mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

net

Browse Source
This commit is contained in:
mjallen18
2026-03-30 16:09:25 -05:00
parent 8d8d49bd38
commit a88736cf6e
23 changed files with 273 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
lib/network/default.nix Normal file
View File

@@ -0,0 +1,185 @@
# Central network topology registry.
#
# Exposed as lib.<namespace>.network.* (Snowfall Lib merges lib/ sub-directories
# automatically, so this file is reachable as lib.mjallen.network inside any
# NixOS module, home-manager module, or package that receives `lib`).
#
# Usage examples:
#
# let net = lib.mjallen.network; in
# net.hosts.nas.lan # "10.0.1.3"
# net.hosts.nas.lan4 # "10.0.1.3/24" (CIDR notation)
# net.hosts.nuc.lan # "10.0.1.4"
# net.hosts.pi5.nebula # "10.1.1.1"
# net.subnet.lan # "10.0.1.0/24"
# net.subnet.nebula # "10.1.1.0/24"
# net.ports.nas.nextcloud # 9988
# net.domain # "mjallen.dev"
#
# All attributes intentionally use plain strings / ints so they can be
# interpolated with `toString` or used directly in any context.
{ ... }:
{
network = {
# -----------------------------------------------------------------------
# Global domain
# -----------------------------------------------------------------------
domain = "mjallen.dev";
# -----------------------------------------------------------------------
# Subnets
# -----------------------------------------------------------------------
subnet = {
lan = "10.0.1.0/24";
nebula = "10.1.1.0/24";
# Docker / container bridge used by Home Assistant
docker = "172.30.33.0/24";
};
# -----------------------------------------------------------------------
# Hosts
# Each host exposes:
# lan — bare IPv4 address (no prefix length)
# lan4 — IPv4 address with /24 CIDR suffix (for static IP config)
# nebula — Nebula overlay IP (where applicable)
# -----------------------------------------------------------------------
hosts = {
# ---- Raspberry Pi 5 (pi5) — DNS / Nebula lighthouse ----------------
pi5 = {
hostname = "pi5";
lan = "10.0.1.2";
lan4 = "10.0.1.2/24";
nebula = "10.1.1.1";
gateway = "10.0.1.1";
};
# ---- NAS (jallen-nas) — primary server -----------------------------
nas = {
hostname = "jallen-nas";
lan = "10.0.1.3";
lan4 = "10.0.1.3/24";
nebula = "10.1.1.3";
gateway = "10.0.1.1";
};
# ---- Intel NUC (nuc-nixos) — Home Assistant host -------------------
nuc = {
hostname = "nuc-nixos";
lan = "10.0.1.4";
lan4 = "10.0.1.4/24";
nebula = "10.1.1.4";
gateway = "10.0.1.1";
};
# ---- MacBook Pro (macbook-pro-nixos) — Apple Silicon laptop --------
macbook = {
hostname = "macbook-pro-nixos";
nebula = "10.1.1.8";
};
# ---- ASUS ROG Ally X (allyx) ----------------------------------------
allyx = {
hostname = "allyx";
nebula = "10.1.1.10";
};
# ---- Router / gateway / AdGuard upstream ---------------------------
router = {
hostname = "router";
lan = "10.0.1.1";
lan4 = "10.0.1.1/24";
};
};
# -----------------------------------------------------------------------
# Service ports
# Grouped by host. Every entry matches the port set in apps.nix / the
# corresponding mkModule option so there is a single source of truth.
# -----------------------------------------------------------------------
ports = {
# ---- pi5 services --------------------------------------------------
pi5 = {
adguard = 3000;
nebula = 4242;
dns = 53;
};
# ---- NAS services --------------------------------------------------
nas = {
actual = 3333;
attic = 9012;
authentik = 9000;
authentikRac = 4823;
calibre = 8084;
calibreWeb = 8083;
codeServer = 4444;
cockpit = 9091;
collabora = 9980;
coturn = 3478;
crowdsec = 8181;
dispatcharr = 9191;
elasticsearch = 9200;
gitea = 3000;
giteaSsh = 2222;
glance = 5555;
glances = 61208;
grafana = 9999;
grimmory = 6066;
guacd = 4822;
headscale = 2112;
immich = 2283;
jellyfin = 8096;
jellyseerr = 5055;
kavita = 5000;
llamaCpp = 8127;
lubelogger = 6754;
manyfold = 3214;
mariadb = 3306;
matrix = 8448;
mongodb = 27017;
nebula = 4242;
netbootxyz = 4000;
netbootxyzWeb = 4080;
nextcloud = 9988;
ntfy = 2586;
nutUpsd = 3493;
ocis = 9200;
onlyoffice = 9943;
opencloud = 9200;
orcaSlicer = 3100;
paperless = 28981;
paperlessAi = 28982;
postgresql = 5432;
protonmailSmtp = 1025;
protonmailImap = 1143;
redisCcache = 6363;
redisManyfold = 6380;
redisOnlyoffice = 6381;
resticServer = 8008;
sabnzbd = 8280;
sonarr = 8989;
radarr = 7878;
sparkyFitnessFe = 3004;
sparkyFitnessBe = 3010;
sunshine = 47989;
tdarr = 8265;
tdarrServer = 8266;
termix = 7777;
tunarr = 8000;
unmanic = 8265;
uptimeKuma = 3001;
wyomingPiper = 10200;
wyomingWhisper = 10300;
};
# ---- NUC services --------------------------------------------------
nuc = {
homeAssistant = 8123;
mqtt = 1883;
otbr = 8880;
otbrRest = 8881;
esphome = 6052;
};
};
};
}

