mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

net

Browse Source
This commit is contained in:
mjallen18
2026-03-30 16:09:25 -05:00
parent 8d8d49bd38
commit a88736cf6e
23 changed files with 273 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/nixos/homeassistant/services/homeassistant/default.nix
View File

@@ -8,6 +8,7 @@
with lib;
let
cfg = config.${namespace}.services.home-assistant;
net = lib.${namespace}.network;
in
{
# disabledModules = [
@@ -348,16 +349,15 @@ in
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"172.30.33.0/24"
"10.0.1.4"
"10.0.1.3"
"10.0.1.18"
"10.0.1.0/24"
net.subnet.docker
net.hosts.nuc.lan
net.hosts.nas.lan
net.subnet.lan
];
};
recorder = {
db_url = "postgresql://homeassistant@10.0.1.3/homeassistant";
db_url = "postgresql://homeassistant@${net.hosts.nas.lan}/homeassistant";
purge_keep_days = 180;
};

7
modules/nixos/services/caddy/default.nix
View File

@@ -9,6 +9,7 @@ with lib;
let
name = "caddy";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
caddyPackage = pkgs.caddy.withPlugins {
plugins = [
@@ -45,7 +46,7 @@ let
@hass host hass.mjallen.dev
handle @hass {
reverse_proxy http://10.0.1.4:8123
reverse_proxy http://${net.hosts.nuc.lan}:${toString net.ports.nuc.homeAssistant}
}
'';
};
@@ -53,12 +54,12 @@ let
"sonarr.mjallen.dev" = {
extraConfig = ''
@sonarr {
remote_ip 10.0.1.0/24 10.1.1.0/16
remote_ip ${net.subnet.lan} ${net.subnet.nebula}
host sonarr.mjallen.dev
}
handle @sonarr {
reverse_proxy 10.0.1.3:8989
reverse_proxy ${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}
}
handle {

7
modules/nixos/services/cockpit/default.nix
View File

@@ -8,6 +8,7 @@
let
name = "cockpit";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
cockpitConfig = lib.${namespace}.mkModule {
inherit config name;
@@ -18,9 +19,9 @@ let
port = cfg.port;
openFirewall = cfg.openFirewall;
allowed-origins = [
"https://10.0.1.3:${toString cfg.port}"
"https://jallen-nas:${toString cfg.port}"
"https://jallen-nas.local:${toString cfg.port}"
"https://${net.hosts.nas.lan}:${toString cfg.port}"
"https://${net.hosts.nas.hostname}:${toString cfg.port}"
"https://${net.hosts.nas.hostname}.local:${toString cfg.port}"
];
plugins = with pkgs.${namespace}; [
# cockpit-benchmark

5
modules/nixos/services/collabora/default.nix
View File

@@ -7,6 +7,7 @@
let
name = "collabora";
cfg = config.${namespace}.services.${name};
topology = lib.${namespace}.network;
collaboraConfig = lib.${namespace}.mkModule {
inherit config name;
@@ -30,8 +31,8 @@ let
post_allow.host = [
"cloud.mjallen.dev"
"office.mjallen.dev"
"10.0.1.3"
"10.0.1.0/24"
topology.hosts.nas.lan
topology.subnet.lan
];
frame_ancestors = "cloud.mjallen.dev";
};

