sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sin_serhao:c2f8b28b5d33e38037737c24ad714a73a8b08588
Branches Tags
sin_serhao:master sin_serhao:authelia sin_serhao:disk sin_serhao:test-deploy
..
compare: sin_serhao:master
Branches Tags
sin_serhao:master sin_serhao:authelia sin_serhao:disk sin_serhao:test-deploy

8 Commits
c2f8b28b5d ... master

Author SHA1 Message Date
Sin Ser'hao
b5aa64e74a trilium & authelia setup
Some checks failed
/ perform flake analysis (push) Has been cancelled
Details
/ build hive configuration (push) Failing after 22m46s
Details
2026-01-29 09:45:10 +01:00
Sin Ser'Hao
d7c765b80e test
Some checks failed
/ perform flake analysis (push) Failing after 3h0m29s
Details
2026-01-27 20:40:20 +01:00
Sin Ser'hao
b3b8ffd90f reactivate authelia module
Some checks failed
/ perform flake analysis (push) Has been cancelled
Details
/ build hive configuration (push) Successful in 11m6s
Details
2026-01-26 16:47:05 +01:00
Sin Ser'hao
c3614c5397 use header only authelia snippet
Some checks failed
/ build hive configuration (push) Has been cancelled
Details
/ perform flake analysis (push) Has been cancelled
Details
2026-01-26 16:46:43 +01:00
shobu
7e3186e632 fix authelia snippets
Some checks failed
/ build hive configuration (push) Successful in 9m47s
Details
/ perform flake analysis (push) Failing after 3h14m48s
Details
2026-01-23 23:05:58 +01:00
Sin Ser'hao
2db673093e basic authella configuration
All checks were successful
/ perform flake analysis (push) Successful in 39s
Details
/ build hive configuration (push) Successful in 8m59s
Details
2026-01-23 20:22:03 +01:00
Sin Ser'hao
f894f65024 extend body capacity for copyparty to 100M
All checks were successful
/ perform flake analysis (push) Successful in 38s
Details
/ build hive configuration (push) Successful in 10m39s
Details
2026-01-20 12:24:14 +01:00
Sin Ser'hao
7468ccd09f start authelia config and change copyparty upload max size 2026-01-20 12:24:12 +01:00
19 changed files with 405 additions and 27 deletions
Expand all files Collapse all files

32
flake.lock generated
View File

@@ -49,11 +49,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1768336726, "lastModified": 1769470446,
"narHash": "sha256-Os4qn0S0bv7MauXGz16ozyOYZuMrA2FJuXNjDnr5yps=", "narHash": "sha256-nze0VZ70K2kbDxjE+BBZLD7juOmnZqNYdOhl9aUNGWg=",
"owner": "9001", "owner": "9001",
"repo": "copyparty", "repo": "copyparty",
"rev": "c46cd7f57a8ae3b121866485c91ec078c4dd970e", "rev": "2f57228fd4e62f8cd8e12cb80a3531dc2d4d170a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -91,11 +91,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766150702, "lastModified": 1769524058,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -233,11 +233,11 @@
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1767838769, "lastModified": 1769567010,
"narHash": "sha256-KCLU6SUU80tEBKIVZsBrSjRYX6kn1eVIYI3fEEqOp24=", "narHash": "sha256-R4ESxjCluQQlSIPw4NaRYVvEtvsnKGRwmACcXU1at6g=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "4da21f019f6443f513f16af7f220ba4db1cdfc04", "rev": "1c9c95fea177a4f8430c34dc1f974394e72bca1f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -311,16 +311,16 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1767313136, "lastModified": 1769318308,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", "narHash": "sha256-Mjx6p96Pkefks3+aA+72lu1xVehb6mv2yTUUqmSet6Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", "rev": "1cd347bf3355fce6c64ab37d3967b4a2cb4b878c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -452,11 +452,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1768127708, "lastModified": 1769461804,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View File

@@ -3,7 +3,7 @@
# Flake inputs # Flake inputs
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
colmena.url = "github:zhaofengli/colmena"; colmena.url = "github:zhaofengli/colmena";

3
hosts/sin/configuration.nix
View File

@@ -17,6 +17,7 @@
./secrets.nix ./secrets.nix
./coredns ./coredns
./copyparty.nix ./copyparty.nix
./trilium.nix
]; ];
boot.initrd.kernelModules = [ "usb_storage" ]; boot.initrd.kernelModules = [ "usb_storage" ];
@@ -43,6 +44,8 @@
3000 # gitea 3000 # gitea
config.services.trilium-server.port
53 53
]; ];

