satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: satr14:4050b28ee3d79287a7331da510a350a837eb02b0
Branches Tags
satr14:main
satr14:mc-backup
satr14:sops-implementation
...
compare: satr14:41b53dca9fddf2201e1a516f1658127ae317013b
Branches Tags
satr14:main
satr14:mc-backup
satr14:sops-implementation

18 commits
4050b28ee3 ... 41b53dca9f

Author SHA1 Message Date
satr14
41b53dca9f remove unused links
All checks were successful
Activate Homelab Configuration / rebuild (push) Successful in 1m7s
Details
2026-04-17 09:05:31 +07:00
satr14
50e0af48e6 add cdn import 2026-04-16 22:14:56 +07:00
satr14
eb090161b8 move config files to drive 2026-04-16 21:51:10 +07:00
satr14
c36733605b change key location 2026-04-16 21:46:37 +07:00
satr14
db140f4899 dashboard changes 2026-04-16 21:44:54 +07:00
satr14
99c5fade9b revert because of error 2026-04-16 21:37:26 +07:00
satr14
a1cd117219 fix user 2026-04-16 19:59:46 +07:00
satr14
a6020b2dbe enable service 2026-04-16 19:57:10 +07:00
satr14
65aa2759d0 cleanup 2026-04-16 19:57:02 +07:00
satr14
a6c8935bf2 move data to data drive 2026-04-16 19:48:28 +07:00
satr14
e4d1fdc40d copyparty service 2026-04-16 19:48:06 +07:00
satr14
2f37165d19 self signed certs 2026-04-16 13:53:28 +07:00
satr14
ba1064ed43 cleanup and add https 2026-04-16 13:05:18 +07:00
satr14
8e320469ff fix path err 2026-04-15 21:36:01 +07:00
satr14
a9326bf394 fix cf tunnel dns issue 2026-04-15 21:33:48 +07:00
satr14
ec196f085e dns overwrite 2026-04-15 20:45:52 +07:00
satr14
ffb5b1c546 move from dotfile 2026-04-15 20:42:02 +07:00
satr14
e187cecb79 change disks paths 2026-04-15 20:05:36 +07:00
16 changed files with 56 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

15
lib/options.nix
View file

@ -4,6 +4,8 @@ let
ext4 = path: { inherit path; type = "ext4"; }; ext4 = path: { inherit path; type = "ext4"; };
btrfs = path: { inherit path; type = "btrfs"; }; btrfs = path: { inherit path; type = "btrfs"; };
selfSigned = service: { inherit service; originRequest.noTLSVerify = true; };
in { in {
flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path
@ -21,20 +23,19 @@ in {
homelab = rec { homelab = rec {
domain = "satr14.my.id"; # root domain for dns, ssl certs, reverse proxy, etc. domain = "satr14.my.id"; # root domain for dns, ssl certs, reverse proxy, etc.
cf-tunnel-id = "26318288-cdd7-4e58-904b-c45f10d3e40a";
ssh-keys = [ ssh-keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESvQFXoUBafatqnxTd6qk3WEOcfwb3AIWVTstR3lHzX forgejo" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESvQFXoUBafatqnxTd6qk3WEOcfwb3AIWVTstR3lHzX forgejo"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner"
]; ];
disks = { disks = {
gallery = ext4 "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery # gallery = ext4 "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery
data = ext4 "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data # data = ext4 "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data
host = ext4 "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) # host = ext4 "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility)
# ^^ virtual disks # ^^ virtual disks
apps = ext4 "/dev/disk/by-uuid/aa453135-4b7a-4b12-8efc-f3dda093d2b7"; # app data
# achive = ext4 "/dev/disk/by-uuid/"; # long term archival # achive = ext4 "/dev/disk/by-uuid/"; # long term archival
share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # file share data = ext4 "/dev/disk/by-uuid/aa453135-4b7a-4b12-8efc-f3dda093d2b7"; # app data
share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # file server
}; };
dash = [ dash = [
[ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ]
@ -53,8 +54,8 @@ in {
[ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ]
]; ];
routes = { routes = {
"cdn.${domain}" = selfSigned "https://localhost:3923";
"git.${domain}" = "http://localhost:5080"; "git.${domain}" = "http://localhost:5080";
"cdn.${domain}" = "http://localhost:3923";
"docs.${domain}" = "http://localhost:7090"; "docs.${domain}" = "http://localhost:7090";
"auth.${domain}" = "http://localhost:1411"; "auth.${domain}" = "http://localhost:1411";
"dash.${domain}" = "http://localhost:5070"; "dash.${domain}" = "http://localhost:5070";