5
lib/nix-settings/default.nix
View File

@@ -8,10 +8,13 @@
# lib.${namespace}.nixSettings.commonSettings # lib.${namespace}.nixSettings.commonSettings
# lib.${namespace}.nixSettings.commonGc # lib.${namespace}.nixSettings.commonGc
{ lib, ... }: { lib, ... }:
let
net = lib.mjallen.network;
in
{ {
nixSettings = { nixSettings = {
commonSubstituters = [ commonSubstituters = [
"http://10.0.1.3:9012/nas-cache" "http://${net.hosts.nas.lan}:${toString net.ports.nas.attic}/nas-cache"
"https://nixos-apple-silicon.cachix.org" "https://nixos-apple-silicon.cachix.org"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"

5
modules/home/programs/opencode/default.nix
View File

@@ -7,6 +7,7 @@
}: }:
let let
cfg = config.${namespace}.programs.opencode; cfg = config.${namespace}.programs.opencode;
net = lib.${namespace}.network;
in in
{ {
options.${namespace}.programs.opencode = { options.${namespace}.programs.opencode = {
@@ -19,7 +20,7 @@ in
sops.templates."hass-mcp.env" = { sops.templates."hass-mcp.env" = {
mode = "0600"; mode = "0600";
content = '' content = ''
HA_URL=http://10.0.1.4:8123 HA_URL=http://${net.hosts.nuc.lan}:${toString net.ports.nuc.homeAssistant}
HA_TOKEN=${config.sops.placeholder."hass-mcp/token"} HA_TOKEN=${config.sops.placeholder."hass-mcp/token"}
''; '';
}; };
@@ -33,7 +34,7 @@ in
npm = "@ai-sdk/openai-compatible"; npm = "@ai-sdk/openai-compatible";
name = "llama-server (local)"; name = "llama-server (local)";
options = { options = {
baseURL = "http://10.0.1.3:8127/v1"; baseURL = "http://${net.hosts.nas.lan}:${toString net.ports.nas.llamaCpp}/v1";
}; };
models = { models = {
Qwen3-Coder-Next-Q4_0 = { Qwen3-Coder-Next-Q4_0 = {