13
modules/nixos/services/glance/default.nix
View File

@@ -7,6 +7,7 @@
let
name = "glance";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
glanceConfig = lib.${namespace}.mkModule {
inherit config name;
@@ -117,7 +118,7 @@ let
}
{
title = "AdGuard Home";
url = "http://10.0.1.2:3000/";
url = "http://${net.hosts.pi5.lan}:${toString net.ports.pi5.adguard}/";
icon = "si:adguard";
allow-insecure = true;
}
@@ -128,13 +129,13 @@ let
}
{
title = "Manyfold";
url = "http://10.0.1.3:3214/collections";
url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.manyfold}/collections";
icon = "sh:manyfold";
allow-insecure = true;
}
{
title = "Code Server";
url = "http://10.0.1.3:4444/";
url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.codeServer}/";
icon = "si:vscodium";
allow-insecure = true;
}
@@ -146,7 +147,7 @@ let
}
{
title = "Sonarr";
url = "http://10.0.1.3:8989/";
url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}/";
icon = "si:sonarr";
allow-insecure = true;
basic-auth = {
@@ -156,7 +157,7 @@ let
}
{
title = "Radarr";
url = "http://10.0.1.3:7878/";
url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.radarr}/";
icon = "si:radarr";
allow-insecure = true;
basic-auth = {
@@ -166,7 +167,7 @@ let
}
{
title = "Sabnzbd";
url = "http://10.0.1.3:8280/";
url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sabnzbd}/";
icon = "si:sabnzbd";
allow-insecure = true;
basic-auth = {

3
modules/nixos/services/grimmory/default.nix
View File

@@ -6,6 +6,7 @@
}:
let
cfg = config.${namespace}.services.grimmory;
net = lib.${namespace}.network;
in
{
imports = [
@@ -23,7 +24,7 @@ in
USER_ID = "1000";
GROUP_ID = "1000";
TZ = "UTC";
DATABASE_URL = "jdbc:mariadb://10.0.1.3:3306/grimmory";
DATABASE_URL = "jdbc:mariadb://${net.hosts.nas.lan}:${toString net.ports.nas.mariadb}/grimmory";
DATABASE_USERNAME = "grimmory";
DATABASE_PASSWORD = "Lucifer008!";
};

3
modules/nixos/services/immich/default.nix
View File

@@ -8,6 +8,7 @@ with lib;
let
name = "immich";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
immichConfig = lib.${namespace}.mkModule {
@@ -26,7 +27,7 @@ let
environment = {
IMMICH_HOST = lib.mkForce cfg.listenAddress;
IMMICH_TRUSTED_PROXIES = "10.0.1.3";
IMMICH_TRUSTED_PROXIES = net.hosts.nas.lan;
TZ = "America/Chicago";
};

5
modules/nixos/services/nextcloud/default.nix
View File

@@ -9,6 +9,7 @@ with lib;
let
name = "nextcloud";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
nextcloudConfig = lib.${namespace}.mkModule {
inherit config name;
@@ -90,13 +91,13 @@ let
log_type = "file";
default_phone_region = "US";
trusted_proxies = [
"10.0.1.3"
net.hosts.nas.lan
"127.0.0.1"
"::1"
];
trusted_domains = [
"cloud.mjallen.dev"
"10.0.1.3:${toString cfg.port}"
"${net.hosts.nas.lan}:${toString cfg.port}"
];
enabledPreviewProviders = [
"OC\\Preview\\PNG"

3
modules/nixos/services/onlyoffice/default.nix
View File

@@ -7,6 +7,7 @@
let
name = "onlyoffice";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
onlyofficeConfig = lib.${namespace}.mkModule {
@@ -21,7 +22,7 @@ let
hostname = "office.mjallen.dev";
jwtSecretFile = jwtSecretFile;
securityNonceFile = jwtSecretFile;
postgresHost = "10.0.1.3";
postgresHost = net.hosts.nas.lan;
postgresUser = "onlyoffice";
postgresName = "onlyoffice";
};

5
modules/nixos/services/opencloud/default.nix
View File

@@ -8,6 +8,7 @@ with lib;
let
name = "opencloud";
cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
opencloudConfig = lib.${namespace}.mkModule {
inherit config name;
@@ -26,8 +27,8 @@ let
PROXY_TLS = "false"; # disable https when behind reverse-proxy
INITIAL_ADMIN_PASSWORD = "BogieDudie1";
OC_DB_TYPE = "postgres";
OC_DB_HOST = "10.0.1.3";
OC_DB_PORT = "5432";
OC_DB_HOST = net.hosts.nas.lan;
OC_DB_PORT = toString net.ports.nas.postgresql;
OC_DB_USER = "opencloud";
OC_DB_NAME = "opencloud";
OC_INSECURE = "true";

