diff --git a/hosts/ti-clt-lpt01/configuration.nix b/hosts/ti-clt-lpt01/configuration.nix index 0bbc254..74aeb7a 100644 --- a/hosts/ti-clt-lpt01/configuration.nix +++ b/hosts/ti-clt-lpt01/configuration.nix @@ -10,7 +10,7 @@ ]; settings = { - hostname = "ti-clt-dsk01"; + hostname = "ti-clt-lpt01"; display-manager = "cosmic-greeter"; desktop-environments = { cosmic.enable = true; @@ -55,6 +55,7 @@ configurationLimit = 32; }; boot.kernelPackages = pkgs.linuxPackages_latest; + boot.supportedFilesystems = [ "nfs" ]; # Networking networking.hosts = { diff --git a/hosts/ti-clt-lpt01/home.nix b/hosts/ti-clt-lpt01/home.nix index d6d9d11..384f96e 100644 --- a/hosts/ti-clt-lpt01/home.nix +++ b/hosts/ti-clt-lpt01/home.nix @@ -48,7 +48,6 @@ home.packages = with pkgs; [ # Desktop Applications - kdenlive prismlauncher unstable.prusa-slicer signal-desktop @@ -62,7 +61,6 @@ unstable.hoppscotch unstable.apostrophe unstable.surfer # waveform viewer - unstable.drawio # Office libreoffice @@ -72,9 +70,6 @@ inkscape unstable.obs-studio - # Development - unstable.drawio - unstable.moonlight-qt # Scripts diff --git a/hosts/v-th-ctr-01/configuration.nix b/hosts/v-th-ctr-01/configuration.nix index 4bf5125..0713998 100644 --- a/hosts/v-th-ctr-01/configuration.nix +++ b/hosts/v-th-ctr-01/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ modulesPath, ... }: +{ modulesPath, lib, ... }: { imports = [ @@ -12,6 +12,8 @@ ../../modules/system/default.nix ]; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + settings = { hostname = "v-th-ctr-01"; display-manager = "none"; diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix index f3f4529..45f3f2c 100644 --- a/hosts/v-th-ctr-01/home.nix +++ b/hosts/v-th-ctr-01/home.nix @@ -57,6 +57,7 @@ vikunja.enable = true; stalwart.enable = true; linkding.enable = true; + jellyfin.enable = true; }; }; diff --git a/modules/home/containers/beszel.nix b/modules/home/containers/beszel.nix index 1b4b0a8..7770c9c 100644 --- a/modules/home/containers/beszel.nix +++ b/modules/home/containers/beszel.nix @@ -49,6 +49,11 @@ in { }; }; + settings.containers.caddy.routes.tbmrs-local.routes.beszel = { + host = "monitor"; + url = "beszel:8090"; + }; + sops.secrets = { "containers/beszel/key" = { }; }; diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix index 6a0570b..3815194 100644 --- a/modules/home/containers/caddy.nix +++ b/modules/home/containers/caddy.nix @@ -5,19 +5,22 @@ with lib; let cfg = config.settings.containers.caddy; - generateRoutes = entries: lib.concatMapStrings (route: '' - @${route.name} host ${route.host} + toInternal = name: routesDef: { + name = name; + host = routesDef.host; + url = routesDef.url; + }; + + generateRoutes = domain: entries: lib.concatMapStrings (route: '' + @${route.name} host ${route.host}.${domain} handle @${route.name} { reverse_proxy ${route.url} } '') entries; routesOption = lib.mkOption { - type = types.listOf (types.submodule { + type = types.attrsOf (types.submodule { options = { - name = mkOption { - type = types.str; - }; url = mkOption { type = types.str; }; @@ -29,7 +32,7 @@ let }; in { options = { - settings.containers.caddy.enable = lib.mkOption { + settings.containers.caddy.enable = mkOption { type = lib.types.bool; default = false; description = '' @@ -37,8 +40,16 @@ in { ''; }; - settings.containers.caddy.routes.tbmrs = routesOption; - settings.containers.caddy.routes.tbmrs-local = routesOption; + settings.containers.caddy.routes = mkOption { + type = lib.types.attrsOf (types.submodule { + options = { + routes = routesOption; + domain = mkOption { + type = types.str; + }; + }; + }); + }; }; config = mkIf cfg.enable { @@ -59,48 +70,10 @@ in { ]; }; - settings.containers.caddy.routes.tbmrs = [ - { - name = "kanidm"; - host = "auth"; - url = "https://auth.tbmrs.nl"; - } - { - name = "forgejo"; - host = "git"; - url = "forgejo:3000"; - } - { - name = "immich"; - host = "photos"; - url = "immich-server:2283"; - } - { - name = "homepage"; - host = "home"; - url = "homepage:3000"; - } - { - name = "uptime-kuma"; - host = "uptime"; - url = "uptime-kuma:3001"; - } - { - name = "pingvin-share"; - host = "share"; - url = "pingvin-share:3000"; - } - { - name = "dufs"; - host = "files"; - url = "dufs:5000"; - } - { - name = "stalwart"; - host = "mail"; - url = "stalwart:8000"; - } - ]; + settings.containers.caddy.routes = { + tbmrs.domain = "tbmrs.nl"; + tbmrs-local.domain = "local.tbmrs.nl"; + }; home.file."containers/caddy/Caddyfile".text = '' *.tbmrs.nl, tbmrs.nl { @@ -109,7 +82,7 @@ in { resolvers 1.1.1.1 } - ${generateRoutes cfg.routes.tbmrs} + ${generateRoutes cfg.routes.tbmrs.domain (mapAttrsToList toInternal cfg.routes.tbmrs.routes)} } *.local.tbmrs.nl { @@ -118,45 +91,7 @@ in { resolvers 1.1.1.1 } - @vaultwarden host vault.local.tbmrs.nl - handle @vaultwarden { - reverse_proxy vaultwarden:80 - } - - @paperless-ngx host paperless.local.tbmrs.nl - handle @paperless-ngx { - reverse_proxy paperless-ngx:8000 - } - - @beszel host monitor.local.tbmrs.nl - handle @beszel { - reverse_proxy beszel:8090 - } - - @syncthing host syncthing.local.tbmrs.nl - handle @syncthing { - reverse_proxy syncthing:8384 - } - - @homeassistant host home-assistant.local.tbmrs.nl - handle @homeassistant { - reverse_proxy homeassistant:8123 - } - - @karakeep host karakeep.local.tbmrs.nl - handle @karakeep { - reverse_proxy karakeep:3000 - } - - @vikunja host vikunja.local.tbmrs.nl - handle @vikunja { - reverse_proxy vikunja:3456 - } - - @linkding host linkding.local.tbmrs.nl - handle @linkding { - reverse_proxy linkding:9090 - } + ${generateRoutes cfg.routes.tbmrs-local.domain (mapAttrsToList toInternal cfg.routes.tbmrs-local.routes)} } ''; }; diff --git a/modules/home/containers/forgejo.nix b/modules/home/containers/forgejo.nix index 0ba3526..bee417d 100644 --- a/modules/home/containers/forgejo.nix +++ b/modules/home/containers/forgejo.nix @@ -28,5 +28,10 @@ in { FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false; }; }; + + settings.containers.caddy.routes.tbmrs.routes.forgejo = { + host = "git"; + url = "forgejo:3000"; + }; }; } diff --git a/modules/home/containers/homeassistant.nix b/modules/home/containers/homeassistant.nix index 7dea2b1..85b9cec 100644 --- a/modules/home/containers/homeassistant.nix +++ b/modules/home/containers/homeassistant.nix @@ -27,5 +27,10 @@ in { TZ = "Europe/Amsterdam"; }; }; + + settings.containers.caddy.routes.tbmrs-local.routes.home-assistant = { + host = "home-assistant"; + url = "homeassistant:8123"; + }; }; } diff --git a/modules/home/containers/homepage.nix b/modules/home/containers/homepage.nix