From 0ce7ecf71d0e80b0f4fe61bf20b36ad105d585cb Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 29 Mar 2026 09:13:38 +0700 Subject: [PATCH] move some configs to options.nix --- lib/options.nix | 48 +++++++++++++++++++++++++++++++- modules/system/homelab/dash.nix | 17 +---------- modules/system/homelab/proxy.nix | 48 ++++++-------------------------- 3 files changed, 57 insertions(+), 56 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index 05563c4..8409c21 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -1,4 +1,7 @@ -{ +let + d = dest: { inherit dest; auth = false; }; + da = dest: { inherit dest; auth = true; }; +in { flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path username = "satr14"; @@ -25,6 +28,49 @@ data = "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data host = "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) }; + dash = [ + [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] + [ "Forgejo" "forgejo" "https://git.${domain}" "http://localhost:5080/" ] + [ "CodeServer" "coder" "https://code.proxy.${domain}" "http://localhost:8443/" ] + [ "AdGuardHome" "adguard" "https://dns.proxy.${domain}" "http://localhost:8088/" ] + [ "Traefik" "traefikproxy" "https://dynamic.proxy.${domain}/dashboard/" "" ] + [ "Immich" "immich" "https://gallery.proxy.${domain}" "http://localhost:2283/" ] + [ "Jellyfin" "jellyfin" "https://media.proxy.${domain}" "http://localhost:8096/" ] + [ "VaultWarden" "vaultwarden" "https://pass.proxy.${domain}" "http://localhost:8060/" ] + [ "Ollama" "ollama" "https://ai.proxy.${domain}" "http://localhost:8080/" ] + [ "Ntfy" "ntfy" "https://notify.proxy.${domain}" "http://localhost:8067/" ] + [ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ] + [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] + ]; + proxy = { + base = "proxy.${domain}"; + hosts = { + "server" = d "https://server.dns.${domain}:8006"; + "router" = d "http://router.dns.${domain}:80"; + "home" = d "http://home.dns.${domain}:8123"; + + "containers" = da "http://localhost:5001"; + "code" = da "http://localhost:8443"; + "dns" = da "http://localhost:8088"; + + "gallery" = d "http://localhost:2283"; + "dynamic" = d "http://localhost:8082"; + "search" = d "http://localhost:8091"; + "notify" = d "http://localhost:8067"; + "media" = d "http://localhost:8096"; + "pass" = d "http://localhost:8060"; + "auth" = d "http://localhost:1411"; + "git" = d "http://localhost:5080"; + "ai" = d "http://localhost:8080"; + "@" = d "http://localhost:5070"; + }; + redirects = { + "www" = "https://${proxy.base}"; + "dash" = "https://${proxy.base}"; + "immich" = "https://gallery.${proxy.base}"; + "2fa" = "https://2fa.${domain}"; + }; + }; records = [ [ "server.dns.${domain}" "10.3.14.69" ] [ "router.dns.${domain}" "10.3.14.1" ] diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index c3f3fba..7839729 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -56,7 +56,6 @@ [ "Hypervisor" "https://10.3.14.69:8006/" ] [ "Router" "http://10.3.14.1:80/" ] [ "DNS" "http://localhost:8088/" ] - [ "CDN" "http://nas.local:3000/" ] [ "Proxy" "https://proxy.${homelab.domain}/" ] ]; external = [ @@ -66,20 +65,6 @@ [ "OpenMediaVault" "openmediavault" "https://nas.local:80" "http://nas.local:80/" ] [ "ApacheHTTPD" "apache" "https://nas.local:3000" "http://nas.local:3000/" ] ]; - services = [ - [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ] - [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ] - [ "CodeServer" "coder" "https://code.proxy.${homelab.domain}" "http://localhost:8443/" ] - [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] - [ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "" ] - [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] - [ "Jellyfin" "jellyfin" "https://media.proxy.${homelab.domain}" "http://localhost:8096/" ] - [ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ] - [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] - [ "Ntfy" "ntfy" "https://notify.proxy.${homelab.domain}" "http://localhost:8067/" ] - [ "SearXNG" "searxng" "https://search.proxy.${homelab.domain}" "http://localhost:8091/" ] - [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] - ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] [ "Cloudflare" "cloudflare" "https://dash.cloudflare.com/" ] @@ -302,7 +287,7 @@ in { icon = "si:${builtins.elemAt e 1}"; url = builtins.elemAt e 2; check-url = builtins.elemAt e 3; - }) services; + }) homelab.dash; } { type = "docker-containers"; diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 7afecfa..4977a68 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,34 +1,4 @@ { pkgs, homelab, lib, ... }: let - d = dest: { inherit dest; auth = false; }; - da = dest: { inherit dest; auth = true; }; - - base = "proxy.${homelab.domain}"; - hosts = { - "server" = d "https://server.dns.${homelab.domain}:8006"; - "router" = d "http://router.dns.${homelab.domain}:80"; - "home" = d "http://home.dns.${homelab.domain}:8123"; - - "containers" = da "http://localhost:5001"; - "code" = da "http://localhost:8443"; - "dns" = da "http://localhost:8088"; - - "gallery" = d "http://localhost:2283"; - "dynamic" = d "http://localhost:8082"; - "search" = d "http://localhost:8091"; - "notify" = d "http://localhost:8067"; - "media" = d "http://localhost:8096"; - "pass" = d "http://localhost:8060"; - "auth" = d "http://localhost:1411"; - "git" = d "http://localhost:5080"; - "ai" = d "http://localhost:8080"; - "@" = d "http://localhost:5070"; - }; - redirects = { - "www" = "https://proxy.${homelab.domain}"; - "dash" = "https://proxy.${homelab.domain}"; - "immich" = "https://gallery.proxy.${homelab.domain}"; - "2fa" = "https://2fa.${homelab.domain}"; - }; exta-conf = '' # proxy_set_header X-Auth-User $remote_user; proxy_read_timeout 600s; @@ -47,9 +17,9 @@ in { security.acme = { acceptTerms = true; defaults.email = "admin@${homelab.domain}"; - certs."${base}" = { - domain = "*.${base}"; - extraDomainNames = [ base ]; + certs."${homelab.proxy.base}" = { + domain = "*.${homelab.proxy.base}"; + extraDomainNames = [ homelab.proxy.base ]; dnsProvider = "cloudflare"; environmentFile = "/mnt/data/acme/.env"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX @@ -68,7 +38,7 @@ in { "_" = { default = true; forceSSL = true; - useACMEHost = base; + useACMEHost = homelab.proxy.base; # locations."/".return = "404"; locations."/" = { proxyPass = "http://127.0.0.1:81"; # traefik for docker container dynamic proxy @@ -76,12 +46,12 @@ in { extraConfig = exta-conf; }; }; - } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${base}" { - useACMEHost = base; + } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${homelab.proxy.base}" { + useACMEHost = homelab.proxy.base; forceSSL = true; locations."/".return = "301 ${cfg}"; - }) redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") { - useACMEHost = base; + }) homelab.proxy.redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then homelab.proxy.base else "${subdomain}.${homelab.proxy.base}") { + useACMEHost = homelab.proxy.base; forceSSL = true; extraConfig = '' access_log /var/log/nginx/${subdomain}.access.log; @@ -93,7 +63,7 @@ in { basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; extraConfig = exta-conf; }; - }) hosts; + }) homelab.proxy.hosts; }; traefik = { enable = true;