4
modules/system/homelab/ai.nix
View file

@ -5,7 +5,7 @@
host = "127.0.0.1"; host = "127.0.0.1";
port = 11434; port = 11434;
user = "ollama"; user = "ollama";
home = "/mnt/data/ollama"; home = "/mnt/data/apps/ollama";
loadModels = [ loadModels = [
"gemma3n:e4b" # "gemma3n:e2b" "gemma3n:e4b" # "gemma3n:e2b"
"qwen3-coder-next:cloud" # "codellama:7b" "starcoder:3b" "qwen3-coder-next:cloud" # "codellama:7b" "starcoder:3b"
@ -14,7 +14,7 @@
open-webui = { open-webui = {
enable = true; enable = true;
port = 8080; port = 8080;
environmentFile = "/mnt/data/ollama/.env"; environmentFile = "/mnt/data/apps/ollama/.env";
environment = { environment = {
OLLAMA_BASE_URL = "http://localhost:11434"; OLLAMA_BASE_URL = "http://localhost:11434";
# WEBUI_AUTH = "False"; # WEBUI_AUTH = "False";

4
modules/system/homelab/auth.nix
View file

@ -1,8 +1,8 @@
{ homelab, ... }: { { homelab, ... }: {
services.pocket-id = { services.pocket-id = {
enable = true; enable = true;
credentials.ENCRYPTION_KEY = "/mnt/data/pocketid/encryption-key"; credentials.ENCRYPTION_KEY = "/mnt/data/apps/pocketid/encryption-key";
dataDir = "/mnt/data/pocketid/data"; dataDir = "/mnt/data/apps/pocketid/data";
settings = { settings = {
PORT = "1411"; PORT = "1411";
HOST = "127.0.0.1"; HOST = "127.0.0.1";

11
modules/system/homelab/cdn.nix
View file

@ -1,5 +1,14 @@
{ pkgs, ... }: { { pkgs, ... }: {
environment.systemPackages = with pkgs; [ copyparty-most ]; environment.systemPackages = with pkgs; [ copyparty-most ];
# TODO: systemd service systemd.services.copyparty = {
description = "File Sharing Service";
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.copyparty-most}/bin/copyparty -c /mnt/share/cfg/files.conf";
Restart = "on-failure";
};
};
} }

7
modules/system/homelab/code.nix
View file

@ -1,4 +1,4 @@
{ pkgs, username, ... }: { { username, ... }: {
services.code-server = { services.code-server = {
enable = true; enable = true;
host = "127.0.0.1"; host = "127.0.0.1";
@ -6,8 +6,7 @@
user = username; user = username;
auth = "none"; auth = "none";
disableTelemetry = true; disableTelemetry = true;
extensionsDir = "/mnt/data/code-server/extensions"; extensionsDir = "/mnt/data/apps/code-server/extensions";
userDataDir = "/mnt/data/code-server/user-data"; userDataDir = "/mnt/data/apps/code-server/user-data";
extraPackages = with pkgs; [];
}; };
} }

5
modules/system/homelab/containers.nix
View file

@ -1,5 +1,6 @@
{ homelab, lib, ... }: let { homelab, lib, ... }: let
stacks-dir = "/mnt/data/dockge/stacks"; dockge-dir = "/mnt/data/apps/dockge";
stacks-dir = "${dockge-dir}/stacks";
in { in {
virtualisation.oci-containers.containers."dockge" = { virtualisation.oci-containers.containers."dockge" = {
image = "louislam/dockge:nightly"; image = "louislam/dockge:nightly";
@ -8,7 +9,7 @@ in {
}; };
volumes = [ volumes = [
"${stacks-dir}:${stacks-dir}:rw" "${stacks-dir}:${stacks-dir}:rw"
"/mnt/data/dockge/data:/app/data:rw" "${dockge-dir}/data:/app/data:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw" "/var/run/docker.sock:/var/run/docker.sock:rw"
]; ];
ports = [ ports = [

