Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Blunkall-Technologies:89328fe7e7579fbd975f9db7b5db385b21869ebe
Branches Tags
Blunkall-Technologies:master Blunkall-Technologies:dev
...
compare: Blunkall-Technologies:b3058b25a6fe0f64d70330380303d662eb64263e
Branches Tags
Blunkall-Technologies:dev Blunkall-Technologies:master

73 Commits
89328fe7e7 ... b3058b25a6

Author SHA1 Message Date
Nathan
b3058b25a6 jellyfin 2026-02-03 10:25:15 -06:00
Nathan
1ec2681731 jellyfin 2026-02-03 10:21:10 -06:00
Nathan
2c0bfcbcdd jellyfin 2026-02-03 10:19:49 -06:00
Nathan
51942d5e10 jellyfin 2026-02-03 10:12:48 -06:00
Nathan
6dbbe36327 nextcloud ip 2026-02-03 08:55:30 -06:00
Nathan
2dec58998d nixvim 2026-02-03 08:45:58 -06:00
Nathan
f3d0db4a63 static ips 2026-02-03 00:59:13 -06:00
Nathan
d4e2841833 update flake 2026-02-03 00:34:27 -06:00
Nathan
e1eb4569a8 remove graphics option 2026-02-03 00:31:06 -06:00
Nathan
a9d1fd2316 open to web 2026-02-02 19:25:26 -06:00
Nathan
fc3ed73055 no ports 2026-02-02 19:15:56 -06:00
Nathan
488a6437c3 opengl? 2026-02-02 14:45:04 -06:00
Nathan
b40400ed71 aio stuff 2026-02-02 12:23:59 -06:00
Nathan
1dcb262114 aio stuff 2026-02-02 12:19:50 -06:00
Nathan
5e9b353529 aio stuff 2026-02-02 12:11:51 -06:00
Nathan
12c0bd71dd skip domain validation 2026-02-02 11:11:17 -06:00
Nathan
930596db1a docker containers use pihole 2026-02-02 10:56:00 -06:00
Nathan
6643b584f9 nextcloud 2026-02-02 10:42:32 -06:00
Nathan
2205f7ca57 nextcloud 2026-02-02 10:34:05 -06:00
Nathan
784a3f213e name 2026-02-02 10:11:05 -06:00
Nathan
98da646e59 name 2026-02-02 10:08:05 -06:00
Nathan
12d8b7746b version 2026-02-02 09:45:03 -06:00
Nathan
529e9f994f nextcloud 2026-02-02 09:33:16 -06:00
Nathan
be86d9b31b port 2026-02-01 14:37:05 -06:00
Nathan
7ac91b21b3 volume stuff 2026-02-01 14:16:19 -06:00
Nathan
851911f491 netbird version bs 2026-02-01 14:12:47 -06:00
Nathan
a0da606694 add openwebui 2026-02-01 14:05:39 -06:00
Nathan
8a8b48a6cc add openwebui 2026-02-01 14:03:13 -06:00
Nathan
7dd49cd8e4 authentik fix 2026-02-01 09:10:24 -06:00
Nathan
a00a888676 route gitea ssh through traefik 2026-02-01 08:15:13 -06:00
Nathan
536a76ca80 update netbird volumes 2026-02-01 07:56:47 -06:00
Nathan
41b13580dc update hass proxy 2026-02-01 07:36:24 -06:00
Nathan
74b0d63f26 dockerfy netbird 2026-02-01 07:07:06 -06:00
Nathan
e91def66b5 update netbird secrets 2026-02-01 06:57:38 -06:00
Nathan
9325a6b079 dockerfy netbird 2026-02-01 06:53:07 -06:00
Nathan
