satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: satr14:1bf4f8e96e6039cd5bba6ee5d931364e26bc488a
Branches Tags
satr14:main
satr14:mc-backup
satr14:sops-implementation
..
compare: satr14:5f5668de5f09a173be6535d261f5f25dc8bd8608
Branches Tags
satr14:main
satr14:mc-backup
satr14:sops-implementation

4 commits
1bf4f8e96e ... 5f5668de5f

Author SHA1 Message Date
Satria
5f5668de5f add guacamole 2026-03-03 14:46:11 +07:00
Satria
6b82fc1bed arr stack in wip 2026-03-03 14:25:13 +07:00
Satria
3ee42ca4f3 add immich 2026-03-03 11:03:49 +07:00
Satria
77e83981d7 add ollama and safe mode 2026-03-03 17:40:06 +07:00
8 changed files with 143 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/system/homelab/ai.nix
View file

@ -1,3 +1,19 @@
{ ... }: { { ... }: {
services = {
ollama = {
enable = true;
host = "127.0.0.1";
port = 11434;
# loadModels = [ "gemma3n:e4b" "gemma3n:e2b" ];
};
open-webui = {
enable = true;
port = 8080;
environment = {
OLLAMA_BASE_URL = "http://localhost:11434";
WEBUI_AUTH = "False";
};
};
};
} }

44
modules/system/homelab/dash.nix
View file

@ -58,6 +58,9 @@
[ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ] [ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ]
[ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ] [ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ]
[ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ]
[ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ]
[ "Guacamole" "guacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/" ]
[ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ]
]; ];
bookmarks = [ bookmarks = [
[ "Tailscale" "tailscale" "https://login.tailscale.com/" ] [ "Tailscale" "tailscale" "https://login.tailscale.com/" ]
@ -187,6 +190,22 @@ in {
name = "Dashboard"; name = "Dashboard";
show-mobile-header = true; show-mobile-header = true;
columns = [ columns = [
{
type = "bookmarks";
groups = [{
links = map (e: {
same-tab = true;
title = builtins.elemAt e 0;
icon = "si:${builtins.elemAt e 1}";
url = builtins.elemAt e 2;
}) bookmarks;
}];
}
{
type = "to-do";
id = "tasks";
hide-header = true;
}
{ {
size = "small"; size = "small";
widgets = [ widgets = [
@ -217,9 +236,7 @@ in {
widgets = [ widgets = [
{ {
type = "server-stats"; type = "server-stats";
servers = [{ servers = [{ type = "local"; }];
type = "local";
}];
} }
{ {
type = "monitor"; type = "monitor";
@ -235,27 +252,6 @@ in {
} }
]; ];
} }
{
size = "small";
widgets = [
{
type = "bookmarks";
groups = [{
links = map (e: {
same-tab = true;
title = builtins.elemAt e 0;
icon = "si:${builtins.elemAt e 1}";
url = builtins.elemAt e 2;
}) bookmarks;
}];
}
{
type = "to-do";
id = "tasks";
hide-header = true;
}
];
}
]; ];
} }
]; ];

4
modules/system/homelab/dns.nix
View file

@ -9,8 +9,8 @@
[ "proxy.${homelab.domain}" "main.dns.${homelab.domain}" ] [ "proxy.${homelab.domain}" "main.dns.${homelab.domain}" ]
[ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ] [ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ]
[ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ] # [ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ]
[ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ] # [ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ]
]; ];
blacklist = [ blacklist = [
"https://adaway.org/hosts.txt" "https://adaway.org/hosts.txt"

16
modules/system/homelab/gallery.nix
View file

@ -1,3 +1,19 @@
{ ... }: { { ... }: {
users.users.immich.extraGroups = [ "video" "render" ];
services = {
immich = {
enable = true;
port = 2283;
host = "127.0.0.1";
mediaLocation = "/var/lib/immich";
accelerationDevices = null;
machine-learning.enable = true;
};
immich-public-proxy = {
enable = true;
port = 2284;
immichUrl = "http://localhost:2283";
};
};
} }

