From 24746cc727890b578141497c2e5b8e3f6d29d91a Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 5 Mar 2026 22:26:10 +0700 Subject: [PATCH 1/3] vaultwarden service --- modules/system/homelab/dash.nix | 11 ++++++----- modules/system/homelab/pass.nix | 12 ++++++++++++ modules/system/homelab/proxy.nix | 6 ++++-- 3 files changed, 22 insertions(+), 7 deletions(-) create mode 100644 modules/system/homelab/pass.nix diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 88ca461..93b0625 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -53,14 +53,15 @@ [ "Proxy" "https://proxy.${homelab.domain}/" ] ]; services = [ - [ "PocketID" "authentik" "https://auth.proxy.${homelab.domain}" "http://localhost:1411/" ] + [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ] + [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ] [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] [ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ] - [ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ] - [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] - [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] - [ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/guacamole/" ] [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] + [ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ] + [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] + [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] + [ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/guacamole/" ] ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix new file mode 100644 index 0000000..6114a98 --- /dev/null +++ b/modules/system/homelab/pass.nix @@ -0,0 +1,12 @@ +{ homelab, ... }: { + services.vaultwarden = { + enable = true; + config = { + DOMAIN = "pass.proxy.${homelab.domain}"; + SIGNUPS_ALLOWED = true; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8060; + ROCKET_LOG = "critical"; + }; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index a561530..1f98b01 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -11,12 +11,14 @@ # "jkt" = { dest = "http://localhost:9117"; auth = false; }; # "media" = { dest = "http://localhost:8096"; auth = false; }; + "auth" = { dest = "http://localhost:1411"; auth = false; }; + "git" = { dest = "http://localhost:5080"; auth = false; }; + "containers" = { dest = "http://localhost:5001"; auth = false; }; "gallery" = { dest = "http://localhost:2283"; auth = false; }; "remote" = { dest = "http://localhost:8085"; auth = false; }; - "auth" = { dest = "http://localhost:1411"; auth = false; }; + "pass" = { dest = "http://localhost:8060"; auth = false; }; "cdn" = { dest = "http://localhost:3000"; auth = false; }; - "git" = { dest = "http://localhost:5080"; auth = false; }; "@" = { dest = "http://localhost:5070"; auth = false; }; }; in { From 606fa9a7da16ebefa5716967ca57cf2eb15bd68f Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 5 Mar 2026 22:26:18 +0700 Subject: [PATCH 2/3] cf tunnels --- modules/system/homelab/tunnels.nix | 14 ++++++++++++++ modules/system/server.nix | 23 +++++++++++++++++++---- 2 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 modules/system/homelab/tunnels.nix diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix new file mode 100644 index 0000000..a12cc15 --- /dev/null +++ b/modules/system/homelab/tunnels.nix @@ -0,0 +1,14 @@ +{ homelab, ... }: { + services.cloudflared = { + enable = true; + tunnels.homelab = { + credentialsFile = "/mnt/data/cloudflared/homelab.json"; + default = "http_status:404"; + ingress = { + "git.${homelab.domain}" = "http://localhost:3000"; + "auth.${homelab.domain}" = "http://localhost:1411"; + "gallery.${homelab.domain}" = "http://localhost:2284"; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/system/server.nix b/modules/system/server.nix index 29bc8ee..46fcec7 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -1,12 +1,21 @@ -{ lib, ... }: { +{ lib, ... }: let + ts-flags = [ + "--advertise-exit-node" + "--advertise-routes=10.3.14.0/24,192.168.1.0/24" + "--ssh" "--webclient" + ]; +in { imports = [ + ./homelab/tunnels.nix + ./homelab/mesh.nix ./homelab/containers.nix - ./homelab/gallery.nix ./homelab/remote.nix + ./homelab/gallery.nix # ./homelab/media.nix # wip ./homelab/share.nix ./homelab/proxy.nix ./homelab/auth.nix + ./homelab/pass.nix ./homelab/dash.nix ./homelab/dns.nix ./homelab/git.nix @@ -16,8 +25,14 @@ ./base.nix ]; - specialisation.safe-mode.configuration = {}; - + services.tailscale = { + enable = true; + authKeyFile = "/mnt/data/tailscale/authkey"; + useRoutingFeatures = "server"; + extraUpFlags = ts-flags; + extraSetFlags = ts-flags; + }; + virtualisation = { oci-containers.backend = "docker"; docker = { From abaa3c96d628c5aa3f1d9b40fa24bda655030f26 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 5 Mar 2026 22:28:37 +0700 Subject: [PATCH 3/3] fix user error --- modules/system/homelab/dash.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 93b0625..cd6a999 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -71,7 +71,10 @@ [ "ZeroTier" "zerotier" "https://my.zerotier.com" ] ]; in { - users.users.glance.extraGroups = [ "docker" ]; + users.users.glance = { + extraGroups = [ "docker" ]; + isSystemUser = true; + }; services.glance = { enable = true; environmentFile = "/var/lib/glance/.env";