f9e66ff1a0 dockerfy netbird 2026-02-01 06:48:12 -06:00
Nathan
98c81001f7 dockerfy traefik 2026-01-31 20:31:59 -06:00
Nathan
002bd38906 dockerfy traefik 2026-01-31 20:24:44 -06:00
Nathan
1a52dd8041 dockerfy traefik 2026-01-31 20:22:06 -06:00
Nathan
67f75bcd97 dockerfy traefik 2026-01-31 20:20:17 -06:00
Nathan
1bba167d6d dockerfy traefik 2026-01-31 19:43:37 -06:00
Nathan
f418f3dfa5 dockerfy traefik 2026-01-31 19:36:38 -06:00
Nathan
0c5ab6519d dockerfy traefik 2026-01-31 18:50:01 -06:00
Nathan
e58d6118ea dockerfy traefik 2026-01-31 15:41:36 -06:00
Nathan
aecbdb243d dockerfy traefik 2026-01-31 15:34:12 -06:00
Nathan
4cc510d584 dockerfy traefik 2026-01-31 15:00:06 -06:00
Nathan
1ab353746d dockerfy traefik 2026-01-31 14:52:24 -06:00
Nathan
05fd4f67b1 dockerfy traefik 2026-01-31 14:24:21 -06:00
Nathan
d134f6e849 dockerfy traefik 2026-01-31 14:06:59 -06:00
Nathan
03c66ccc13 dockerfy traefik 2026-01-31 13:44:46 -06:00
Nathan
dd44fd8b0c dockerfy traefik 2026-01-31 13:41:06 -06:00
Nathan
5226ade22c dockerfy traefik 2026-01-31 13:35:59 -06:00
Nathan
e162e47b1d dockerfy traefik 2026-01-31 13:03:18 -06:00
Nathan
6541a307bc dockerfy traefik 2026-01-31 11:27:49 -06:00
Nathan
2be4a81c03 dockerfy traefik 2026-01-31 11:27:30 -06:00
Nathan
2d52f92795 dockerfy traefik 2026-01-31 11:20:33 -06:00
Nathan
3a47aa53d0 dockerfy traefik 2026-01-31 11:09:13 -06:00
Nathan
9b01209ef0 dockerfy traefik 2026-01-31 11:06:17 -06:00
Nathan
1372c8f1ce dockerfy traefik 2026-01-31 10:45:08 -06:00
Nathan
b264cddcda dockerfy traefik 2026-01-31 10:38:41 -06:00
Nathan
8f3ded4029 dockerfy traefik 2026-01-31 10:17:46 -06:00
Nathan
f15a6b92ae dockerfy traefik 2026-01-31 10:13:33 -06:00
Nathan
15f6577c84 dockerfy traefik 2026-01-31 09:22:09 -06:00
Nathan
48d8f13145 dockerfy traefik 2026-01-31 09:20:11 -06:00
Nathan
5de8af47ff dockerfy traefik 2026-01-31 09:18:52 -06:00
Nathan
75586a64f3 dockerfy traefik 2026-01-31 09:15:58 -06:00
Nathan
06edfb2795 great docker migration 2026-01-30 11:19:24 -06:00
Nathan
0603de3f11 secrets 2026-01-30 07:37:06 -06:00
Nathan
2f4419eb59 begin great docker migration 2026-01-30 00:08:37 -06:00
Nathan
4bccbb92f4 enable authentik 2026-01-28 11:30:38 -06:00
Nathan
f41ca1867e enable authentik 2026-01-28 11:16:48 -06:00
Nathan
9a0dfc4cca try authentik 2026-01-28 11:12:58 -06:00
Nathan
d7875217bd begin work on authentik again 2026-01-27 17:42:00 -06:00
37 changed files with 1551 additions and 655 deletions
Expand all files Collapse all files

