add nginx webserver

flake.lock

@@ -1385,11 +1385,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-GNix63XYPLopvFgOUHyouU0d/V9lvKN9h3h1juttDgg=",
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/home-manager",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/home-manager",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/home-manager",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/home-manager",
         "type": "path"
       }
     },
@@ -2067,11 +2067,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/programs",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/programs",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/programs",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/programs",
         "type": "path"
       }
     },
@@ -2155,11 +2155,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/services/sddm",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/services/sddm",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/f585mnr0xhrs90swbckv27h60c7hk8mp-source/services/sddm",
+        "path": "/nix/store/lmily1c217gvdwsz3rlsjphdc15v2d2h-source/services/sddm",
         "type": "path"
       }
     },
@@ -2226,12 +2226,12 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-d2cED6HwQD1a5sWYGKTkrXSYqvDecyIioUT5U2W4xds=",
+        "narHash": "sha256-YHm0+Ze4OZOFqRrorlnH/iz3DAZEukDLS8mbgGiExBc=",
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/system-config",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/system-config",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/1w9iy5z4gb51v425r1i57983vi3bzdqk-source/system-config",
+        "path": "/nix/store/ymfv7s9i4xhig39nyci7aifl9z34y78h-source/system-config",
         "type": "path"
       }
     },

system-config/configuration/homebox/default.nix

@@ -19,7 +19,7 @@
     ];
 
     boot = {
-        kernelPackages = pkgs.linuxKernel.kernels.linux_6_11;
+        kernelPackages = pkgs.linuxKernel.packages.linux_6_1;
         loader = {
             systemd-boot.enable = true;
             efi.canTouchEfiVariables = true;
@@ -250,6 +250,8 @@
             traefik.enable = true;
 
             authentik.enable = false;
+
+            "blunkall.us".enable = true;
             
             gitlab.enable = false;
         };

system-config/services/containers/authentik-nix/default.nix

@@ -5,10 +5,6 @@
         default = false;
     };
 
-    imports = [
-        inputs.authentik-nix.nixosModules.default
-    ];
-
     config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
 
         sops.templates."authentik.env" = {
@@ -33,6 +29,10 @@
                 };
             };
             config = {
+
+                imports = [
+                    inputs.authentik-nix.nixosModules.default
+                ];
                 
                 services.authentik = {
 
@@ -43,6 +43,8 @@
                         avatars = "initials";
                     };
                 };
+
+                networking.firewall.enable = false;
             };
         };
 

system-config/services/containers/default.nix

@@ -4,5 +4,6 @@
         ./gitlab
         ./traefik
         ./authentik-nix
+        ./nginx
     ];
 }

system-config/services/containers/nginx/default.nix

@@ -0,0 +1,39 @@
+{ config, lib, ... }: {
+    
+    options.sysconfig.opts.virtualization."blunkall.us".enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    config = lib.mkIf config.sysconfig.opts.virtualization."blunkall.us".enable {
+
+        containers.blunkall_us = {
+
+            autoStart = true;
+            privateNetwork = true;
+            hostAddress = "192.168.100.10";
+            localAddress = "192.168.100.13";
+
+            bindMounts = {
+                "/var/www/data" = {
+                    hostPath = "/ssd1/blunkall_us/data";
+                    isReadOnly = false;
+                };
+            };
+
+            config = {
+
+                services.nginx = {
+                    enable = true;
+                    virtualHosts."blunkall.us" = {
+                        enableACME = false;
+                        forceSSL = false;
+                        root = "/var/www/data";
+                    };
+                };
+
+                networking.firewall.allowedTCPPorts = [ 80 ];
+            };
+        };
+    };
+}

system-config/services/containers/traefik/default.nix

@@ -176,7 +176,7 @@
                             services = {
                                 #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.12:80"; } ];
 
-                                homepage.loadBalancer.servers = [ { url = "http://192.168.100.10:8000"; } ];
+                                homepage.loadBalancer.servers = [ { url = "http://192.168.100.13:80"; } ];
                             };
                         };
                     };