23
hosts/sin/jellyfin.nix
View File

@@ -11,10 +11,9 @@ in
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
intel-vaapi-driver intel-vaapi-driver
vaapiVdpau libva-vdpau-driver
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
]; ];
}; };
@@ -82,15 +81,27 @@ in
enable = true; enable = true;
openFirewall = true; openFirewall = true;
group = "starr"; group = "starr";
settings = {
authentication.AuthenticationMethod = "external";
authentication.AuthenticationType = "enabled";
};
}; };
radarr = { radarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
group = "starr"; group = "starr";
settings = {
authentication.AuthenticationMethod = "external";
authentication.AuthenticationType = "enabled";
};
}; };
prowlarr = { prowlarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = {
authentication.AuthenticationMethod = "external";
authentication.AuthenticationType = "enabled";
};
}; };
bazarr = { bazarr = {
enable = true; enable = true;
@@ -99,10 +110,18 @@ in
lidarr = { lidarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = {
authentication.AuthenticationMethod = "external";
authentication.AuthenticationType = "enabled";
};
}; };
whisparr = { whisparr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = {
authentication.AuthenticationMethod = "external";
authentication.AuthenticationType = "enabled";
};
}; };
jellyseerr = { jellyseerr = {

12
hosts/sin/secrets.nix
View File

@@ -15,5 +15,17 @@
mode = "700"; mode = "700";
owner = "copyparty"; owner = "copyparty";
}; };
authelia-jwt = {
file = ./secrets/authelia-jwt.age;
mode = "700";
};
authelia-encryption = {
file = ./secrets/authelia-encryption.age;
mode = "700";
};
authelia-session = {
file = ./secrets/authelia-session.age;
mode = "700";
};
}; };
} }

7
hosts/sin/secrets/authelia-encryption.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 /uqj4A L95rgX9APIgoMvkplZIYgMQDhKBOsPGOw/maymMhiks
LNfa/YBCd84iknAMk4wbQps4KMXCvrhPp2d9KkhJWHI
-> ssh-ed25519 NoSl6Q G/y6DUFTyV6Jy6KHo8yc+xxtu3aJtTOF3Ldmxq3FmyE
FOExj321S/VIPQ/qdvZBcJ930HI/GsjDVjJp9WMSXLA
--- iIpq/CWng+4+kQbvJQb/qgejr/eza94wCkegEJ2dvno
ÿNôU*1=DÔOˆ£W6]_â©Kà=©Þký¦_ù˜Ýøɇ™tmË•ãw°

7
hosts/sin/secrets/authelia-jwt.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 /uqj4A i6SPCzjkGrPMjhC9NQDdYTk3fzXoD4OSQdhS1togN0A
Lqus8sROz1O4EepauPwC4RX/qH+SnDiL2H5iZGtAhXo
-> ssh-ed25519 NoSl6Q LxV4a5HiB6qfPjbba75dkVVECzaqrMjksMXHh53JbGQ
x4POzurz+J2mymT81M+cu69Iv/MeiYt+JvaRteinm5Q
--- OFqooyZ2HPBxP756PqpgJAyVOTkqhJ0LhEQsLJBZUtE
—>»&Ȇw·\D„Au{õz{CˆÁ~á$_ˆ9»¢ZZ<5A>U^„ÎÊL!(lnпÂó‰Üv{fdº ß l¢,<2C>|<7C>Ü.¤çH«¤³êVaù¥ÍÓˆ™PêwOo

7
hosts/sin/secrets/authelia-session.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 /uqj4A eff535EaT7gEZOacWx9raBJMdd4PPd9+y6Y3eOt1wBI
5P4aefjWVJ4L11ff+Cg8j3gQ58I+agDPUMFWiCaL/sQ
-> ssh-ed25519 NoSl6Q 3+EZtaiiZQk7JK6zCNo/nUSSRAJzf8nal2X1sFkYmxo
f5gzpiOtCbYdiV7vOxfZvJPRmRruTbHg6T8g0r5JRgc
--- BBL3wE2eSmHVI4tlhq+5fy84cauw6P6G69nFXuObLKE
êéæí @[¡SÓcñ<C3B1>SyÉŠ‡<; í†<C3AD>Ë茟<C592><C5B8>§(°Æž1\Yjȯ½½4åõ Ýȹ.3>Â[Èq¢Jh 8í·šÕVt”øX[Ì~[(#^_5€§<E282AC>