7
modules/home/shell-aliases/default.nix
View File

@@ -6,6 +6,7 @@
}: }:
let let
cfg = config.${namespace}.shell-aliases; cfg = config.${namespace}.shell-aliases;
net = lib.${namespace}.network;
in in
{ {
options.${namespace}.shell-aliases = { options.${namespace}.shell-aliases = {
@@ -13,7 +14,7 @@ in
buildHost = lib.mkOption { buildHost = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "admin@10.0.1.3"; default = "admin@${net.hosts.nas.lan}";
description = "Build host for nixos-rebuild commands"; description = "Build host for nixos-rebuild commands";
}; };
@@ -50,8 +51,8 @@ in
) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos"; ) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos";
# NAS management # NAS management
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas"; update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@${net.hosts.nas.lan} --build-host admin@${net.hosts.nas.lan} --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3"; nas-ssh = "kitten ssh admin@${net.hosts.nas.lan}";
} }
// cfg.extraAliases; // cfg.extraAliases;
}; };

12
modules/nixos/homeassistant/services/homeassistant/default.nix
View File

@@ -8,6 +8,7 @@
with lib; with lib;
let let
cfg = config.${namespace}.services.home-assistant; cfg = config.${namespace}.services.home-assistant;
net = lib.${namespace}.network;
in in
{ {
# disabledModules = [ # disabledModules = [
@@ -348,16 +349,15 @@ in
http = { http = {
use_x_forwarded_for = true; use_x_forwarded_for = true;
trusted_proxies = [ trusted_proxies = [
"172.30.33.0/24" net.subnet.docker
"10.0.1.4" net.hosts.nuc.lan
"10.0.1.3" net.hosts.nas.lan
"10.0.1.18" net.subnet.lan
"10.0.1.0/24"
]; ];
}; };
recorder = { recorder = {
db_url = "postgresql://homeassistant@10.0.1.3/homeassistant"; db_url = "postgresql://homeassistant@${net.hosts.nas.lan}/homeassistant";
purge_keep_days = 180; purge_keep_days = 180;
}; };

7
modules/nixos/services/caddy/default.nix
View File

@@ -9,6 +9,7 @@ with lib;
let let
name = "caddy"; name = "caddy";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
caddyPackage = pkgs.caddy.withPlugins { caddyPackage = pkgs.caddy.withPlugins {
plugins = [ plugins = [
@@ -45,7 +46,7 @@ let
@hass host hass.mjallen.dev @hass host hass.mjallen.dev
handle @hass { handle @hass {
reverse_proxy http://10.0.1.4:8123 reverse_proxy http://${net.hosts.nuc.lan}:${toString net.ports.nuc.homeAssistant}
} }
''; '';
}; };
@@ -53,12 +54,12 @@ let
"sonarr.mjallen.dev" = { "sonarr.mjallen.dev" = {
extraConfig = '' extraConfig = ''
@sonarr { @sonarr {
remote_ip 10.0.1.0/24 10.1.1.0/16 remote_ip ${net.subnet.lan} ${net.subnet.nebula}
host sonarr.mjallen.dev host sonarr.mjallen.dev
} }
handle @sonarr { handle @sonarr {
reverse_proxy 10.0.1.3:8989 reverse_proxy ${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}
} }
handle { handle {

7
modules/nixos/services/cockpit/default.nix
View File

@@ -8,6 +8,7 @@
let let
name = "cockpit"; name = "cockpit";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
cockpitConfig = lib.${namespace}.mkModule { cockpitConfig = lib.${namespace}.mkModule {
inherit config name; inherit config name;
@@ -18,9 +19,9 @@ let
port = cfg.port; port = cfg.port;
openFirewall = cfg.openFirewall; openFirewall = cfg.openFirewall;
allowed-origins = [ allowed-origins = [
"https://10.0.1.3:${toString cfg.port}" "https://${net.hosts.nas.lan}:${toString cfg.port}"
"https://jallen-nas:${toString cfg.port}" "https://${net.hosts.nas.hostname}:${toString cfg.port}"
"https://jallen-nas.local:${toString cfg.port}" "https://${net.hosts.nas.hostname}.local:${toString cfg.port}"
]; ];
plugins = with pkgs.${namespace}; [ plugins = with pkgs.${namespace}; [
# cockpit-benchmark # cockpit-benchmark