6
modules/system/homelab/dash.nix
View file

@ -61,9 +61,6 @@
external = [ external = [
[ "Proxmox" "proxmox" "https://server.proxy.${homelab.domain}" "http://server.dns.${homelab.domain}:8006/" ] [ "Proxmox" "proxmox" "https://server.proxy.${homelab.domain}" "http://server.dns.${homelab.domain}:8006/" ]
[ "OpenWRT" "openwrt" "https://router.proxy.${homelab.domain}" "http://router.dns.${homelab.domain}:80/" ] [ "OpenWRT" "openwrt" "https://router.proxy.${homelab.domain}" "http://router.dns.${homelab.domain}:80/" ]
[ "HomeAssistant" "homeassistant" "https://home.proxy.${homelab.domain}" "http://home.dns.${homelab.domain}:8123/" ]
[ "OpenMediaVault" "openmediavault" "https://nas.local:80" "http://nas.local:80/" ]
[ "ApacheHTTPD" "apache" "https://nas.local:3000" "http://nas.local:3000/" ]
]; ];
bookmarks = [ bookmarks = [
[ "Tailscale" "tailscale" "https://login.tailscale.com/" ] [ "Tailscale" "tailscale" "https://login.tailscale.com/" ]
@ -83,7 +80,6 @@ in {
}; };
services.glance = { services.glance = {
enable = true; enable = true;
environmentFile = "/var/lib/glance/.env";
settings = { settings = {
server = { server = {
host = "127.0.0.1"; host = "127.0.0.1";
@ -260,7 +256,7 @@ in {
type = "server-stats"; type = "server-stats";
servers = [{ servers = [{
type = "local"; type = "local";
mountpoints."/nix/store".hide = true; # mountpoints."/nix/store".hide = true;
}]; }];
} }
{ {

7
modules/system/homelab/db.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }: {
services.postgresql = {
enable = true;
dataDir = "/mnt/data/apps/postgresql";
package = pkgs.postgresql_16;
};
}

4
modules/system/homelab/gallery.nix
View file

@ -1,4 +1,4 @@
{ lib, homelab, ... }: { { lib, ... }: {
users.users.immich.extraGroups = [ "video" "render" ]; users.users.immich.extraGroups = [ "video" "render" ];
services = { services = {
@ -6,7 +6,7 @@
enable = true; enable = true;
port = 2283; port = 2283;
host = "127.0.0.1"; host = "127.0.0.1";
mediaLocation = "/mnt/gallery"; mediaLocation = "/mnt/data/gallery";
accelerationDevices = null; accelerationDevices = null;
environment.DB_URL = lib.mkForce "postgresql:///immich?host=/var/run/postgresql&user=immich"; # https://github.com/immich-app/immich/issues/26140 environment.DB_URL = lib.mkForce "postgresql:///immich?host=/var/run/postgresql&user=immich"; # https://github.com/immich-app/immich/issues/26140
machine-learning.enable = true; machine-learning.enable = true;

4
modules/system/homelab/git.nix
View file

@ -3,7 +3,7 @@
forgejo = { forgejo = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
stateDir = "/mnt/data/forgejo"; stateDir = "/mnt/data/apps/forgejo";
package = pkgs.forgejo; package = pkgs.forgejo;
settings = { settings = {
server = { server = {
@ -43,7 +43,7 @@
enable = true; enable = true;
name = "nixos-server-runner"; name = "nixos-server-runner";
url = "https://git.proxy.${homelab.domain}"; url = "https://git.proxy.${homelab.domain}";
tokenFile = "/root/forgejo-token-runner"; tokenFile = "/mnt/data/apps/forgejo/token-runner";
labels = [ "self-hosted:host" ]; labels = [ "self-hosted:host" ];
hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ];
}; };

3
modules/system/homelab/media.nix
View file

@ -5,6 +5,7 @@
services = { services = {
jellyfin = { jellyfin = {
enable = true; enable = true;
dataDir = "/mnt/data/apps/jellyfin";
hardwareAcceleration = { hardwareAcceleration = {
enable = true; enable = true;
device = "/dev/dri/renderD128"; device = "/dev/dri/renderD128";
@ -43,4 +44,4 @@
# port = 8191; # port = 8191;
# }; # };
}; };
} }

5
modules/system/homelab/pass.nix
View file

@ -2,9 +2,10 @@
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
domain = "pass.proxy.${homelab.domain}"; domain = "pass.proxy.${homelab.domain}";
backupDir = "/mnt/data/vaultwarden/backups"; backupDir = "/mnt/data/apps/vaultwarden/backups";
environmentFile = "/mnt/data/vaultwarden/.env"; environmentFile = "/mnt/data/apps/vaultwarden/.env";
config = { config = {
# DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; # [vaultwarden][ERROR] Error creating private key '/mnt/data/apps/vaultwarden/data/rsa_key.pem'
ROCKET_PORT = 8060; ROCKET_PORT = 8060;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_LOG = "critical"; ROCKET_LOG = "critical";