index 199e86e..1a4509d 100644 --- a/modules/home/containers/homepage.nix +++ b/modules/home/containers/homepage.nix @@ -32,6 +32,11 @@ in { }; }; + settings.containers.caddy.routes.tbmrs.routes.homepage = { + host = "home"; + url = "homepage:3000"; + }; + home.file."containers/homepage/config/settings.yaml".source = (pkgs.formats.yaml { }).generate "settings" { title = "Timo's Server"; description = "server from Timo"; @@ -125,12 +130,21 @@ in { }; } { - "Karakeep" = { - href = "https://karakeep.local.tbmrs.nl"; - description = "Data hoarder"; - icon = "karakeep"; + "Linkding" = { + href = "https://links.local.tbmrs.nl"; + description = "Bookmarks"; + icon = "linkding"; server = "podman"; - container = "karakeep"; + container = "linkding"; + }; + } + { + "Stalwart" = { + href = "https://mail.tbmrs.nl"; + description = "Mailserver"; + icon = "stalwart"; + server = "podman"; + container = "stalwart"; }; } ]; diff --git a/modules/home/containers/immich.nix b/modules/home/containers/immich.nix index 77efae6..e587dbf 100644 --- a/modules/home/containers/immich.nix +++ b/modules/home/containers/immich.nix @@ -71,5 +71,10 @@ in { }; exec = ''postgres -c shared_preload_libraries=vectors.so -c 'search_path="$$user", public, vectors' -c logging_collector=on -c max_wal_size=2GB -c shared_buffers=512MB -c wal_compression=on''; }; + + settings.containers.caddy.routes.tbmrs.routes.immich = { + host = "photos"; + url = "immich-server:2283"; + }; }; } diff --git a/modules/home/containers/jellyfin.nix b/modules/home/containers/jellyfin.nix new file mode 100644 index 0000000..ecd45a2 --- /dev/null +++ b/modules/home/containers/jellyfin.nix @@ -0,0 +1,35 @@ +{ config, lib, ... }: + +with lib; + +let + cfg = config.settings.containers.jellyfin; +in { + options = { + settings.containers.jellyfin.enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Enable jellyfin container + ''; + }; + }; + + config = mkIf cfg.enable { + services.podman.containers.jellyfin = { + image = "jellyfin/jellyfin"; + network = "proxy"; + volumes = [ + "%h/containers/jellyfin/config:/config" + "%h/containers/jellyfin/cache:/cache" + "%h/media:/media" + ]; + userNS = "keep-id"; + }; + + settings.containers.caddy.routes.tbmrs-local.routes.jellyfin = { + host = "stream"; + url = "jellyfin:8096"; + }; + }; +} diff --git a/modules/home/containers/kanidm.nix b/modules/home/containers/kanidm.nix index 7f59f21..fcce27e 100644 --- a/modules/home/containers/kanidm.nix +++ b/modules/home/containers/kanidm.nix @@ -36,5 +36,10 @@ in { KANIDM_ORIGIN = "https://auth.tbmrs.nl"; }; }; + + settings.containers.caddy.routes.tbmrs.routes.kanidm = { + host = "auth"; + url = "https://auth.tbmrs.nl"; + }; }; } diff --git a/modules/home/containers/linkding.nix b/modules/home/containers/linkding.nix index db0766a..10cbc85 100644 --- a/modules/home/containers/linkding.nix +++ b/modules/home/containers/linkding.nix @@ -36,6 +36,11 @@ in { ]; }; + settings.containers.caddy.routes.tbmrs-local.routes.linkding = { + host = "links"; + url = "linkding:9090"; + }; + settings.services.sops.enable = true; sops.templates = { diff --git a/modules/home/containers/paperless-ngx.nix b/modules/home/containers/paperless-ngx.nix index 6831ae2..a5b9122 100644 --- a/modules/home/containers/paperless-ngx.nix +++ b/modules/home/containers/paperless-ngx.nix @@ -88,6 +88,11 @@ in { ]; }; + settings.containers.caddy.routes.tbmrs-local.routes.paperless-ngx = { + host = "paperless"; + url = "paperless-ngx:8000"; + }; + sops.secrets = { "containers/paperless-ngx/db-password" = { }; "containers/paperless-ngx/secret" = { }; diff --git a/modules/home/containers/pingvin-share.nix b/modules/home/containers/pingvin-share.nix index 3a6c4f3..ec6ae77 100644 --- a/modules/home/containers/pingvin-share.nix +++ b/modules/home/containers/pingvin-share.nix @@ -39,6 +39,11 @@ in { }; }; + settings.containers.caddy.routes.tbmrs.routes.pingvin = { + host = "share"; + url = "pingvin-share:3000"; + }; + sops.templates = { "container-pingvin.yaml" = { content = /*yaml*/ '' diff --git a/modules/home/containers/stalwart.nix b/modules/home/containers/stalwart.nix index f8aa439..1fca1f5 100644 --- a/modules/home/containers/stalwart.nix +++ b/modules/home/containers/stalwart.nix @@ -33,5 +33,10 @@ in { "%h/containers/stalwart/data:/opt/stalwart-mail" ]; }; + + settings.containers.caddy.routes.tbmrs.routes.stalwart = { + host = "mail"; + url = "stalwart:8080"; + }; }; } diff --git a/modules/home/containers/storage.nix b/modules/home/containers/storage.nix index f779a83..d0c0d57 100644 --- a/modules/home/containers/storage.nix +++ b/modules/home/containers/storage.nix @@ -43,5 +43,15 @@ in { "22000:22000/udp" ]; }; + + settings.containers.caddy.routes.tbmrs-local.routes.sycnthing = { + host = "syncthing"; + url = "syncthing:8384"; + }; + + settings.containers.caddy.routes.tbmrs.routes.dufs = { + host = "files"; + url = "dufs:5000"; + }; }; } diff --git a/modules/home/containers/uptime-kuma.nix b/modules/home/containers/uptime-kuma.nix index 7ff72c9..5740080 100644 --- a/modules/home/containers/uptime-kuma.nix +++ b/modules/home/containers/uptime-kuma.nix @@ -17,11 +17,16 @@ in { config = mkIf cfg.enable { services.podman.containers.uptime-kuma = { - image = "louislam/uptime-kuma:1"; + image = "louislam/uptime-kuma:beta"; network = "proxy"; volumes = [ "%h/containers/uptime-kuma/data:/app/data" ]; }; + + settings.containers.caddy.routes.tbmrs.routes.uptime-kuma = { + host = "uptime"; + url = "uptime-kuma:3001"; + }; }; } diff --git a/modules/home/containers/vaultwarden.nix b/modules/home/containers/vaultwarden.nix index a3d42cb..b1091fc 100644 --- a/modules/home/containers/vaultwarden.nix +++ b/modules/home/containers/vaultwarden.nix @@ -27,5 +27,11 @@ in { SIGNUPS_ALLOWED = true; }; }; + + settings.containers.caddy.routes.tbmrs-local.routes.vaultwarden = { + host = "vault"; + url = "vaultwarden:80"; + }; + }; } diff --git a/modules/home/containers/vikunja.nix b/modules/home/containers/vikunja.nix index ac17cbc..445d8ba 100644 --- a/modules/home/containers/vikunja.nix +++ b/modules/home/containers/vikunja.nix @@ -25,5 +25,10 @@ in { "%h/containers/vikunja/db:/db" ]; }; + + settings.containers.caddy.routes.tbmrs-local.routes.vikunja = { + host = "tasks"; + url = "vikunja:3456"; + }; }; } diff --git a/modules/home/default.nix b/modules/home/default.nix index b98bd16..dab789e 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -46,6 +46,7 @@ ./containers/stalwart.nix ./containers/static.nix ./containers/linkding.nix + ./containers/jellyfin.nix ]; config = {