5
modules/nixos/services/collabora/default.nix
View File

@@ -7,6 +7,7 @@
let let
name = "collabora"; name = "collabora";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
topology = lib.${namespace}.network;
collaboraConfig = lib.${namespace}.mkModule { collaboraConfig = lib.${namespace}.mkModule {
inherit config name; inherit config name;
@@ -30,8 +31,8 @@ let
post_allow.host = [ post_allow.host = [
"cloud.mjallen.dev" "cloud.mjallen.dev"
"office.mjallen.dev" "office.mjallen.dev"
"10.0.1.3" topology.hosts.nas.lan
"10.0.1.0/24" topology.subnet.lan
]; ];
frame_ancestors = "cloud.mjallen.dev"; frame_ancestors = "cloud.mjallen.dev";
}; };

13
modules/nixos/services/glance/default.nix
View File

@@ -7,6 +7,7 @@
let let
name = "glance"; name = "glance";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
glanceConfig = lib.${namespace}.mkModule { glanceConfig = lib.${namespace}.mkModule {
inherit config name; inherit config name;
@@ -117,7 +118,7 @@ let
} }
{ {
title = "AdGuard Home"; title = "AdGuard Home";
url = "http://10.0.1.2:3000/"; url = "http://${net.hosts.pi5.lan}:${toString net.ports.pi5.adguard}/";
icon = "si:adguard"; icon = "si:adguard";
allow-insecure = true; allow-insecure = true;
} }
@@ -128,13 +129,13 @@ let
} }
{ {
title = "Manyfold"; title = "Manyfold";
url = "http://10.0.1.3:3214/collections"; url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.manyfold}/collections";
icon = "sh:manyfold"; icon = "sh:manyfold";
allow-insecure = true; allow-insecure = true;
} }
{ {
title = "Code Server"; title = "Code Server";
url = "http://10.0.1.3:4444/"; url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.codeServer}/";
icon = "si:vscodium"; icon = "si:vscodium";
allow-insecure = true; allow-insecure = true;
} }
@@ -146,7 +147,7 @@ let
} }
{ {
title = "Sonarr"; title = "Sonarr";
url = "http://10.0.1.3:8989/"; url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sonarr}/";
icon = "si:sonarr"; icon = "si:sonarr";
allow-insecure = true; allow-insecure = true;
basic-auth = { basic-auth = {
@@ -156,7 +157,7 @@ let
} }
{ {
title = "Radarr"; title = "Radarr";
url = "http://10.0.1.3:7878/"; url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.radarr}/";
icon = "si:radarr"; icon = "si:radarr";
allow-insecure = true; allow-insecure = true;
basic-auth = { basic-auth = {
@@ -166,7 +167,7 @@ let
} }
{ {
title = "Sabnzbd"; title = "Sabnzbd";
url = "http://10.0.1.3:8280/"; url = "http://${net.hosts.nas.lan}:${toString net.ports.nas.sabnzbd}/";
icon = "si:sabnzbd"; icon = "si:sabnzbd";
allow-insecure = true; allow-insecure = true;
basic-auth = { basic-auth = {

3
modules/nixos/services/grimmory/default.nix
View File

@@ -6,6 +6,7 @@
}: }:
let let
cfg = config.${namespace}.services.grimmory; cfg = config.${namespace}.services.grimmory;
net = lib.${namespace}.network;
in in
{ {
imports = [ imports = [
@@ -23,7 +24,7 @@ in
USER_ID = "1000"; USER_ID = "1000";
GROUP_ID = "1000"; GROUP_ID = "1000";
TZ = "UTC"; TZ = "UTC";
DATABASE_URL = "jdbc:mariadb://10.0.1.3:3306/grimmory"; DATABASE_URL = "jdbc:mariadb://${net.hosts.nas.lan}:${toString net.ports.nas.mariadb}/grimmory";
DATABASE_USERNAME = "grimmory"; DATABASE_USERNAME = "grimmory";
DATABASE_PASSWORD = "Lucifer008!"; DATABASE_PASSWORD = "Lucifer008!";
}; };