248
flake.lock generated
View File

@@ -20,11 +20,11 @@
]
},
"locked": {
"lastModified": 1767024902,
"narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=",
"lastModified": 1769428758,
"narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556",
"rev": "def5e74c97370f15949a67c62e61f1459fcb0e15",
"type": "github"
},
"original": {
@@ -40,11 +40,11 @@
]
},
"locked": {
"lastModified": 1768923567,
"narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@@ -61,11 +61,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1769054619,
"narHash": "sha256-LCc0gbSgjehdy41Gi1H5WNxEuW9PtRHFVaPXoFzslQU=",
"lastModified": 1770091431,
"narHash": "sha256-9Sqq/hxq8ZDLRSzu+edn0OfWG+FAPWFpwMKaJobeLec=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "6509620630f68dc02ac3e99f15a67760778444ff",
"rev": "4f827ff035c6ddc58d04c45abe5b777d356b926a",
"type": "gitlab"
},
"original": {
@@ -112,11 +112,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@@ -134,11 +134,11 @@
]
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"type": "github"
},
"original": {
@@ -147,42 +147,6 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -212,11 +176,11 @@
]
},
"locked": {
"lastModified": 1768949235,
"narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=",
"lastModified": 1769580047,
"narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5",
"rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"type": "github"
},
"original": {
@@ -271,11 +235,11 @@
]
},
"locked": {
"lastModified": 1766946335,
"narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=",
"lastModified": 1769284023,
"narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "4af02a3925b454deb1c36603843da528b67ded6c",
"rev": "13c536659d46893596412d180449353a900a1d31",
"type": "github"
},
"original": {
@@ -301,11 +265,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1769095012,
"narHash": "sha256-vx8uFvwLPdrN7E0HgW1nc8+fTbTwcA7jkdwXoba8XUU=",
"lastModified": 1770079745,
"narHash": "sha256-rQ4no/+LHuHlqDbJopj6fgS9GUsv1NSycrVhIoLPnbs=",
"ref": "refs/heads/main",
"rev": "82de66a030e6818ec3d21f49c8cdf9db31eebfa6",
"revCount": 6831,
"rev": "30756d871845a6058a840642ab1a4c3979f6d782",
"revCount": 6859,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@@ -403,11 +367,11 @@
]
},
"locked": {
"lastModified": 1764612430,
"narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=",
"lastModified": 1767983607,
"narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "0d00dc118981531aa731150b6ea551ef037acddd",
"rev": "d4037379e6057246b408bbcf796cf3e9838af5b2",
"type": "github"
},
"original": {
@@ -534,11 +498,11 @@
]
},
"locked": {
"lastModified": 1767473322,
"narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=",
"lastModified": 1769202094,
"narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11",
"rev": "a45ca05050d22629b3c7969a926d37870d7dd75c",
"type": "github"
},
"original": {
@@ -547,48 +511,18 @@
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754860581,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.1.1",
"repo": "ixx",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"locked": {
"lastModified": 1768962252,
"narHash": "sha256-HyWOOHcySV8rl36gs4+n0sxPinxpwWOgwXibfFPYeZ0=",
"lastModified": 1770000653,
"narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "433cf697394104123e1fd02fa689534ac1733bfa",
"rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1",
"type": "github"
},
"original": {
@@ -599,11 +533,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1767379071,
"narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fb7944c166a3b630f177938e478f0378e64ce108",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -615,11 +549,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1753579242,
"narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"type": "github"
},
"original": {
@@ -630,11 +564,11 @@
},
"nixpkgs-us": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1770019141,
"narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
"type": "github"
},
"original": {
@@ -646,11 +580,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -662,11 +596,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1768940263,
"narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=",
"lastModified": 1770056022,
"narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03",
"rev": "d04d8548aed39902419f14a8537006426dc1e4fa",
"type": "github"
},
"original": {
@@ -678,11 +612,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "20075955deac2583bb12f07151c2df830ef346b4",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -694,11 +628,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1755577059,
"narHash": "sha256-5hYhxIpco8xR+IpP3uU56+4+Bw7mf7EMyxS/HqUYHQY=",
"lastModified": 1768875095,
"narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "97eb7ee0da337d385ab015a23e15022c865be75c",
"rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0",
"type": "github"
},
"original": {
@@ -715,11 +649,11 @@
"nixvim": "nixvim_2"
},
"locked": {
"lastModified": 1760575893,
"narHash": "sha256-u6eyhxtlxgG29uI2VCSt5Ir6/BW9hkhglCTfbJ14Hgg=",
"lastModified": 1770129756,
"narHash": "sha256-af2N+bI5NBmvRosFQNpjKE15GjjZq+6QP7q1X0cgdag=",
"ref": "refs/heads/master",
"rev": "bcc5185ef433a77b18f5aa585ee79d97f9a8e69c",
"revCount": 36,
"rev": "9d263b8208af5c1ffd4a3c639a34bfe290bce931",
"revCount": 38,
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"
},
@@ -732,15 +666,14 @@
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_5",
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1755741137,
"narHash": "sha256-YnpE/fOL3H8cJZ9by/YmeNhIqOQdKuZRYA1L3+w6WsI=",
"lastModified": 1769644746,
"narHash": "sha256-1X9o0GjCzku03magX4pM+1OZXA0aUTN7KvEReZ9t3OU=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "91a38e66240c338e683421a4ee3f525d329fc4ad",
"rev": "3c27e1b35ca0fee6a89bfc20840654361ffe888d",
"type": "github"
},
"original": {
@@ -749,30 +682,6 @@
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1755555503,
"narHash": "sha256-WiOO7GUOsJ4/DoMy2IC5InnqRDSo2U11la48vCCIjjY=",
"owner": "NuschtOS",
"repo": "search",
"rev": "6f3efef888b92e6520f10eae15b86ff537e1d2ea",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
@@ -783,11 +692,11 @@
]
},
"locked": {
"lastModified": 1767281941,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
"lastModified": 1769069492,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github"
},
"original": {
@@ -816,11 +725,11 @@
]
},
"locked": {
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"lastModified": 1769921679,
"narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f",
"type": "github"
},
"original": {
@@ -874,21 +783,6 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [

2
homes/nathan/home-manager/programs/terminal/opencode/default.nix
View File

@@ -12,7 +12,7 @@
settings = {
theme = "system";
model = "ollama-local/llama3.2";
model = "ollama-remote/qwen3:8b";
provider = {
ollama-local = {

2
machines/homebox

Submodule machines/homebox updated: d84905a703...b2a72f1a24

2
machines/laptop

Submodule machines/laptop updated: 0166e91a75...37e225fad4

28
profiles/homebox/default.nix
View File

@@ -76,38 +76,28 @@
enable = true;
portainer.enable = true;
traefik.enable = true;
pihole.enable = true;
authentik.enable = true;
netbird.enable = true;
openwebui.enable = true;
ollama.enable = true;
searxng.enable = true;
home-assistant.enable = true;
n8n.enable = true;
nextcloud.enable = true;
jellyfin.enable = true;
};
containers = {
traefik.enable = true;
jellyfin.enable = true;
"esotericbytes.com".enable = true;
nextcloud.enable = true;
ntfy.enable = false;
gitea.enable = true;
keycloak.enable = true;
netbird.enable = true;
openwebui.enable = true;
wyoming = {
enable = false;
piper = false;
openwakeword = true;
faster-whisper = true;
};
rustdesk.enable = false; #broken
code-server.enable = true;
novnc.enable = false;
minecraft.enable = true;
sandbox.enable = false;

26
system/services/netbird/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, nixpkgs-us, ... }: {
options.sysconfig = {
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
};
in lib.mkIf config.sysconfig.services.netbird.enable {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
package = pkgs-us.netbird-ui;
};
package = pkgs-us.netbird;
};
};
}

2
system/virtualization/containers/authentik/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, sops-nix, ... }: {
{ config, lib, ... }: {
options.sysconfig.containers.authentik.enable = lib.options.mkOption {
type = lib.types.bool;

13
system/virtualization/containers/gitea/default.nix
View File

@@ -8,8 +8,6 @@
config = lib.mkIf config.sysconfig.containers.gitea.enable {
networking = {
hosts."192.168.100.20" = [ "gitea.esotericbytes.com" ];
nat.internalInterfaces = [ "ve-gitea" ];
};
@@ -17,10 +15,6 @@
"gitea/dbpass" = {};
};
networking.firewall.allowedTCPPorts = [
2222
];
containers.gitea = {
autoStart = true;
@@ -28,13 +22,6 @@
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
forwardPorts = [
{
containerPort = 2222;
hostPort = 2222;
}
];
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";

73
system/virtualization/containers/keycloak/default.nix
View File

@@ -1,73 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.containers.keycloak.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.keycloak.enable {
sops.secrets."keycloak/dbpass" = {};
containers.keycloak = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.22";
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."keycloak/dbpass".path}"
];
bindMounts = {
"/etc/keycloak" = {
hostPath = "/ssd1/Keycloak";
isReadOnly = false;
};
};
config = {
networking.firewall.allowedTCPPorts = [ 80 ];
systemd.services.secrets_setup = {
wantedBy = [ "keycloak.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/keycloak/dbpass
chown postgres:postgres /etc/keycloak/dbpass
'';
};
services.keycloak = {
enable = true;
database.passwordFile = "/etc/keycloak/dbpass";
settings = {
hostname = "auth.esotericbytes.com";
http-enabled = true;
proxy-headers = "xforwarded";
proxy-trusted-addresses = "192.168.100.11";
};
initialAdminPassword = "7567";
};
system.stateVersion = "25.05";
};
};
};
}