3
modules/nixos/services/owncloud/default.nix
View File

@@ -7,6 +7,7 @@
with lib;
let
cfg = config.${namespace}.services.ocis;
net = lib.${namespace}.network;
in
{
options.${namespace}.services.ocis = {
@@ -71,7 +72,7 @@ in
environment = {
OCIS_INSECURE = "true";
PROXY_HTTP_ADDR = "0.0.0.0:9200";
OCIS_URL = "https://10.0.1.3:9988";
OCIS_URL = "https://${net.hosts.nas.lan}:${toString net.ports.nas.nextcloud}";
OCIS_ADMIN_PASSWORD = "BogieDudie1";
OCIS_LDAP_BIND_PASSWORD = "BogieDudie1";
PROXY_OIDC_CLIENT_SECRET = "BogieDudie1";

11
modules/nixos/services/sparky-fitness/default.nix
View File

@@ -6,6 +6,7 @@
}:
let
inherit (lib.${namespace}) mkContainerService mkSopsEnvFile;
net = lib.${namespace}.network;
serverName = "sparky-fitness-server";
frontendName = "sparky-fitness";
@@ -50,15 +51,15 @@ in
SPARKY_FITNESS_LOG_LEVEL = "0";
ALLOW_PRIVATE_NETWORK_CORS = "false";
SPARKY_FITNESS_DB_USER = "sparkyfitness";
SPARKY_FITNESS_DB_HOST = "10.0.1.3";
SPARKY_FITNESS_DB_HOST = net.hosts.nas.lan;
SPARKY_FITNESS_DB_NAME = "sparkyfitness";
SPARKY_FITNESS_APP_DB_USER = "sparkyfitness";
SPARKY_FITNESS_DB_PORT = "5432";
SPARKY_FITNESS_DB_PORT = toString net.ports.nas.postgresql;
SPARKY_FITNESS_FRONTEND_URL = "https://sparky.mjallen.dev";
SPARKY_FITNESS_DISABLE_SIGNUP = "true";
SPARKY_FITNESS_ADMIN_EMAIL = "jalle008@proton.me";
SPARKY_FITNESS_FORCE_EMAIL_LOGIN = "true";
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "http://10.0.1.3:${toString serverCfg.port}";
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "http://${net.hosts.nas.lan}:${toString serverCfg.port}";
SPARKY_FITNESS_OIDC_AUTH_ENABLED = "true";
};
})
@@ -69,8 +70,8 @@ in
image = "codewithcj/sparkyfitness";
internalPort = 80;
environment = {
SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}";
SPARKY_FITNESS_SERVER_HOST = "10.0.1.3";
SPARKY_FITNESS_FRONTEND_URL = "http://${net.hosts.nas.lan}:${toString frontendCfg.port}";
SPARKY_FITNESS_SERVER_HOST = net.hosts.nas.lan;
SPARKY_FITNESS_SERVER_PORT = "${toString serverCfg.port}";
};
})

3
modules/nixos/services/termix/default.nix
View File

@@ -6,6 +6,7 @@
}:
let
cfg = config.${namespace}.services.termix;
net = lib.${namespace}.network;
inherit (lib.${namespace}) mkSopsEnvFile mkContainerService;
in
{
@@ -40,7 +41,7 @@ in
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3";
GUACD_HOST = net.hosts.nas.lan;
};
})
];

3
modules/nixos/services/your-spotify/default.nix
View File

@@ -6,6 +6,7 @@
}:
let
inherit (lib.${namespace}) mkOpt mkModule;
net = lib.${namespace}.network;
name = "your-spotify";
cfg = config.${namespace}.services.${name};
in
@@ -36,7 +37,7 @@ in
# TODO: move Spotify API keys to sops secrets
SPOTIFY_PUBLIC = "e270589d72a6494680a17d325af8670d";
SPOTIFY_SECRET = "423cb7b69fe8486e89eccd01e0c22924";
MONGO_ENDPOINT = "mongodb://10.0.1.3:27017";
MONGO_ENDPOINT = "mongodb://${net.hosts.nas.lan}:${toString net.ports.nas.mongodb}";
};
};