3
modules/nixos/services/immich/default.nix
View File

@@ -8,6 +8,7 @@ with lib;
let let
name = "immich"; name = "immich";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path; dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
immichConfig = lib.${namespace}.mkModule { immichConfig = lib.${namespace}.mkModule {
@@ -26,7 +27,7 @@ let
environment = { environment = {
IMMICH_HOST = lib.mkForce cfg.listenAddress; IMMICH_HOST = lib.mkForce cfg.listenAddress;
IMMICH_TRUSTED_PROXIES = "10.0.1.3"; IMMICH_TRUSTED_PROXIES = net.hosts.nas.lan;
TZ = "America/Chicago"; TZ = "America/Chicago";
}; };

5
modules/nixos/services/nextcloud/default.nix
View File

@@ -9,6 +9,7 @@ with lib;
let let
name = "nextcloud"; name = "nextcloud";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
nextcloudConfig = lib.${namespace}.mkModule { nextcloudConfig = lib.${namespace}.mkModule {
inherit config name; inherit config name;
@@ -90,13 +91,13 @@ let
log_type = "file"; log_type = "file";
default_phone_region = "US"; default_phone_region = "US";
trusted_proxies = [ trusted_proxies = [
"10.0.1.3" net.hosts.nas.lan
"127.0.0.1" "127.0.0.1"
"::1" "::1"
]; ];
trusted_domains = [ trusted_domains = [
"cloud.mjallen.dev" "cloud.mjallen.dev"
"10.0.1.3:${toString cfg.port}" "${net.hosts.nas.lan}:${toString cfg.port}"
]; ];
enabledPreviewProviders = [ enabledPreviewProviders = [
"OC\\Preview\\PNG" "OC\\Preview\\PNG"

3
modules/nixos/services/onlyoffice/default.nix
View File

@@ -7,6 +7,7 @@
let let
name = "onlyoffice"; name = "onlyoffice";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
onlyofficeConfig = lib.${namespace}.mkModule { onlyofficeConfig = lib.${namespace}.mkModule {
@@ -21,7 +22,7 @@ let
hostname = "office.mjallen.dev"; hostname = "office.mjallen.dev";
jwtSecretFile = jwtSecretFile; jwtSecretFile = jwtSecretFile;
securityNonceFile = jwtSecretFile; securityNonceFile = jwtSecretFile;
postgresHost = "10.0.1.3"; postgresHost = net.hosts.nas.lan;
postgresUser = "onlyoffice"; postgresUser = "onlyoffice";
postgresName = "onlyoffice"; postgresName = "onlyoffice";
}; };

5
modules/nixos/services/opencloud/default.nix
View File

@@ -8,6 +8,7 @@ with lib;
let let
name = "opencloud"; name = "opencloud";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
net = lib.${namespace}.network;
opencloudConfig = lib.${namespace}.mkModule { opencloudConfig = lib.${namespace}.mkModule {
inherit config name; inherit config name;
@@ -26,8 +27,8 @@ let
PROXY_TLS = "false"; # disable https when behind reverse-proxy PROXY_TLS = "false"; # disable https when behind reverse-proxy
INITIAL_ADMIN_PASSWORD = "BogieDudie1"; INITIAL_ADMIN_PASSWORD = "BogieDudie1";
OC_DB_TYPE = "postgres"; OC_DB_TYPE = "postgres";
OC_DB_HOST = "10.0.1.3"; OC_DB_HOST = net.hosts.nas.lan;
OC_DB_PORT = "5432"; OC_DB_PORT = toString net.ports.nas.postgresql;
OC_DB_USER = "opencloud"; OC_DB_USER = "opencloud";
OC_DB_NAME = "opencloud"; OC_DB_NAME = "opencloud";
OC_INSECURE = "true"; OC_INSECURE = "true";

