polsevev/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Moved the file service to nixos host

Browse source
This commit is contained in:
Rolf Martin Glomsrud 2025-06-29 19:35:16 +02:00
parent dab61f136e
commit 83840dcd2a
8 changed files with 69 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nixos/acme/get-cert.nix Normal file
View file

@ -0,0 +1,14 @@
{ domain }:
let
domain-ref = if builtins.substring 0 1 domain == "*" then
"wildcard" + builtins.substring 1 (builtins.stringLength domain - 1) domain
else
domain;
in { config, pkgs, ... }: {
security.acme.certs."${domain-ref}" = {
inherit domain;
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."cloudflare-key".path;
group = config.services.nginx.group;
};
}

6
nixos/flake.lock generated
View file

@ -23,10 +23,10 @@
"homelabSecrets": {
"flake": false,
"locked": {
"lastModified": 1751205752,
"narHash": "sha256-LG9Ojek6J+8dXy8tavHo0nY79L5sVkIm0+ZfZ7DkAHk=",
"lastModified": 1751216299,
"narHash": "sha256-kSbY2S5/O87pl8gmDPq2AboJCOyyy2fQUCJcwmV31m4=",
"ref": "master",
"rev": "0ae37ef700d937cab85a81fb0d9f7772ba2ef139",
"rev": "4fbe37e4154a005c2996c554bbc54ba99af978f6",
"shallow": true,
"type": "git",
"url": "ssh://forgejo@code.polsevev.dev/polsevev/nix-secrets-homelab.git"

1
nixos/hosts/hephaestus/configuration.nix
View file

@ -8,6 +8,7 @@
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../../services/jokesites.nix
../../services/files.nix
];
# Bootloader.

39
nixos/services/files.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, pkgs, ... }:
{
imports = [
./nginx.nix
(import ../acme/get-cert.nix { domain = "*.polsevev.dev"; })
];
fileSystems."/mnt/arkivet" = {
device = "//100.64.0.5/arkivet";
fsType = "cifs";
options = [
"rw"
"vers=3"
"noserverino"
"file_mode=0666"
"dir_mode=0777"
"credentials=${config.sops.secrets."arkivet-creds".path}"
];
};
environment.systemPackages = with pkgs; [ filebrowser ];
services.filebrowser = {
enable = true;
settings = {
root = "/mnt/arkivet";
port = 3001;
};
};
services.nginx.virtualHosts."files.polsevev.dev" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3001";
recommendedProxySettings = true;
};
useACMEHost = "wildcard.polsevev.dev";
forceSSL = true;
};
}

10
nixos/services/gatus.nix
View file

@ -84,17 +84,13 @@ in {
url = "https://blobb.no";
})
];
web.port = 3000;
web.port = 3003;
};
};
services.nginx.virtualHosts."gatus.l.polsevev.dev" = {
listen = [{
addr = "100.64.0.9";
port = 443;
ssl = true;
}];
locations."/" = { proxyPass = "http://127.0.0.1:3000"; };
listenAddresses = [ "100.64.0.9" ];
locations."/" = { proxyPass = "http://127.0.0.1:3003"; };
useACMEHost = "l.polsevev.dev";
forceSSL = true;
};

33
nixos/services/jokesites.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, ... }: {
imports = [ ./nginx.nix ];
imports = [
./nginx.nix
(import ../acme/get-cert.nix { domain = "polsevev.dev"; })
(import ../acme/get-cert.nix { domain = "stortissvatnet.no"; })
(import ../acme/get-cert.nix { domain = "tissvasselva.no"; })
(import ../acme/get-cert.nix { domain = "blobb.no"; })
];
services.nginx.virtualHosts = {
"polsevev.dev" = {
useACMEHost = "polsevev.dev";
@ -23,29 +29,4 @@
};
};
security.acme.certs."polsevev.dev" = {
domain = "polsevev.dev";
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."cloudflare-key".path;
group = config.services.nginx.group;
};
security.acme.certs."stortissvatnet.no" = {
domain = "stortissvatnet.no";
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."cloudflare-key".path;
group = config.services.nginx.group;
};
security.acme.certs."tissvasselva.no" = {
domain = "tissvasselva.no";
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."cloudflare-key".path;
group = config.services.nginx.group;
};
security.acme.certs."blobb.no" = {
domain = "blobb.no";
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."cloudflare-key".path;
group = config.services.nginx.group;
};
}

1
nixos/services/pocketid.nix
View file

@ -20,6 +20,7 @@
networking.hosts."127.0.0.1" = [ "pocket-id.l.polsevev.dev" ];
services.nginx.virtualHosts."pocket-id.l.polsevev.dev" = {
listenAddresses = [ "100.64.0.9" ];
locations."/" = {
proxyPass = "http://127.0.0.1:1411";
recommendedProxySettings = true;

1
nixos/shared/sops.nix
View file

@ -14,6 +14,7 @@ in {
sops.secrets = {
"tailscale/preauthkeys/${config.hostname}" = { };
"cloudflare-key" = { };
"arkivet-creds" = { };
};
}