satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move some configs to options.nix
All checks were successful
Activate Homelab Configuration / rebuild (push) Successful in 38s
Details

Browse source
This commit is contained in:
Satria 2026-03-29 09:13:38 +07:00
commit 0ce7ecf71d
3 changed files with 57 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

48
lib/options.nix
View file

@ -1,4 +1,7 @@
{
let
d = dest: { inherit dest; auth = false; };
da = dest: { inherit dest; auth = true; };
in {
flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path
username = "satr14";
@ -25,6 +28,49 @@
data = "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data
host = "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility)
};
dash = [
[ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ]
[ "Forgejo" "forgejo" "https://git.${domain}" "http://localhost:5080/" ]
[ "CodeServer" "coder" "https://code.proxy.${domain}" "http://localhost:8443/" ]
[ "AdGuardHome" "adguard" "https://dns.proxy.${domain}" "http://localhost:8088/" ]
[ "Traefik" "traefikproxy" "https://dynamic.proxy.${domain}/dashboard/" "" ]
[ "Immich" "immich" "https://gallery.proxy.${domain}" "http://localhost:2283/" ]
[ "Jellyfin" "jellyfin" "https://media.proxy.${domain}" "http://localhost:8096/" ]
[ "VaultWarden" "vaultwarden" "https://pass.proxy.${domain}" "http://localhost:8060/" ]
[ "Ollama" "ollama" "https://ai.proxy.${domain}" "http://localhost:8080/" ]
[ "Ntfy" "ntfy" "https://notify.proxy.${domain}" "http://localhost:8067/" ]
[ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ]
[ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ]
];
proxy = {
base = "proxy.${domain}";
hosts = {
"server" = d "https://server.dns.${domain}:8006";
"router" = d "http://router.dns.${domain}:80";
"home" = d "http://home.dns.${domain}:8123";
"containers" = da "http://localhost:5001";
"code" = da "http://localhost:8443";
"dns" = da "http://localhost:8088";
"gallery" = d "http://localhost:2283";
"dynamic" = d "http://localhost:8082";
"search" = d "http://localhost:8091";
"notify" = d "http://localhost:8067";
"media" = d "http://localhost:8096";
"pass" = d "http://localhost:8060";
"auth" = d "http://localhost:1411";
"git" = d "http://localhost:5080";
"ai" = d "http://localhost:8080";
"@" = d "http://localhost:5070";
};
redirects = {
"www" = "https://${proxy.base}";
"dash" = "https://${proxy.base}";
"immich" = "https://gallery.${proxy.base}";
"2fa" = "https://2fa.${domain}";
};
};
records = [
[ "server.dns.${domain}" "10.3.14.69" ]
[ "router.dns.${domain}" "10.3.14.1" ]

17
modules/system/homelab/dash.nix
View file

@ -56,7 +56,6 @@
[ "Hypervisor" "https://10.3.14.69:8006/" ]
[ "Router" "http://10.3.14.1:80/" ]
[ "DNS" "http://localhost:8088/" ]
[ "CDN" "http://nas.local:3000/" ]
[ "Proxy" "https://proxy.${homelab.domain}/" ]
];
external = [
@ -66,20 +65,6 @@
[ "OpenMediaVault" "openmediavault" "https://nas.local:80" "http://nas.local:80/" ]
[ "ApacheHTTPD" "apache" "https://nas.local:3000" "http://nas.local:3000/" ]
];
services = [
[ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ]
[ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ]
[ "CodeServer" "coder" "https://code.proxy.${homelab.domain}" "http://localhost:8443/" ]
[ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ]
[ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "" ]
[ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ]
[ "Jellyfin" "jellyfin" "https://media.proxy.${homelab.domain}" "http://localhost:8096/" ]
[ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ]
[ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ]
[ "Ntfy" "ntfy" "https://notify.proxy.${homelab.domain}" "http://localhost:8067/" ]
[ "SearXNG" "searxng" "https://search.proxy.${homelab.domain}" "http://localhost:8091/" ]
[ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ]
];
bookmarks = [
[ "Tailscale" "tailscale" "https://login.tailscale.com/" ]
[ "Cloudflare" "cloudflare" "https://dash.cloudflare.com/" ]
@ -302,7 +287,7 @@ in {
icon = "si:${builtins.elemAt e 1}";
url = builtins.elemAt e 2;
check-url = builtins.elemAt e 3;
}) services;
}) homelab.dash;
}
{
type = "docker-containers";

48
modules/system/homelab/proxy.nix
View file

@ -1,34 +1,4 @@
{ pkgs, homelab, lib, ... }: let
d = dest: { inherit dest; auth = false; };
da = dest: { inherit dest; auth = true; };
base = "proxy.${homelab.domain}";
hosts = {
"server" = d "https://server.dns.${homelab.domain}:8006";
"router" = d "http://router.dns.${homelab.domain}:80";
"home" = d "http://home.dns.${homelab.domain}:8123";
"containers" = da "http://localhost:5001";
"code" = da "http://localhost:8443";
"dns" = da "http://localhost:8088";
"gallery" = d "http://localhost:2283";
"dynamic" = d "http://localhost:8082";
"search" = d "http://localhost:8091";
"notify" = d "http://localhost:8067";
"media" = d "http://localhost:8096";
"pass" = d "http://localhost:8060";
"auth" = d "http://localhost:1411";
"git" = d "http://localhost:5080";
"ai" = d "http://localhost:8080";
"@" = d "http://localhost:5070";
};
redirects = {
"www" = "https://proxy.${homelab.domain}";
"dash" = "https://proxy.${homelab.domain}";
"immich" = "https://gallery.proxy.${homelab.domain}";
"2fa" = "https://2fa.${homelab.domain}";
};
exta-conf = ''
# proxy_set_header X-Auth-User $remote_user;
proxy_read_timeout 600s;
@ -47,9 +17,9 @@ in {
security.acme = {
acceptTerms = true;
defaults.email = "admin@${homelab.domain}";
certs."${base}" = {
domain = "*.${base}";
extraDomainNames = [ base ];
certs."${homelab.proxy.base}" = {
domain = "*.${homelab.proxy.base}";
extraDomainNames = [ homelab.proxy.base ];
dnsProvider = "cloudflare";
environmentFile = "/mnt/data/acme/.env";
# ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX
@ -68,7 +38,7 @@ in {
"_" = {
default = true;
forceSSL = true;
useACMEHost = base;
useACMEHost = homelab.proxy.base;
# locations."/".return = "404";
locations."/" = {
proxyPass = "http://127.0.0.1:81"; # traefik for docker container dynamic proxy
@ -76,12 +46,12 @@ in {
extraConfig = exta-conf;
};
};
} // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${base}" {
useACMEHost = base;
} // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${homelab.proxy.base}" {
useACMEHost = homelab.proxy.base;
forceSSL = true;
locations."/".return = "301 ${cfg}";
}) redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") {
useACMEHost = base;
}) homelab.proxy.redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then homelab.proxy.base else "${subdomain}.${homelab.proxy.base}") {
useACMEHost = homelab.proxy.base;
forceSSL = true;
extraConfig = ''
access_log /var/log/nginx/${subdomain}.access.log;
@ -93,7 +63,7 @@ in {
basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null;
extraConfig = exta-conf;
};
}) hosts;
}) homelab.proxy.hosts;
};
traefik = {
enable = true;