xeovalyte/nix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merge

Browse Source
This commit is contained in:
Timo Boomers 2025-04-28 07:46:11 +02:00
commit a8a6776b1b
Signed by: xeovalyte
SSH Key Fingerprint: SHA256:GWI1hq+MNKR2UOcvk7n9tekASXT8vyazK7vDF9Xyciw
9 changed files with 214 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dockerfiles/caddy.Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM caddy:2.8-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/transip
FROM caddy:2.8
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

31
hosts/v-th-ctr-01/configuration.nix Normal file
View File

@ -0,0 +1,31 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ modulesPath, ... }:
{
imports = [
# Include the default incus configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
# Include the container-specific autogenerated configuration.
];
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
}

8
hosts/v-th-ctr-01/default.nix
View File

@ -56,8 +56,12 @@
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 53 ]; allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 80 443 53 ]; allowedUDPPorts = [ 1080 1443 1053 ];
};
networking.hosts = {
"127.0.0.1" = [ "tbmrs.nl" ];
}; };
users.users.deploy = { users.users.deploy = {

13
hosts/v-th-ctr-01/home.nix
View File

@ -23,7 +23,7 @@
applications.ssh.enable = true; applications.ssh.enable = true;
applications.thunderbird.enable = false; applications.thunderbird.enable = false;
applications.yazi.enable = true; applications.yazi.enable = true;
applications.zellij.enable = false; applications.zellij.enable = true;
services.nextcloud-sync.enable = false; services.nextcloud-sync.enable = false;
services.podman.enable = true; services.podman.enable = true;
@ -35,10 +35,19 @@
desktop-environments.hyprland.enable = false; desktop-environments.hyprland.enable = false;
containers.nginx.enable = true; containers = {
network.enable = true;
nginx.enable = true;
caddy.enable = true;
kanidm.enable = true;
forgejo.enable = true;
};
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
unstable.helix
lazygit
]; ];
# Enable home-manager # Enable home-manager

57
modules/home/containers/caddy.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.caddy;
in {
options = {
settings.containers.caddy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable caddy container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.caddy = {
image = "localhost/tboomers/caddy-custom:latest";
network = "proxy";
ports = [
"1080:80"
"1443:443"
];
volumes = [
"%h/containers/caddy/Caddyfile:/etc/caddy/Caddyfile"
"%h/containers/caddy/acme_key:/etc/caddy/acme_key"
"%h/containers/caddy/data:/data"
];
};
home.file."containers/caddy/Caddyfile".text = ''
*.tbmrs.nl, tbmrs.nl {
tls {
dns transip xeovalyte /etc/caddy/acme_key
resolvers 1.1.1.1
}
@root host tbmrs.nl
handle @root {
respond "Hello there"
}
@kanidm host auth.tbmrs.nl
handle @kanidm {
reverse_proxy https://auth.tbmrs.nl
}
@forgejo host git.tbmrs.nl
handle @forgejo {
reverse_proxy forgejo:3000
}
}
'';
};
}

32
modules/home/containers/forgejo.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.forgejo;
in {
options = {
settings.containers.forgejo.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable forgejo container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.forgejo = {
image = "codeberg.org/forgejo/forgejo:11";
network = "proxy";
volumes = [
"%h/containers/forgejo/data:/data"
];
environment = {
FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
FORGEJO__service__SHOW_REGISTRATION_BUTTON = false;
FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false;
};
};
};
}

40
modules/home/containers/kanidm.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.nginx;
in {
options = {
settings.containers.kanidm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable kanidm container
'';
};
};
config = mkIf cfg.enable {
services.podman.containers.kanidm = {
image = "kanidm/server:latest";
network = "proxy";
networkAlias = [
"auth.tbmrs.nl"
];
volumes = [
"%h/containers/kanidm/data:/data"
"%h/containers/caddy/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wildcard_.tbmrs.nl:/data/keys"
];
environment = {
KANIDM_VERSION = "2";
KANIDM_BINDADDRESS = "[::]:443";
KANIDM_DB_PATH = "/data/kanidm.db";
KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";
KANIDM_DOMAIN = "auth.tbmrs.nl";
KANIDM_ORIGIN = "https://auth.tbmrs.nl";
};
};
};
}

24
modules/home/containers/network.nix Normal file
View File

@ -0,0 +1,24 @@
{ config, lib, ... }:
with lib;
let
cfg = config.settings.containers.nginx;
in {
options = {
settings.containers.network.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Enable network
'';
};
};
config = mkIf cfg.enable {
services.podman.networks.proxy = {
description = "Container network for the proxy";
autoStart = true;
};
};
}

5
modules/home/default.nix
View File

@ -22,6 +22,11 @@
./desktop-environments/hyprland/default.nix ./desktop-environments/hyprland/default.nix
./containers/network.nix
./containers/caddy.nix
./containers/kanidm.nix
./containers/nginx.nix ./containers/nginx.nix
./containers/forgejo.nix
]; ];
} }