9
hosts/sin/trilium.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }:
{
services.trilium-server = {
enable = true;
port = 12783;
host = "0.0.0.0";
noAuthentication = true;
};
}

126
hosts/thea/authelia.nix Normal file
View File

@@ -0,0 +1,126 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.services.authelia.instances.main;
dataDir = "/var/lib/authelia-${cfg.name}";
authelia-snippets = pkgs.callPackage ./lib/autheliaSnippets.nix { inherit pkgs; };
in
{
services.authelia.instances = {
main = {
enable = true;
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-encryption.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
theme = "light";
log.level = "debug";
authentication_backend = {
file = {
path = dataDir + "/users.yml";
};
};
storage = {
local = {
path = dataDir + "/db.sqlite3";
};
};
session = {
cookies = [
{
domain = "shobu.fr";
authelia_url = "https://auth.shobu.fr";
default_redirection_url = "https://shobu.fr";
}
];
};
notifier = {
filesystem = {
filename = "${dataDir}/notification.txt";
};
};
access_control = {
default_policy = "deny";
rules = [
# {
# domain = "radarr.shobu.fr";
# policy = "bypass";
# }
{
domain = "*.shobu.fr";
policy = "one_factor";
}
];
};
server = {
endpoints = {
authz = {
auth-request = {
implementation = "AuthRequest";
};
};
};
};
};
};
};
# systemd.tmpfiles.rules = lib.mkIf cfg.enable [
# "d '${dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
# ];
age.secrets = {
authelia-jwt = {
owner = cfg.user;
file = ./secrets/authelia-jwt.age;
mode = "700";
};
authelia-encryption = {
owner = cfg.user;
file = ./secrets/authelia-encryption.age;
mode = "700";
};
authelia-session = {
owner = cfg.user;
file = ./secrets/authelia-session.age;
mode = "700";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."auth.shobu.fr" =
let
upstream = "http://thea:9091";
in
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = upstream;
extraConfig = ''
error_log /var/log/nginx/debug_authelia.log debug;
include ${authelia-snippets.proxy};
set $upstream ${upstream};
'';
};
locations."/api/verify" = {
proxyPass = upstream;
};
locations."/api/authz" = {
proxyPass = upstream;
};
};
};
}

3
hosts/thea/configuration.nix
View File

@@ -16,10 +16,11 @@ in
{ {
imports = [ imports = [
./nginx.nix ./nginx.nix
# ./striped
# ./cybercoffee # ./cybercoffee
./ollama.nix ./ollama.nix
./minecraft.nix ./minecraft.nix
./secrets
./authelia.nix
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.

81
hosts/thea/lib/autheliaSnippets.nix Normal file
View File

@@ -0,0 +1,81 @@
{ pkgs }:
{
proxy = pkgs.writeText "proxy.conf" ''
## Headers
# proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
'';
authelia-location = pkgs.writeText "authelia-location.conf" ''
set $upstream_authelia http://192.168.1.12:9091/api/authz/auth-request;
## Virtual endpoint created by nginx to forward auth requests.
location /internal/authelia/authz {
## Essential Proxy Configuration
internal;
proxy_pass $upstream_authelia;
## Headers
## The headers starting with X-* are required.
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Content-Length "";
proxy_set_header Connection "";
## Basic Proxy Configuration
proxy_pass_request_body off;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Timeout if the real server is dead
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 32k;
client_body_buffer_size 128k;
## Advanced Proxy Configuration
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}
'';
authelia-authrequest = pkgs.writeText "authelia-authrequest.conf" ''
## Send a subrequest to Authelia to verify if the user is authenticated and has permission to access the resource.
auth_request /internal/authelia/authz;
## Save the upstream metadata response headers from Authelia to variables.
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
auth_request_set $name $upstream_http_remote_name;
auth_request_set $email $upstream_http_remote_email;
## Inject the metadata response headers from the variables into the request made to the backend.
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
proxy_set_header Remote-Email $email;
proxy_set_header Remote-Name $name;
## Configure the redirection when the authz failure occurs. Lines starting with 'Modern Method' and 'Legacy Method'
## should be commented / uncommented as pairs. The modern method uses the session cookies configuration's authelia_url
## value to determine the redirection URL here. It's much simpler and compatible with the mutli-cookie domain easily.
## Modern Method: Set the $redirection_url to the Location header of the response to the Authz endpoint.
auth_request_set $redirection_url $upstream_http_location;
## Modern Method: When there is a 401 response code from the authz endpoint redirect to the $redirection_url.
error_page 401 =302 $redirection_url;
## Legacy Method: Set $target_url to the original requested URL.
## This requires http_set_misc module, replace 'set_escape_uri' with 'set' if you don't have this module.
# set_escape_uri $target_url $scheme://$http_host$request_uri;
## Legacy Method: When there is a 401 response code from the authz endpoint redirect to the portal with the 'rd'
## URL parameter set to $target_url. This requires users update 'auth.shobu.fr/' with their external authelia URL.
# error_page 401 =302 https://auth.shobu.fr/?rd=$target_url;
'';
}

