From 77e83981d749e0ad96807b3d0c154ac7799e7cf2 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 3 Mar 2026 17:40:06 +0700 Subject: [PATCH 1/4] add ollama and safe mode --- modules/system/homelab/ai.nix | 18 +++++++++++++- modules/system/homelab/dash.nix | 42 ++++++++++++++------------------ modules/system/homelab/proxy.nix | 5 +++- modules/system/server.nix | 6 +++-- 4 files changed, 43 insertions(+), 28 deletions(-) diff --git a/modules/system/homelab/ai.nix b/modules/system/homelab/ai.nix index 49afe3d..dc6b291 100644 --- a/modules/system/homelab/ai.nix +++ b/modules/system/homelab/ai.nix @@ -1,3 +1,19 @@ { ... }: { - + services = { + ollama = { + enable = true; + host = "127.0.0.1"; + port = 11434; + # loadModels = [ "gemma3n:e4b" "gemma3n:e2b" ]; + }; + open-webui = { + enable = true; + port = 8080; + environment = { + OLLAMA_BASE_URL = "http://localhost:11434"; + WEBUI_AUTH = "False"; + + }; + }; + }; } \ No newline at end of file diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 672ad60..7147de9 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -58,6 +58,7 @@ [ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ] [ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ] [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] + [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] @@ -187,6 +188,22 @@ in { name = "Dashboard"; show-mobile-header = true; columns = [ + { + type = "bookmarks"; + groups = [{ + links = map (e: { + same-tab = true; + title = builtins.elemAt e 0; + icon = "si:${builtins.elemAt e 1}"; + url = builtins.elemAt e 2; + }) bookmarks; + }]; + } + { + type = "to-do"; + id = "tasks"; + hide-header = true; + } { size = "small"; widgets = [ @@ -217,9 +234,7 @@ in { widgets = [ { type = "server-stats"; - servers = [{ - type = "local"; - }]; + servers = [{ type = "local"; }]; } { type = "monitor"; @@ -235,27 +250,6 @@ in { } ]; } - { - size = "small"; - widgets = [ - { - type = "bookmarks"; - groups = [{ - links = map (e: { - same-tab = true; - title = builtins.elemAt e 0; - icon = "si:${builtins.elemAt e 1}"; - url = builtins.elemAt e 2; - }) bookmarks; - }]; - } - { - type = "to-do"; - id = "tasks"; - hide-header = true; - } - ]; - } ]; } ]; diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 162f293..095f535 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,9 +1,11 @@ { homelab, lib, ... }: let base = "proxy.${homelab.domain}"; proxy-mappings = { + "dns" = { dest = "http://localhost:8088"; auth = true; }; + "ai" = { dest = "http://localhost:8080"; auth = true; }; + "containers" = { dest = "http://localhost:5001"; auth = false; }; "auth" = { dest = "http://localhost:1411"; auth = false; }; - "dns" = { dest = "http://localhost:8088"; auth = true; }; "cdn" = { dest = "http://localhost:3000"; auth = false; }; "git" = { dest = "http://localhost:5080"; auth = false; }; "@" = { dest = "http://localhost:5070"; auth = false; }; @@ -45,6 +47,7 @@ in { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Auth-User $remote_user; ''; }; }) proxy-mappings; diff --git a/modules/system/server.nix b/modules/system/server.nix index 4f9b21f..1015f84 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -1,5 +1,5 @@ -{ lib, ... }: { - imports = [ +{ config, lib, ... }: { + imports = lib.mkIf (config.specialisation != {}) [ ./homelab/containers.nix ./homelab/gallery.nix ./homelab/media.nix @@ -13,6 +13,8 @@ ./base.nix ]; + specialisation.safe-mode.configuration = {}; + virtualisation = { oci-containers.backend = "docker"; docker = { From 3ee42ca4f3277f7e4f8092500c6d912b85ec08b5 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 3 Mar 2026 11:03:49 +0700 Subject: [PATCH 2/4] add immich --- modules/system/homelab/gallery.nix | 18 +++++++++++++++++- modules/system/homelab/proxy.nix | 6 +++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/gallery.nix b/modules/system/homelab/gallery.nix index 49afe3d..968e397 100644 --- a/modules/system/homelab/gallery.nix +++ b/modules/system/homelab/gallery.nix @@ -1,3 +1,19 @@ { ... }: { - + users.users.immich.extraGroups = [ "video" "render" ]; + + services = { + immich = { + enable = true; + port = 2283; + host = "127.0.0.1"; + mediaLocation = "/var/lib/immich"; + accelerationDevices = null; + machine-learning.enable = true; + }; + immich-public-proxy = { + enable = true; + port = 2284; + immichUrl = "http://localhost:2283"; + }; + }; } \ No newline at end of file diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 095f535..ad9c200 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -44,10 +44,14 @@ in { proxyWebsockets = true; basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; extraConfig = '' + proxy_set_header X-Auth-User $remote_user; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Auth-User $remote_user; + client_max_body_size 50000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; ''; }; }) proxy-mappings; From 6b82fc1bed5d5489863d668c2d68cbfd347fb714 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 3 Mar 2026 14:25:13 +0700 Subject: [PATCH 3/4] arr stack in wip --- modules/system/homelab/dns.nix | 4 +-- modules/system/homelab/media.nix | 45 ++++++++++++++++++++++++++++++-- modules/system/homelab/proxy.nix | 7 +++++ modules/system/server.nix | 8 +++--- 4 files changed, 56 insertions(+), 8 deletions(-) diff --git a/modules/system/homelab/dns.nix b/modules/system/homelab/dns.nix index a004b47..907645e 100644 --- a/modules/system/homelab/dns.nix +++ b/modules/system/homelab/dns.nix @@ -9,8 +9,8 @@ [ "proxy.