fix user error

cf tunnels
vaultwarden service
2026-03-05 22:28:37 +07:00 · 2026-03-05 22:26:18 +07:00 · 2026-03-05 22:26:10 +07:00
5 changed files with 58 additions and 11 deletions
--- a/modules/system/homelab/dash.nix
+++ b/modules/system/homelab/dash.nix
@ -53,14 +53,15 @@
    [ "Proxy" "https://proxy.${homelab.domain}/" ]
  ];
  services = [
-    [ "PocketID" "authentik" "https://auth.proxy.${homelab.domain}" "http://localhost:1411/" ]
+    [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ]
+    [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ]
    [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ]
    [ "ApacheHTTPD" "apache" "https://cdn.proxy.${homelab.domain}" "http://localhost:3000/" ]
-    [ "Forgejo" "forgejo" "https://git.proxy.${homelab.domain}" "http://localhost:5080/" ]
-    [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ]
-    [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ]
-    [ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/guacamole/" ]
    [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ]
+    [ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ]
+    [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ]
+    [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ]
+    [ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}" "http://localhost:8085/guacamole/" ]
  ];
  bookmarks = [
    [ "Tailscale" "tailscale" "https://login.tailscale.com/" ]
@ -70,7 +71,10 @@
    [ "ZeroTier" "zerotier" "https://my.zerotier.com" ]
  ];
 in {
-  users.users.glance.extraGroups = [ "docker" ];
+  users.users.glance = {
+    extraGroups = [ "docker" ];
+    isSystemUser = true;
+  };
  services.glance = {
    enable = true;
    environmentFile = "/var/lib/glance/.env";
--- a/modules/system/homelab/pass.nix
+++ b/modules/system/homelab/pass.nix
@ -0,0 +1,12 @@
+{ homelab, ... }: {
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = "pass.proxy.${homelab.domain}";
+      SIGNUPS_ALLOWED = true;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8060;
+      ROCKET_LOG = "critical";
+    };
+  };
+}
--- a/modules/system/homelab/proxy.nix
+++ b/modules/system/homelab/proxy.nix
@ -11,12 +11,14 @@
    # "jkt"        = { dest = "http://localhost:9117"; auth = false; };
    # "media"      = { dest = "http://localhost:8096"; auth = false; };
    
+    "auth"       = { dest = "http://localhost:1411"; auth = false; };
+    "git"        = { dest = "http://localhost:5080"; auth = false; };
+    
    "containers" = { dest = "http://localhost:5001"; auth = false; };
    "gallery"    = { dest = "http://localhost:2283"; auth = false; };
    "remote"     = { dest = "http://localhost:8085"; auth = false; };
-    "auth"       = { dest = "http://localhost:1411"; auth = false; };
+    "pass"       = { dest = "http://localhost:8060"; auth = false; };
    "cdn"        = { dest = "http://localhost:3000"; auth = false; };
-    "git"        = { dest = "http://localhost:5080"; auth = false; };
    "@"          = { dest = "http://localhost:5070"; auth = false; };
  };
 in {
--- a/modules/system/homelab/tunnels.nix
+++ b/modules/system/homelab/tunnels.nix
@ -0,0 +1,14 @@
+{ homelab, ... }: {
+  services.cloudflared = {
+    enable = true;
+    tunnels.homelab = {
+      credentialsFile = "/mnt/data/cloudflared/homelab.json";
+      default = "http_status:404";
+      ingress = {
+        "git.${homelab.domain}" = "http://localhost:3000";
+        "auth.${homelab.domain}" = "http://localhost:1411";
+        "gallery.${homelab.domain}" = "http://localhost:2284";
+      };
+    };
+  };
+}
--- a/modules/system/server.nix
+++ b/modules/system/server.nix
@ -1,12 +1,21 @@
-{ lib, ... }: {
+{ lib, ... }: let
+  ts-flags = [
+    "--advertise-exit-node"
+    "--advertise-routes=10.3.14.0/24,192.168.1.0/24"
+    "--ssh" "--webclient"
+  ];
+in {
  imports = [
+    ./homelab/tunnels.nix
+    ./homelab/mesh.nix
    ./homelab/containers.nix
-    ./homelab/gallery.nix
    ./homelab/remote.nix
+    ./homelab/gallery.nix
    # ./homelab/media.nix # wip
    ./homelab/share.nix
    ./homelab/proxy.nix
    ./homelab/auth.nix
+    ./homelab/pass.nix
    ./homelab/dash.nix
    ./homelab/dns.nix
    ./homelab/git.nix
@ -16,7 +25,13 @@
    ./base.nix
  ];

-  specialisation.safe-mode.configuration = {};
+  services.tailscale = {
+    enable = true;
+    authKeyFile = "/mnt/data/tailscale/authkey";
+    useRoutingFeatures = "server";
+    extraUpFlags = ts-flags;
+    extraSetFlags = ts-flags;
+  };
  
  virtualisation = {
    oci-containers.backend = "docker";
Author	SHA1	Message	Date
Satria	abaa3c96d6	fix user error	2026-03-05 22:28:37 +07:00
Satria	606fa9a7da	cf tunnels	2026-03-05 22:26:18 +07:00
Satria	24746cc727	vaultwarden service	2026-03-05 22:26:10 +07:00