sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sin_serhao:master
Branches Tags
sin_serhao:master
sin_serhao:test-deploy
..
compare: sin_serhao:test-deploy
Branches Tags
sin_serhao:master
sin_serhao:test-deploy

No commits in common. "master" and "test-deploy" have entirely different histories.
master ... test-deplo

5 changed files with 131 additions and 155 deletions
Show Stats Expand all files Collapse all files

20
.gitea/workflows/deploy.yaml
View File

@ -11,8 +11,26 @@ jobs:
name: build hive configuration
runs-on: ubuntu-22.04
steps:
- uses: cachix/install-nix-action@v31
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- name: Restore and save Nix store
uses: nix-community/cache-nix-action@v6
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-
# collect garbage until the Nix store size (in bytes) is at most this number
# before trying to save a new cache
# 1G = 1073741824
gc-max-store-size-linux: 1G
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago
purge-created: 60000
purge-primary-key: never
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:

38
hosts/sin/configuration.nix
View File

@ -2,7 +2,6 @@
modulesPath,
lib,
pkgs,
config,
...
}:
{
@ -52,45 +51,36 @@
time.timeZone = "Europe/Paris";
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
users.users = {
zimablade = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
shobu = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
};
users.users.root.openssh.authorizedKeys.keys = [
# change this to your ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
];
environment.systemPackages =
map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
]
++ (with pkgs; [
helix
httpie
btop
tmux
# firefox
]);
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
] ++ (with pkgs; [
helix
httpie
btop
tmux
# firefox
]);
services = {
openssh = {

5
hosts/sin/copyparty.nix
View File

@ -1,5 +1,4 @@
{ inputs, pkgs, ... }:
{
{inputs, pkgs, ...}: {
imports = [ inputs.copyparty.nixosModules.default ];
nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
environment.systemPackages = [ pkgs.copyparty ];
@ -12,9 +11,7 @@
e2ts = true;
z = true;
qr = true;
xff-hdr = "X-Real-IP";
xff-src = "lan";
rproxy = 1;
http-only = true;
og = true;
shr = "/shares";

21
hosts/sin/ollama.nix
View File

@ -1,21 +0,0 @@
{ inputs, ... }:
{
# virtualisation.docker = {
# enable = true;
# storageDriver = "btrfs";
# };
services.ollama = {
enable = true;
openFirewall = true;
loadModels = [ ];
acceleration = "cuda";
};
services.open-webui = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
port = 8050;
};
}

202
hosts/thea/nginx.nix
View File

@ -1,132 +1,124 @@
{ inputs, ... }:
{inputs, ...}:
let
# striped-front = inputs.striped-front;
sin-address = "192.168.1.14";
in
{
in {
networking.firewall.allowedTCPPorts = [
80
443
8448
];
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
mkStarr = host: port: {
"${host}" = {
enableACME = true;
forceSSL = true;
virtualHosts =
let
mkStarr = host: port: {
"${host}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
proxy_read_timeout 4800s;
'';
};
locations."/" = {
proxyPass = "http://${sin-address}:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
proxy_read_timeout 4800s;
'';
};
};
};
in
(
mkStarr "jellyfin.shobu.fr" "8096"
// mkStarr "radarr.shobu.fr" "7878"
// mkStarr "sonarr.shobu.fr" "8989"
// mkStarr "prowlarr.shobu.fr" "9696"
// mkStarr "bazarr.shobu.fr" "6767"
// mkStarr "jellyseerr.shobu.fr" "5055"
// mkStarr "fileshelter.shobu.fr" "5091"
// mkStarr "lidarr.shobu.fr" "8686"
// mkStarr "transmission.shobu.fr" "9091"
// mkStarr "zimablade-admin.shobu.fr" "61208"
// {
"shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist";
};
"data.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "/mnt/shares/data";
};
"bddtrans.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8001";
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
in
(
mkStarr "jellyfin.shobu.fr" "8096"
// mkStarr "radarr.shobu.fr" "7878"
// mkStarr "sonarr.shobu.fr" "8989"
// mkStarr "prowlarr.shobu.fr" "9696"
// mkStarr "bazarr.shobu.fr" "6767"
// mkStarr "jellyseerr.shobu.fr" "5055"
// mkStarr "fileshelter.shobu.fr" "5091"
// mkStarr "lidarr.shobu.fr" "8686"
// mkStarr "transmission.shobu.fr" "9091"
// mkStarr "zimablade-admin.shobu.fr" "61208"
// {
"shobu.fr" = {
enableACME = true;
forceSSL = true;
"bddtrans-api.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist";
};
"data.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "/mnt/shares/data";
};
"bddtrans.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8001";
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
"bddtrans-api.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
locations."/" = {
proxyPass = "http://${sin-address}:8000";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
'';
};
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
'';
};
# "striped.shobu.fr" = {
# enableACME = true;
# forceSSL = true;
};
# "striped.shobu.fr" = {
# enableACME = true;
# forceSSL = true;
# root = "${striped-front.packages.x86_64-linux.default}/dist";
# };
"dashboard.shobu.fr" = {
enableACME = true;
forceSSL = true;
# root = "${striped-front.packages.x86_64-linux.default}/dist";
# };
"dashboard.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8082";
};
locations."/" = {
proxyPass = "http://${sin-address}:8082";
};
"git.shobu.fr" = {
enableACME = true;
forceSSL = true;
};
"git.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:3000";
};
locations."/" = {
proxyPass = "http://${sin-address}:3000";
};
"files.shobu.fr" = {
enableACME = true;
forceSSL = true;
};
"files.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8086";
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
'';
};
locations."/" = {
proxyPass = "http://${sin-address}:8086";
};
# "matrix.shobu.fr" = {
# forceSSL = true;
# enableACME = true;
# locations."/".extraConfig = ''
# return 404;
# '';
# locations."/_matrix".proxyPass = "http://${sin-address}:8008";
# locations."/_synapse/client".proxyPass = "http://${sin-address}:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server";
# };
}
);
};
# "matrix.shobu.fr" = {
# forceSSL = true;
# enableACME = true;
# locations."/".extraConfig = ''
# return 404;
# '';
# locations."/_matrix".proxyPass = "http://${sin-address}:8008";
# locations."/_synapse/client".proxyPass = "http://${sin-address}:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server";
# };
}
);
};
security.acme = {