45
modules/system/homelab/media.nix
View file

@ -1,3 +1,44 @@
{ ... }: { { pkgs, ... }: {
# WIP: declaratively integrate media services into homelab configuration
environment.systemPackages = with pkgs; [
jellyfin jellyfin-web jellyfin-ffmpeg
];
services = {
jellyfin = {
enable = true;
hardwareAcceleration.enable = true;
};
jellyseerr = {
enable = true;
port = 5055;
};
radarr = {
enable = true;
settings = {
server = {
port = 7878;
bindaddress = "127.0.0.1";
};
};
};
sonarr = {
enable = true;
server = {
port = 8989;
bindaddress = "127.0.0.1";
};
};
qbittorrent = {
enable = true;
webuiPort = 8020;
};
jackett = {
enable = true;
port = 9117;
};
flaresolverr = {
enable = true;
port = 8191;
};
};
} }

20
modules/system/homelab/proxy.nix
View file

@ -1,9 +1,20 @@
{ homelab, lib, ... }: let { homelab, lib, ... }: let
base = "proxy.${homelab.domain}"; base = "proxy.${homelab.domain}";
proxy-mappings = { proxy-mappings = {
"containers" = { dest = "http://localhost:5001"; auth = false; };
"auth" = { dest = "http://localhost:1411"; auth = false; };
"dns" = { dest = "http://localhost:8088"; auth = true; }; "dns" = { dest = "http://localhost:8088"; auth = true; };
"ai" = { dest = "http://localhost:8080"; auth = true; };
# "jsr" = { dest = "http://localhost:5055"; auth = false; };
# "rdr" = { dest = "http://localhost:5055"; auth = false; };
# "snr" = { dest = "http://localhost:5055"; auth = false; };
# "qbt" = { dest = "http://localhost:8020"; auth = false; };
# "jkt" = { dest = "http://localhost:9117"; auth = false; };
# "media" = { dest = "http://localhost:8096"; auth = false; };
"containers" = { dest = "http://localhost:5001"; auth = false; };
"gallery" = { dest = "http://localhost:2283"; auth = false; };
"remote" = { dest = "http://localhost:8085"; auth = false; };
"auth" = { dest = "http://localhost:1411"; auth = false; };
"cdn" = { dest = "http://localhost:3000"; auth = false; }; "cdn" = { dest = "http://localhost:3000"; auth = false; };
"git" = { dest = "http://localhost:5080"; auth = false; }; "git" = { dest = "http://localhost:5080"; auth = false; };
"@" = { dest = "http://localhost:5070"; auth = false; }; "@" = { dest = "http://localhost:5070"; auth = false; };
@ -42,9 +53,14 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null;
extraConfig = '' extraConfig = ''
proxy_set_header X-Auth-User $remote_user;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
''; '';
}; };
}) proxy-mappings; }) proxy-mappings;

19
modules/system/homelab/remote.nix Normal file
View file

@ -0,0 +1,19 @@
{ ... }: {
services = {
guacamole-server = {
enable = true;
host = "127.0.0.1";
port = 4822;
};
guacamole-client = {
enable = true;
host = "127.0.0.1";
port = 8085;
enableWebserver = true;
settings = {
guacd-hostname = "127.0.0.1";
guacd-port = 4822;
};
};
};
}

9
modules/system/server.nix
View file

@ -1,8 +1,9 @@
{ lib, ... }: { { config, lib, ... }: {
imports = [ imports = lib.mkIf (config.specialisation != {}) [
./homelab/containers.nix ./homelab/containers.nix
./homelab/gallery.nix ./homelab/gallery.nix
./homelab/media.nix ./homelab/remote.nix
# ./homelab/media.nix # wip
./homelab/share.nix ./homelab/share.nix
./homelab/proxy.nix ./homelab/proxy.nix
./homelab/auth.nix ./homelab/auth.nix
@ -13,6 +14,8 @@
./base.nix ./base.nix
]; ];
specialisation.safe-mode.configuration = {};
virtualisation = { virtualisation = {
oci-containers.backend = "docker"; oci-containers.backend = "docker";
docker = { docker = {