = [ "websecure" ];
rule = "Host(`matrix.mjallen.dev`) && PathPrefix(`/.well-known/matrix/`)";
@@ -329,7 +306,11 @@ in
priority = 1;
tls.certResolver = "letsencrypt";
};
};
};
"routers-matrix3".settings.http = {
routers = {
matrix3 = {
entryPoints = [ "websecure" ];
rule = "Host(`mjallen.dev`) && PathPrefix(`/.well-known/matrix/`)";
@@ -341,7 +322,11 @@ in
priority = 1;
tls.certResolver = "letsencrypt";
};
};
};
"routers-cache".settings.http = {
routers = {
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
@@ -350,7 +335,18 @@ in
priority = 10;
tls.certResolver = "letsencrypt";
};
};
};
"home-assistant".settings.http = {
services = {
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
};
routers = {
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
@@ -363,8 +359,9 @@ in
priority = 10;
tls.certResolver = "letsencrypt";
};
}
// reverseProxyRouterConfigs;
};
};
"routers-generated".settings.http = reverseProxyRouterConfigs;
};
};
};

76
modules/nixos/services/traefik/sops.nix Normal file
View File

@@ -0,0 +1,76 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.traefik;
in
{
config = mkIf cfg.enable {
sops = {
secrets = {
"jallen-nas/traefik/crowdsec/lapi-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/crowdsec/capi-machine-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/crowdsec/capi-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-zone-api-token" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-api-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-email" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
};
templates = {
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN=${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
};
};
};
}

5
modules/nixos/services/unmanic/default.nix
View File

@@ -19,10 +19,7 @@ let
autoStart = true;
image = "josh5/unmanic";
devices = [
"/dev/dri/renderD128:/dev/dri/renderD128"
"/dev/dri/card0:/dev/dri/card0"
"/dev/dri/renderD129:/dev/dri/renderD129"
"/dev/dri/card1:/dev/dri/card1"
"/dev/dri:/dev/dri"
];
volumes = [
"${cfg.configDir}/unmanic:/config"

5
secrets/nas-secrets.yaml
View File

@@ -13,6 +13,7 @@ jallen-nas:
cloudflare-api-key: ENC[AES256_GCM,data:SWCsa1YzUpl5aQmeVBzKjfkZdAfduX8pl5RKd+EP6pgyMCCc6Q==,iv:ccIzA1OzGyRnq8gxXAg4B3HHtKcvXhXKMWVuTs/PHLI=,tag:R9KrYDrAluTAyuv7DfYVWQ==,type:str]
cloudflare-email: ENC[AES256_GCM,data:WCe6JlTQnv2PXYcySZNbZ5Lv,iv:qc+o+GEqdRm3U5qBqvH23HOah3Sa63QzqZyDXWozcqo=,tag:v8YY3jCoVC8h12wHTFjkIg==,type:str]
crowdsec-capi: ENC[AES256_GCM,data:9T3e6CzJZOT1KAXlpG323oPmk9xsoVVWI/WYnhdmzyymj61LgNJKvA==,iv:NywJk/tkmIGR5jIgxpvheRBCrK64QytXAkr+40nn62M=,tag:XFeafjL/84r0fLa8UpjyjQ==,type:str]
crowdsec-firewall-bouncer-api-key: ENC[AES256_GCM,data:aGWazfVmD/j6PEK+UD7P0KQ+ArfL/lNx5EiHg/v6hUnLM3GASy2624/6eg==,iv:TIczLd7Tzxriz5ADOmrp6YYP/IU2cs5GMabfMhMTTl8=,tag:X9MB3nIg70OLM8S8a6eBuQ==,type:str]
collabora: ENC[AES256_GCM,data:tFbbm16DFMsxT0I1ogXTRwyTgkE=,iv:yzembXvJ9+DroplBUDiMPa/jn9pjpAI7f5oHSTaZedA=,tag:yprIBtaRIjaHW6nplLYYzQ==,type:str]
mariadb:
root_pass: ENC[AES256_GCM,data:AmZ3lU/GM9lMAjchF4kvjkIZlYX0KZV7ov0dxtnDmg==,iv:9JQuHWcb3/lCR3gw4PFtzMKxk85GXzFV35NguJydUkk=,tag:MEvmiYhAYa1LUGTN9wm/3w==,type:str]
@@ -221,8 +222,8 @@ sops:
L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co
7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-09T16:07:02Z"
mac: ENC[AES256_GCM,data:wObXRnXCkE5yfBpwtkuFnzlGaF2BugipRxnx0Z/pTwc6PENKHrCFqnuOdb4EDnlYBGXTGSCUzksWS1kZVc8SF0tiimzlPAB9suS31386I3ex+IJNlouv6MFkvBpeI5OnMo7y/eJVK9GBmC5bxoNhySMAQBRCuDGs9uCaTHdYkRI=,iv:kAInXG7UMeIN/ZJwmwY2cd6V/n3fxOUodvCP0sADvcc=,tag:oFa8zO9WNOGLQZKC7vTN+A==,type:str]
lastmodified: "2026-02-12T04:19:13Z"
mac: ENC[AES256_GCM,data:t3sxHQSeVb1agLpIuC4Mm/6hIvlhA4d4WWJu8y3vm3rHafhZK9HKQYDJ48fB/oMNpszy0IcgSP7j9WQPPKKAcsDRj7fHu67Z9lFyv+C12leBm1kCKmp5e4fl8aykQRSxT2Sy5eo4yt+8PTUOd8Cet3tYO/riSgvWtL6iCEjO9ik=,iv:7uLvDk7suunzx2kVoK8JV/bAFeHnJDDF+vInhiw2K6I=,tag:Dnov7AhsMzLaJT9p9f99Sg==,type:str]
pgp:
- created_at: "2026-02-06T15:34:30Z"
enc: |-

8
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -11,13 +11,13 @@ in
${namespace} = {
services = {
actual = {
enable = true;
enable = false;
port = 3333;
createUser = true;
reverseProxy = enabled;
};
ai = {
enable = true;
enable = false;
};
arrs = {
enable = true;
@@ -49,7 +49,7 @@ in
enable = true;
port = 6066;
};
caddy = disabled;
caddy = enabled;
calibre = {
enable = false;
port = 8084;
@@ -197,7 +197,7 @@ in
port = 8265;
serverPort = 8266;
};
traefik = enabled;
traefik = disabled;
unmanic = {
enable = true;
port = 8265;

1
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -137,6 +137,7 @@ in
allowedTCPPorts = [
80
443
8080
8008 # restic
9000 # authentik
2342 # grafana

4
systems/x86_64-linux/jallen-nas/sops.nix
View File

@@ -98,6 +98,10 @@ in
# crowdsec
# ------------------------------
# "jallen-nas/crowdsec-firewall-bouncer-api-key" = {
# restartUnits = [ "crowdsec-firewall-bouncer.service" ];
# };
# "jallen-nas/crowdsec-capi" = {
# sopsFile = defaultSops;
# owner = "crowdsec";