10
hosts/thea/minecraft.nix
View File

@@ -9,6 +9,10 @@ let
url = "file:///${inputs.testing-grounds.modpack}/pack.toml"; url = "file:///${inputs.testing-grounds.modpack}/pack.toml";
packHash = "sha256-+taYj4uroLNxM4Nia3n+5P1Y/g6dzE6Iq13TsZgk4mU="; packHash = "sha256-+taYj4uroLNxM4Nia3n+5P1Y/g6dzE6Iq13TsZgk4mU=";
}; };
gregpack = pkgs.fetchPackwizModpack {
url = "https://raw.githubusercontent.com/GregTechCEu/GregTech-Modern-Community-Pack/refs/heads/main/pack.toml";
packHash = "sha256-SE86gP15H/Aug6vTLmMxHuxF2/+iLmCI/wQlON1xasM=";
};
in in
{ {
imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ]; imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
@@ -35,4 +39,10 @@ in
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [
25865 # autismcraft
25665 # reclamation
25675 # reclamation
];
} }

84
hosts/thea/nginx.nix
View File

@@ -1,8 +1,14 @@
{ inputs, ... }: {
inputs,
pkgs,
lib,
...
}:
let let
# striped-front = inputs.striped-front; # striped-front = inputs.striped-front;
sin-address = "192.168.1.14"; sin-address = "192.168.1.14";
authelia-snippets = pkgs.callPackage ./lib/autheliaSnippets.nix { inherit pkgs; };
in in
{ {
@@ -17,36 +23,92 @@ in
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
typesHashMaxSize = 512;
mapHashMaxSize = 512;
virtualHosts = virtualHosts =
let let
mkStarr = host: port: { mkVHost = host: port: {
"${host}" = { "${host}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${sin-address}:${port}"; proxyPass = "http://${sin-address}:${port}";
};
};
};
mkStarr = host: port: {
"${host}" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
include ${authelia-snippets.authelia-location};
'';
locations."/api" = {
proxyPass = "http://${sin-address}:${port}";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_ssl_server_name on; proxy_ssl_server_name on;
'';
};
locations."/" = {
proxyPass = "http://${sin-address}:${port}";
proxyWebsockets = true;
extraConfig = ''
include ${authelia-snippets.proxy};
include ${authelia-snippets.authelia-authrequest};
proxy_ssl_server_name on;
proxy_read_timeout 4800s; proxy_read_timeout 4800s;
''; '';
}; };
}; };
}; };
withAuthelia =
vhost: location:
(builtins.mapAttrs (
name: value:
(lib.recursiveUpdate value {
extraConfig = (if value ? extraConfig then value.extraConfig else "") + ''
include ${authelia-snippets.authelia-location};
'';
locations."${location}".extraConfig =
(
if value.locations."${location}" ? extraConfig then
value.locations."${location}".extraConfig
else
""
)
+ ''
include ${authelia-snippets.proxy};
include ${authelia-snippets.authelia-authrequest};
'';
})
) vhost);
withWebsockets =
vhost: location:
(builtins.mapAttrs (
name: value:
(lib.recursiveUpdate value {
locations."${location}".proxyWebsockets = true;
})
) vhost);
in in
( (
mkStarr "jellyfin.shobu.fr" "8096" (withWebsockets (mkVHost "jellyfin.shobu.fr" "8096") "/")
// mkStarr "radarr.shobu.fr" "7878" // mkStarr "radarr.shobu.fr" "7878"
// mkStarr "sonarr.shobu.fr" "8989" // mkStarr "sonarr.shobu.fr" "8989"
// mkStarr "prowlarr.shobu.fr" "9696" // mkStarr "prowlarr.shobu.fr" "9696"
// mkStarr "bazarr.shobu.fr" "6767" // mkStarr "bazarr.shobu.fr" "6767"
// mkStarr "jellyseerr.shobu.fr" "5055"
// mkStarr "fileshelter.shobu.fr" "5091"
// mkStarr "lidarr.shobu.fr" "8686" // mkStarr "lidarr.shobu.fr" "8686"
// mkStarr "whisparr.shobu.fr" "6969" // mkStarr "whisparr.shobu.fr" "6969"
// mkStarr "transmission.shobu.fr" "9091" // mkVHost "jellyseerr.shobu.fr" "5055"
// mkStarr "zimablade-admin.shobu.fr" "61208" // mkVHost "transmission.shobu.fr" "9091"
// mkVHost "zimablade-admin.shobu.fr" "61208"
// (withWebsockets (withAuthelia (mkVHost "trilium.shobu.fr" "12783") "/") "/")
// { // {
"shobu.fr" = { "shobu.fr" = {
enableACME = true; enableACME = true;
@@ -109,10 +171,18 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
extraConfig = ''
# include ${authelia-snippets.authelia-location};
# error_log /var/log/nginx/debug_files.log debug;
'';
locations."/" = { locations."/" = {
proxyPass = "http://${sin-address}:8086"; proxyPass = "http://${sin-address}:8086";
extraConfig = '' extraConfig = ''
# include ${authelia-snippets.proxy};
# include ${authelia-snippets.authelia-authrequest};
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 100M;
''; '';
}; };
}; };

