mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fmt

Browse Source
This commit is contained in:
mjallen18
2026-02-04 20:40:34 -06:00
parent 4d4808490b
commit a9c1d71495
14 changed files with 84 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/nixos/homeassistant/services/homeassistant/default.nix
View File

@@ -286,8 +286,10 @@ in
++ (with pkgs.${namespace}; [
gehomesdk
magicattr
pyoverseerr
python-nanokvm
python-roborock
wyzeapy
]);
config = {

2
modules/nixos/services/caddy/default.nix
View File

@@ -85,7 +85,7 @@ let
services.caddy = {
enable = true;
package = caddyPackage;
environmentFile = config.sops.templates."caddy.env".path;
environmentFile = config.sops.templates."caddy.env".path;
email = "jalle008@proton.me";
enableReload = false;
dataDir = "${cfg.configDir}/caddy";

108
modules/nixos/services/traefik/default.nix
View File

@@ -8,46 +8,6 @@ with lib;
let
cfg = config.${namespace}.services.traefik;
# Process extraServices into service configurations
extraServiceConfigs =
let
makeService =
service:
nameValuePair service.name {
loadBalancer.servers = [
{
url = service.url;
}
];
};
in
listToAttrs (map makeService cfg.extraServices);
# Process extraRouters into router configurations
extraRouterConfigs =
let
makeRouter =
router:
let
hostRule =
if router.subdomain == "" then
"Host(`${domain}`)"
else
"Host(`${router.subdomain}.${domain}`)";
in
nameValuePair router.subdomain {
entryPoints = router.entryPoints;
rule = hostRule;
service = router.service;
middlewares = router.middlewares ++ [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
in
listToAttrs (map makeRouter cfg.extraRouters);
# Process reverseProxies into service and router configurations
reverseProxyServiceConfigs =
let
@@ -69,7 +29,6 @@ let
cacheUrl = "http://${serverIp}:9012";
hassUrl = "http://10.0.1.4:8123";
lubeloggerUrl = "http://${serverIp}:6754";
# Plugins
traefikPlugins = {
@@ -230,9 +189,11 @@ in
};
};
api.dashboard = true;
# Access the Traefik dashboard on <Traefik IP>:8080 of your server
api.insecure = true;
# Access the Traefik dashboard on <Traefik IP>:8080
api = {
dashboard = true;
insecure = true;
};
experimental = {
plugins = traefikPlugins;
@@ -240,22 +201,6 @@ in
};
dynamicConfigOptions = {
# udp = {
# services = {
# wireguard.loadBalancer.servers = [
# {
# url = "localhost:51820";
# }
# ];
# };
# routers = {
# wireguard = {
# entryPoints = [ "websecure" ];
# service = "wireguard";
# };
# };
# };
http = {
middlewares = {
authentik = {
@@ -323,43 +268,6 @@ in
];
};
};
collabora-headers = {
headers = {
customRequestHeaders = {
Upgrade = "websocket";
Connection = "Upgrade";
X-Forwarded-Proto = "https";
X-Forwarded-Host = "office.mjallen.dev";
};
customResponseHeaders = {
X-Frame-Options = "";
Content-Security-Policy = "frame-ancestors https://cloud.mjallen.dev";
};
referrerPolicy = "no-referrer";
stsSeconds = "15552000";
stsPreload = "true";
stsIncludeSubdomains = "true";
forceSTSHeader = "true";
browserXssFilter = "true";
};
};
onlyoffice-headers = {
headers = {
customResponseHeaders = {
X-Robots-Tag = "none";
Strict-Transport-Security = "max-age=63072000";
X-Forwarded-Proto = "https";
};
browserXssFilter = "true";
contentTypeNosniff = "true";
stsIncludeSubdomains = "true";
stsPreload = "true";
stsSeconds = "31536000";
forceSTSHeader = "true";
accessControlMaxAge = "15552000";
accesscontrolalloworiginlist = "*";
};
};
};
services = {
@@ -381,7 +289,6 @@ in
}
];
}
// extraServiceConfigs
// reverseProxyServiceConfigs;
routers = {
@@ -405,7 +312,7 @@ in
priority = 10;
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
@@ -413,13 +320,12 @@ in
middlewares = [
"crowdsec"
"whitelist-geoblock"
"authentik"
# "authentik"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
}
// extraRouterConfigs
// reverseProxyRouterConfigs;
};
};