3
modules/nixos/services/owncloud/default.nix
View File

@@ -7,6 +7,7 @@
with lib; with lib;
let let
cfg = config.${namespace}.services.ocis; cfg = config.${namespace}.services.ocis;
net = lib.${namespace}.network;
in in
{ {
options.${namespace}.services.ocis = { options.${namespace}.services.ocis = {
@@ -71,7 +72,7 @@ in
environment = { environment = {
OCIS_INSECURE = "true"; OCIS_INSECURE = "true";
PROXY_HTTP_ADDR = "0.0.0.0:9200"; PROXY_HTTP_ADDR = "0.0.0.0:9200";
OCIS_URL = "https://10.0.1.3:9988"; OCIS_URL = "https://${net.hosts.nas.lan}:${toString net.ports.nas.nextcloud}";
OCIS_ADMIN_PASSWORD = "BogieDudie1"; OCIS_ADMIN_PASSWORD = "BogieDudie1";
OCIS_LDAP_BIND_PASSWORD = "BogieDudie1"; OCIS_LDAP_BIND_PASSWORD = "BogieDudie1";
PROXY_OIDC_CLIENT_SECRET = "BogieDudie1"; PROXY_OIDC_CLIENT_SECRET = "BogieDudie1";

11
modules/nixos/services/sparky-fitness/default.nix
View File

@@ -6,6 +6,7 @@
}: }:
let let
inherit (lib.${namespace}) mkContainerService mkSopsEnvFile; inherit (lib.${namespace}) mkContainerService mkSopsEnvFile;
net = lib.${namespace}.network;
serverName = "sparky-fitness-server"; serverName = "sparky-fitness-server";
frontendName = "sparky-fitness"; frontendName = "sparky-fitness";
@@ -50,15 +51,15 @@ in
SPARKY_FITNESS_LOG_LEVEL = "0"; SPARKY_FITNESS_LOG_LEVEL = "0";
ALLOW_PRIVATE_NETWORK_CORS = "false"; ALLOW_PRIVATE_NETWORK_CORS = "false";
SPARKY_FITNESS_DB_USER = "sparkyfitness"; SPARKY_FITNESS_DB_USER = "sparkyfitness";
SPARKY_FITNESS_DB_HOST = "10.0.1.3"; SPARKY_FITNESS_DB_HOST = net.hosts.nas.lan;
SPARKY_FITNESS_DB_NAME = "sparkyfitness"; SPARKY_FITNESS_DB_NAME = "sparkyfitness";
SPARKY_FITNESS_APP_DB_USER = "sparkyfitness"; SPARKY_FITNESS_APP_DB_USER = "sparkyfitness";
SPARKY_FITNESS_DB_PORT = "5432"; SPARKY_FITNESS_DB_PORT = toString net.ports.nas.postgresql;
SPARKY_FITNESS_FRONTEND_URL = "https://sparky.mjallen.dev"; SPARKY_FITNESS_FRONTEND_URL = "https://sparky.mjallen.dev";
SPARKY_FITNESS_DISABLE_SIGNUP = "true"; SPARKY_FITNESS_DISABLE_SIGNUP = "true";
SPARKY_FITNESS_ADMIN_EMAIL = "jalle008@proton.me"; SPARKY_FITNESS_ADMIN_EMAIL = "jalle008@proton.me";
SPARKY_FITNESS_FORCE_EMAIL_LOGIN = "true"; SPARKY_FITNESS_FORCE_EMAIL_LOGIN = "true";
SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "http://10.0.1.3:${toString serverCfg.port}"; SPARKY_FITNESS_EXTRA_TRUSTED_ORIGINS = "http://${net.hosts.nas.lan}:${toString serverCfg.port}";
SPARKY_FITNESS_OIDC_AUTH_ENABLED = "true"; SPARKY_FITNESS_OIDC_AUTH_ENABLED = "true";
}; };
}) })
@@ -69,8 +70,8 @@ in
image = "codewithcj/sparkyfitness"; image = "codewithcj/sparkyfitness";
internalPort = 80; internalPort = 80;
environment = { environment = {
SPARKY_FITNESS_FRONTEND_URL = "http://10.0.1.3:${toString frontendCfg.port}"; SPARKY_FITNESS_FRONTEND_URL = "http://${net.hosts.nas.lan}:${toString frontendCfg.port}";
SPARKY_FITNESS_SERVER_HOST = "10.0.1.3"; SPARKY_FITNESS_SERVER_HOST = net.hosts.nas.lan;
SPARKY_FITNESS_SERVER_PORT = "${toString serverCfg.port}"; SPARKY_FITNESS_SERVER_PORT = "${toString serverCfg.port}";
}; };
}) })