10
hosts/thea/secrets/authelia-encryption.age Normal file
View File

@@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 /uqj4A 9cZH/SlDpiluz2O3wCxRcBhmt3L5eN24I0HHwiJDWRU
VVZaJlB4QzxBPcaN3MjCemjptEbqSUMD8VVtKyGezH8
-> ssh-ed25519 70Re8Q ZFEQxmnm+dFKSXcQAc0KxkewCB59J5FyL1Ob/uEEtVg
fRdEZpIytxjUeSKPieIzvZaAn5Mikjp28HlZhKwzS7M
-> ssh-ed25519 QvCxGg ifsqXBKO0mqE1RuJ44Y7qDJ7lyci8iyz+J1xFgO38jI
MkhMTZ+RttBFFMkbIaSCSQiExR1gf4OyFWHXIsx+QYQ
--- nnMlLyQjixpBkx+bSU5I364IP3KnZ0qnmMPueBcRHpU
ë˜<EFBFBD>6TX—ÕÞ ÌfÁ““É
®?Z7M<37>T<EFBFBD>Å|ÚQf

BIN
hosts/thea/secrets/authelia-jwt.age Normal file
View File

Binary file not shown.

9
hosts/thea/secrets/authelia-session.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 /uqj4A yxpGM3pJxfnM/5q9+NzdfG2kBjjNex6bdyUeZEBKjnI
UO6ovn2cFeNi6SbcGpfF71/OAyQccyG+l6aZXubUal8
-> ssh-ed25519 70Re8Q GW40lmeg6Lj7ntZswT0/hWZFpYBWoV3CMq4pdo+Ncgc
oWTYuM/s3G7EKPWPQpHbXo9Tpzgn7YlYVQHYGn4xKS8
-> ssh-ed25519 QvCxGg pKLpxtuMIa0xPXoaeb4WeQWVEINRE/j4nrxDB1J9BUI
1azpt5MImTiDSF+Ts9EvUCdWMeVG7lErUHSBQfMiip4
--- IOOR8Us6zlZhJm0V4X3IlbkHSdtR3GLLxEfa4i+lqv0
ó P¬¥rhé"BFãŽÌŸtÌ€ê¤{¾(öB`q“Óø"AµnN_ ™f*ÏŒºvPpj&{)ìŠØ@ÃkF«Ú]<Aš*Á<><EFBFBD>´WTm”ƪD‡,Ý1E­™”¦³eѨ·O¢š

3
hosts/thea/secrets/default.nix Normal file
View File

@@ -0,0 +1,3 @@
{ ... }:
{
}

4
modules/gitea/thea/virtualisation.nix
View File

@@ -16,6 +16,10 @@
}; };
}; };
environment.systemPackages = with pkgs; [
podman-compose
];
virtualisation.oci-containers.containers = virtualisation.oci-containers.containers =
let let
runner_config = pkgs.writeTextFile { runner_config = pkgs.writeTextFile {