${homelab.domain}" "main.dns.${homelab.domain}" ] [ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ] - [ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ] - [ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ] + # [ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ] + # [ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ] ]; blacklist = [ "https://adaway.org/hosts.txt" diff --git a/modules/system/homelab/media.nix b/modules/system/homelab/media.nix index 49afe3d..949e6cd 100644 --- a/modules/system/homelab/media.nix +++ b/modules/system/homelab/media.nix @@ -1,3 +1,44 @@ -{ ... }: { - +{ pkgs, ... }: { + # WIP: declaratively integrate media services into homelab configuration + environment.systemPackages = with pkgs; [ + jellyfin jellyfin-web jellyfin-ffmpeg + ]; + services = { + jellyfin = { + enable = true; + hardwareAcceleration.enable = true; + }; + jellyseerr = { + enable = true; + port = 5055; + }; + radarr = { + enable = true; + settings = { + server = { + port = 7878; + bindaddress = "127.0.0.1"; + }; + }; + }; + sonarr = { + enable = true; + server = { + port = 8989; + bindaddress = "127.0.0.1"; + }; + }; + qbittorrent = { + enable = true; + webuiPort = 8020; + }; + jackett = { + enable = true; + port = 9117; + }; + flaresolverr = { + enable = true; + port = 8191; + }; + }; } \ No newline at end of file diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index ad9c200..bf0b1ba 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -4,6 +4,13 @@ "dns" = { dest = "http://localhost:8088"; auth = true; }; "ai" = { dest = "http://localhost:8080"; auth = true; }; + # "jsr" = { dest = "http://localhost:5055"; auth = false; }; + # "rdr" = { dest = "http://localhost:5055"; auth = false; }; + # "snr" = { dest = "http://localhost:5055"; auth = false; }; + # "qbt" = { dest = "http://localhost:8020"; auth = false; }; + # "jkt" = { dest = "http://localhost:9117"; auth = false; }; + # "media" = { dest = "http://localhost:8096"; auth = false; }; + "containers" = { dest = "http://localhost:5001"; auth = false; }; "auth" = { dest = "http://localhost:1411"; auth = false; }; "cdn" = { dest = "http://localhost:3000"; auth = false; }; diff --git a/modules/system/server.nix b/modules/system/server.nix index 1015f84..6b00a03 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -2,7 +2,7 @@ imports = lib.mkIf (config.specialisation != {}) [ ./homelab/containers.nix ./homelab/gallery.nix - ./homelab/media.nix + # ./homelab/media.nix # wip ./homelab/share.nix ./homelab/proxy.nix ./homelab/auth.nix @@ -12,9 +12,9 @@ ./homelab/ai.nix ./base.nix ]; - + specialisation.safe-mode.configuration = {}; - + virtualisation = { oci-containers.backend = "docker"; docker = { @@ -28,4 +28,4 @@ networkmanager.dns = "none"; nameservers = lib.mkForce [ "127.0.0.1" ]; }; -} \ No newline at end of file +} From 5f5668de5f09a173be6535d261f5f25dc8bd8608 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 3 Mar 2026 14:46:11 +0700 Subject: [PATCH 4/4] add guacamole --- modules/system/homelab/dash.nix | 2 ++ modules/system/homelab/proxy.nix | 2 ++ modules/system/homelab/remote.nix | 19 +++++++++++++++++++ modules/system/server.nix | 1 + 4 files changed, 24 insertions(+) create mode 100644 modules/system/homelab/remote.nix diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 7147de9..9ab9e48 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -59,6 +59,8 @@ [ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ] [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] + [ "Guacamole" "guacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/" ] + [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index bf0b1ba..cd72bbb 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -12,6 +12,8 @@ # "media" = { dest = "http://localhost:8096"; auth = false; }; "containers" = { dest = "http://localhost:5001"; auth = false; }; + "gallery" = { dest = "http://localhost:2283"; auth = false; }; + "remote" = { dest = "http://localhost:8085"; auth = false; }; "auth" = { dest = "http://localhost:1411"; auth = false; }; "cdn" = { dest = "http://localhost:3000"; auth = false; }; "git" = { dest = "http://localhost:5080"; auth = false; }; diff --git a/modules/system/homelab/remote.nix b/modules/system/homelab/remote.nix new file mode 100644 index 0000000..dff61a1 --- /dev/null +++ b/modules/system/homelab/remote.nix @@ -0,0 +1,19 @@ +{ ... }: { + services = { + guacamole-server = { + enable = true; + host = "127.0.0.1"; + port = 4822; + }; + guacamole-client = { + enable = true; + host = "127.0.0.1"; + port = 8085; + enableWebserver = true; + settings = { + guacd-hostname = "127.0.0.1"; + guacd-port = 4822; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/system/server.nix b/modules/system/server.nix index 6b00a03..51aa927 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -2,6 +2,7 @@ imports = lib.mkIf (config.specialisation != {}) [ ./homelab/containers.nix ./homelab/gallery.nix + ./homelab/remote.nix # ./homelab/media.nix # wip ./homelab/share.nix ./homelab/proxy.nix