3
modules/nixos/services/termix/default.nix
View File

@@ -6,6 +6,7 @@
}: }:
let let
cfg = config.${namespace}.services.termix; cfg = config.${namespace}.services.termix;
net = lib.${namespace}.network;
inherit (lib.${namespace}) mkSopsEnvFile mkContainerService; inherit (lib.${namespace}) mkSopsEnvFile mkContainerService;
in in
{ {
@@ -40,7 +41,7 @@ in
OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/"; OIDC_AUTHORIZATION_URL = "https://authentik.mjallen.dev/application/o/authorize/";
OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/"; OIDC_TOKEN_URL = "https://authentik.mjallen.dev/application/o/token/";
OIDC_FORCE_HTTPS = "true"; OIDC_FORCE_HTTPS = "true";
GUACD_HOST = "10.0.1.3"; GUACD_HOST = net.hosts.nas.lan;
}; };
}) })
]; ];

3
modules/nixos/services/your-spotify/default.nix
View File

@@ -6,6 +6,7 @@
}: }:
let let
inherit (lib.${namespace}) mkOpt mkModule; inherit (lib.${namespace}) mkOpt mkModule;
net = lib.${namespace}.network;
name = "your-spotify"; name = "your-spotify";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
in in
@@ -36,7 +37,7 @@ in
# TODO: move Spotify API keys to sops secrets # TODO: move Spotify API keys to sops secrets
SPOTIFY_PUBLIC = "e270589d72a6494680a17d325af8670d"; SPOTIFY_PUBLIC = "e270589d72a6494680a17d325af8670d";
SPOTIFY_SECRET = "423cb7b69fe8486e89eccd01e0c22924"; SPOTIFY_SECRET = "423cb7b69fe8486e89eccd01e0c22924";
MONGO_ENDPOINT = "mongodb://10.0.1.3:27017"; MONGO_ENDPOINT = "mongodb://${net.hosts.nas.lan}:${toString net.ports.nas.mongodb}";
}; };
}; };

9
systems/aarch64-linux/macbook-pro-nixos/filesystems.nix
View File

@@ -1,5 +1,6 @@
_: { lib, namespace, ... }:
let let
net = lib.${namespace}.network;
defaultNetworkShareOptions = [ defaultNetworkShareOptions = [
"sec=none" "sec=none"
"nofail" "nofail"
@@ -16,19 +17,19 @@ in
fileSystems = { fileSystems = {
# Network shares # Network shares
"/media/nas/backup" = { "/media/nas/backup" = {
device = "//10.0.1.3/Backup"; device = "//${net.hosts.nas.lan}/Backup";
fsType = "cifs"; fsType = "cifs";
options = defaultNetworkShareOptions; options = defaultNetworkShareOptions;
}; };
"/media/nas/isos" = { "/media/nas/isos" = {
device = "//10.0.1.3/isos"; device = "//${net.hosts.nas.lan}/isos";
fsType = "cifs"; fsType = "cifs";
options = defaultNetworkShareOptions; options = defaultNetworkShareOptions;
}; };
"/media/nas/3d_printer" = { "/media/nas/3d_printer" = {
device = "//10.0.1.3/3d_printer"; device = "//${net.hosts.nas.lan}/3d_printer";
fsType = "cifs"; fsType = "cifs";
options = defaultNetworkShareOptions; options = defaultNetworkShareOptions;
}; };

