satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: satr14:b6fe6f02b4f16a5fe9b0f0fd96789e9aeb3f7443
Branches Tags
satr14:main
satr14:mc-backup
satr14:sops-implementation
...
compare: satr14:abaa3c96d628c5aa3f1d9b40fa24bda655030f26
Branches Tags
satr14:main
satr14:mc-backup
satr14:sops-implementation

3 commits
b6fe6f02b4 ... abaa3c96d6

Author SHA1 Message Date
Satria
abaa3c96d6 fix user error 2026-03-05 22:28:37 +07:00
Satria
606fa9a7da cf tunnels 2026-03-05 22:26:18 +07:00
Satria
24746cc727 vaultwarden service 2026-03-05 22:26:10 +07:00
5 changed files with 58 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/system/homelab/dash.nix
View file

@ -53,14 +53,15 @@
[ "Proxy" "https://proxy.${homelab.domain}/" ] [ "Proxy" "https://proxy.${homelab.domain}/" ]
]; ];
services = [ services = [
[ "PocketID" "authentik" "https://auth.proxy.${homelab.domain}" "http://localhost:1411/" ] [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ]
[ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ]
[ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ]
[ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ] [ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ]
[ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ]
[ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ]
[ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ]
[ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/guacamole/" ]
[ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ]
[ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ]
[ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ]
[ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ]
[ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/guacamole/" ]
]; ];
bookmarks = [ bookmarks = [
[ "Tailscale" "tailscale" "https://login.tailscale.com/" ] [ "Tailscale" "tailscale" "https://login.tailscale.com/" ]
@ -70,7 +71,10 @@
[ "ZeroTier" "zerotier" "https://my.zerotier.com" ] [ "ZeroTier" "zerotier" "https://my.zerotier.com" ]
]; ];
in { in {
users.users.glance.extraGroups = [ "docker" ]; users.users.glance = {
extraGroups = [ "docker" ];
isSystemUser = true;
};
services.glance = { services.glance = {
enable = true; enable = true;
environmentFile = "/var/lib/glance/.env"; environmentFile = "/var/lib/glance/.env";

12
modules/system/homelab/pass.nix Normal file
View file

@ -0,0 +1,12 @@
{ homelab, ... }: {
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "pass.proxy.${homelab.domain}";
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8060;
ROCKET_LOG = "critical";
};
};
}

6
modules/system/homelab/proxy.nix
View file

@ -11,12 +11,14 @@
# "jkt" = { dest = "http://localhost:9117"; auth = false; }; # "jkt" = { dest = "http://localhost:9117"; auth = false; };
# "media" = { dest = "http://localhost:8096"; auth = false; }; # "media" = { dest = "http://localhost:8096"; auth = false; };
"auth" = { dest = "http://localhost:1411"; auth = false; };
"git" = { dest = "http://localhost:5080"; auth = false; };
"containers" = { dest = "http://localhost:5001"; auth = false; }; "containers" = { dest = "http://localhost:5001"; auth = false; };
"gallery" = { dest = "http://localhost:2283"; auth = false; }; "gallery" = { dest = "http://localhost:2283"; auth = false; };
"remote" = { dest = "http://localhost:8085"; auth = false; }; "remote" = { dest = "http://localhost:8085"; auth = false; };
"auth" = { dest = "http://localhost:1411"; auth = false; }; "pass" = { dest = "http://localhost:8060"; auth = false; };
"cdn" = { dest = "http://localhost:3000"; auth = false; }; "cdn" = { dest = "http://localhost:3000"; auth = false; };
"git" = { dest = "http://localhost:5080"; auth = false; };
"@" = { dest = "http://localhost:5070"; auth = false; }; "@" = { dest = "http://localhost:5070"; auth = false; };
}; };
in { in {

14
modules/system/homelab/tunnels.nix Normal file
View file

@ -0,0 +1,14 @@
{ homelab, ... }: {
services.cloudflared = {
enable = true;
tunnels.homelab = {
credentialsFile = "/mnt/data/cloudflared/homelab.json";
default = "http_status:404";
ingress = {
"git.${homelab.domain}" = "http://localhost:3000";
"auth.${homelab.domain}" = "http://localhost:1411";
"gallery.${homelab.domain}" = "http://localhost:2284";
};
};
};
}

23
modules/system/server.nix
View file

@ -1,12 +1,21 @@
{ lib, ... }: { { lib, ... }: let
ts-flags = [
"--advertise-exit-node"
"--advertise-routes=10.3.14.0/24,192.168.1.0/24"
"--ssh" "--webclient"
];
in {
imports = [ imports = [
./homelab/tunnels.nix
./homelab/mesh.nix
./homelab/containers.nix ./homelab/containers.nix
./homelab/gallery.nix
./homelab/remote.nix ./homelab/remote.nix
./homelab/gallery.nix
# ./homelab/media.nix # wip # ./homelab/media.nix # wip
./homelab/share.nix ./homelab/share.nix
./homelab/proxy.nix ./homelab/proxy.nix
./homelab/auth.nix ./homelab/auth.nix
./homelab/pass.nix
./homelab/dash.nix ./homelab/dash.nix
./homelab/dns.nix ./homelab/dns.nix
./homelab/git.nix ./homelab/git.nix
@ -16,8 +25,14 @@
./base.nix ./base.nix
]; ];
specialisation.safe-mode.configuration = {}; services.tailscale = {
enable = true;
authKeyFile = "/mnt/data/tailscale/authkey";
useRoutingFeatures = "server";
extraUpFlags = ts-flags;
extraSetFlags = ts-flags;
};
virtualisation = { virtualisation = {
oci-containers.backend = "docker"; oci-containers.backend = "docker";
docker = { docker = {