7
modules/system/homelab/proxy.nix
View file

@ -1,4 +1,5 @@
{ pkgs, homelab, lib, ... }: let { pkgs, homelab, lib, ... }: let
htpasswd = "/mnt/data/apps/nginx/htpasswd";
exta-conf = '' exta-conf = ''
# proxy_set_header X-Auth-User $remote_user; # proxy_set_header X-Auth-User $remote_user;
proxy_read_timeout 600s; proxy_read_timeout 600s;
@ -21,7 +22,7 @@ in {
domain = "*.${homelab.proxy.base}"; domain = "*.${homelab.proxy.base}";
extraDomainNames = [ homelab.proxy.base ]; extraDomainNames = [ homelab.proxy.base ];
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
environmentFile = "/mnt/data/acme/.env"; environmentFile = "/mnt/data/apps/acme/cf-api.env";
# ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX
}; };
}; };
@ -60,7 +61,7 @@ in {
locations."/" = { locations."/" = {
proxyPass = cfg.dest; proxyPass = cfg.dest;
proxyWebsockets = true; proxyWebsockets = true;
basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; basicAuthFile = if cfg.auth then htpasswd else null;
extraConfig = exta-conf; extraConfig = exta-conf;
}; };
}) homelab.proxy.hosts; }) homelab.proxy.hosts;
@ -68,7 +69,7 @@ in {
traefik = { traefik = {
enable = true; enable = true;
dynamicConfigOptions = { dynamicConfigOptions = {
http.middlewares.auth.basicAuth.usersFile = "/var/lib/nginx/.htpasswd"; http.middlewares.auth.basicAuth.usersFile = htpasswd;
}; };
staticConfigOptions = { staticConfigOptions = {
entryPoints = { entryPoints = {

2
modules/system/homelab/search.nix
View file

@ -2,7 +2,7 @@
services.searx = { services.searx = {
enable = true; enable = true;
redisCreateLocally = true; redisCreateLocally = true;
environmentFile = "/mnt/data/searxng/.env"; environmentFile = "/mnt/data/apps/searxng/.env";
settings = { settings = {
server = { server = {
bind_address = "127.0.0.1"; bind_address = "127.0.0.1";

6
modules/system/homelab/tunnels.nix
View file

@ -2,8 +2,8 @@
services.cloudflared = { services.cloudflared = {
enable = true; enable = true;
tunnels.homelab = { tunnels.homelab = {
credentialsFile = "/mnt/data/cloudflared/homelab.json"; credentialsFile = "/mnt/data/apps/cloudflared/homelab.json";
certificateFile = "/mnt/data/cloudflared/cert.pem"; certificateFile = "/mnt/data/apps/cloudflared/cert.pem";
default = "http_status:404"; default = "http_status:404";
ingress = homelab.routes; ingress = homelab.routes;
}; };
@ -23,7 +23,7 @@
script = lib.concatMapStringsSep "\n" (domain: '' script = lib.concatMapStringsSep "\n" (domain: ''
echo "Ensuring DNS route for ${domain}..." echo "Ensuring DNS route for ${domain}..."
${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns --overwrite-dns $(cat /mnt/data/apps/cloudflared/homelab.json | ${pkgs.jq}/bin/jq -r .TunnelID) ${domain} || true
'') (builtins.attrNames homelab.routes); '') (builtins.attrNames homelab.routes);
}; };
} }

4
modules/system/server.nix
View file

@ -21,7 +21,9 @@ in {
./homelab/code.nix ./homelab/code.nix
./homelab/dns.nix ./homelab/dns.nix
./homelab/git.nix ./homelab/git.nix
./homelab/cdn.nix
./homelab/ai.nix ./homelab/ai.nix
./homelab/db.nix
./core/swapfile.nix ./core/swapfile.nix
./core/oom.nix ./core/oom.nix
@ -33,7 +35,7 @@ in {
services.tailscale = { services.tailscale = {
enable = true; enable = true;
authKeyFile = "/mnt/data/tailscale/authkey"; authKeyFile = "/mnt/data/apps/tailscale/authkey";
useRoutingFeatures = "server"; useRoutingFeatures = "server";
extraUpFlags = ts-flags; extraUpFlags = ts-flags;
extraSetFlags = ts-flags; extraSetFlags = ts-flags;