7
systems/aarch64-linux/pi5/adguard.nix
View File

@@ -1,4 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
let
net = lib.${namespace}.network;
in
{ {
services.resolved.enable = lib.mkForce false; services.resolved.enable = lib.mkForce false;
services.adguardhome = { services.adguardhome = {
@@ -30,7 +33,7 @@
trusted_proxies = [ trusted_proxies = [
"127.0.0.0/8" "127.0.0.0/8"
"::1/128" "::1/128"
"10.0.1.3" net.hosts.nas.lan
]; ];
cache_optimistic = true; cache_optimistic = true;
}; };

9
systems/aarch64-linux/pi5/default.nix
View File

@@ -7,6 +7,9 @@
namespace, namespace,
... ...
}: }:
let
net = lib.${namespace}.network;
in
{ {
imports = [ imports = [
./adguard.nix ./adguard.nix
@@ -119,11 +122,11 @@
# ################################################### # ###################################################
network = { network = {
hostName = "pi5"; hostName = net.hosts.pi5.hostname;
ipv4 = { ipv4 = {
method = "manual"; method = "manual";
address = "10.0.1.2/24"; address = net.hosts.pi5.lan4;
gateway = "10.0.1.1"; gateway = net.hosts.pi5.gateway;
dns = "1.1.1.1"; dns = "1.1.1.1";
interface = "end0"; interface = "end0";
}; };

8
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -7,6 +7,7 @@
}: }:
let let
inherit (lib.${namespace}) enabled disabled; inherit (lib.${namespace}) enabled disabled;
net = lib.${namespace}.network;
in in
{ {
imports = [ imports = [
@@ -122,11 +123,11 @@ in
# ################################################### # ###################################################
network = { network = {
hostName = "jallen-nas"; hostName = net.hosts.nas.hostname;
ipv4 = { ipv4 = {
address = "10.0.1.3"; address = net.hosts.nas.lan;
method = "manual"; method = "manual";
gateway = "10.0.1.1"; gateway = net.hosts.nas.gateway;
dns = "1.1.1.1"; dns = "1.1.1.1";
interface = "enp197s0"; interface = "enp197s0";
}; };
@@ -215,6 +216,7 @@ in
samba = { samba = {
enable = true; enable = true;
# Allow the LAN /24 subnet (strip the last octet from the NAS LAN IP for the prefix)
hostsAllow = "10.0.1. 127.0.0.1 localhost"; hostsAllow = "10.0.1. 127.0.0.1 localhost";
forceGroup = "jallen-nas"; forceGroup = "jallen-nas";
forceUser = "nix-apps"; forceUser = "nix-apps";

13
systems/x86_64-linux/nuc-nixos/default.nix
View File

@@ -1,4 +1,7 @@
{ namespace, ... }: { lib, namespace, ... }:
let
net = lib.${namespace}.network;
in
{ {
imports = [ imports = [
./boot.nix ./boot.nix
@@ -31,12 +34,12 @@
}; };
network = { network = {
hostName = "nuc-nixos"; hostName = net.hosts.nuc.hostname;
ipv4 = { ipv4 = {
method = "manual"; method = "manual";
address = "10.0.1.4/24"; address = net.hosts.nuc.lan4;
gateway = "10.0.1.1"; gateway = net.hosts.nuc.gateway;
dns = "10.0.1.1"; dns = net.hosts.router.lan;
interface = "enp2s0"; interface = "enp2s0";
}; };
firewall = { firewall = {