265
system/virtualization/containers/netbird/default.nix
View File

@@ -1,265 +0,0 @@
{ config, lib, nixpkgs-us, ... }: {
options.sysconfig = {
services.netbird.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
containers.netbird = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
};
config = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
services.netbird = {
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
#package = pkgs-us.netbird-ui;
};
#package = pkgs-us.netbird;
};
networking = {
firewall = lib.mkIf config.sysconfig.containers.netbird.enable {
allowedUDPPorts = [ 3478 ];
allowedUDPPortRanges = [{ from = 51100; to = 56100; }];
interfaces."ve-netbird" = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
};
nat.internalInterfaces = [ "ve-netbird" "wt0" ];
};
sops.secrets."netbird/coturnPass" = lib.mkIf config.sysconfig.containers.netbird.enable {};
containers.netbird = lib.mkIf config.sysconfig.containers.netbird.enable {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.23";
forwardPorts = [
{
hostPort = 3478;
containerPort = 3478;
protocol = "udp";
}
] ++ map (x: { hostPort = x; containerPort = x; protocol = "udp"; }) (builtins.genList (y: 51100 + y) (56100 - 51100));
extraFlags = [
"--load-credential=coturnPass:${config.sops.secrets."netbird/coturnPass".path}"
];
config = {
services.nginx.virtualHosts."vpn.esotericbytes.com" = {
listen = [
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
};
environment.etc."resolv.conf" = {
enable = true;
text = ''
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
'';
user = "root";
mode = "0664";
};
services.netbird = {
server = {
enable = true;
enableNginx = true;
domain = "vpn.esotericbytes.com";
dashboard = {
enable = true;
enableNginx = true;
settings = {
AUTH_AUTHORITY = "https://auth.esotericbytes.com/realms/General";
AUTH_CLIENT_ID = "netbird";
AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api";
AUTH_AUDIENCE = "netbird";
USE_AUTH0 = false;
NETBIRD_TOKEN_SOURCE = "accessToken";
};
package = pkgs-us.netbird-dashboard;
};
management = {
enable = true;
enableNginx = true;
disableAnonymousMetrics = true;
dnsDomain = "vpn";
turnDomain = "vpn.esotericbytes.com";
turnPort = 3478;
logLevel = "DEBUG";
oidcConfigEndpoint = "https://auth.esotericbytes.com/realms/General/.well-known/openid-configuration";
settings = {
"TURNConfig" = {
"Turns" = [
{
"Proto" = "udp";
"URI" = "turn:vpn.esotericbytes.com:3478";
"Username" = "netbird";
"Password"._secret = "/etc/netbird/coturnPass";
}
];
"Secret"._secret = "/etc/netbird/coturnPass";
};
"DataStoreEncryptionKey" = null;
"HttpConfig" = {
"Address" = "0.0.0.0:443";
"AuthIssuer" = "https://auth.esotericbytes.com/realms/General";
"AuthAudience" = "netbird";
"AuthKeysLocation" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/certs";
"AuthUserIDClaim" = "";
"CertFile" = "";
"CertKey" = "";
"IdpSignKeyRefreshEnabled" = false;
"OIDCConfigEndpoint" = "https://auth.esotericbytes.com/realms/General/.well-known/openid-configuration";
};
"DeviceAuthorizationFlow" = {
"Provider" = "none";
"ProviderConfig" = {
"Audience" = "netbird";
"AuthorizationEndpoint" = "";
"Domain" = "";
"ClientID" = "";
"ClientSecret" = "";
"TokenEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/token";
"DeviceAuthEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/auth/device";
"Scope" = "openid";
"UseIDToken" = false;
"RedirectURLs" = null;
};
};
"IdpManagerConfig" = {
"ManagerType" = "keycloak";
"ClientConfig" = {
"Issuer" = "https://auth.esotericbytes.com/realms/General";
"TokenEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/token";
"ClientID" = "netbird-backend";
"ClientSecret" = "QuqjTOAHKE6N6jJqkB1F1RGo3kqUhEdg";
"GrantType" = "client_credentials";
};
"ExtraConfig" = {
"AdminEndpoint" = "https://auth.esotericbytes.com/admin/realms/General";
};
"Auth0ClientCredentials" = null;
"AzureClientCredentials" = null;
"KeycloakClientCredentials" = null;
"ZitadelClientCredentials" = null;
};
"PKCEAuthorizationFlow" = {
"ProviderConfig" = {
"Audience" = "netbird";
"ClientID" = "netbird";
"ClientSecret" = "";
"Domain" = "";
"AuthorizationEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/auth";
"TokenEndpoint" = "https://auth.esotericbytes.com/realms/General/protocol/openid-connect/token";
"Scope" = "openid profile email offline_access api";
"RedirectURLs" = [
"http://localhost:53000"
];
"UseIDToken" = false;
"DisablePromptLogin" = false;
};
};
};
port = 443;
};
coturn = {
enable = true;
user = "netbird";
passwordFile = "/etc/netbird/coturnPass";
openPorts = map (x: x) (builtins.genList (y: 51100 + y) (56100 - 51100));
};
signal = {
enable = true;
enableNginx = true;
};
};
};
systemd.services.secrets_setup = {
wantedBy = [ "netbird-management.service" "coturn.service" ];
serviceConfig = {
LoadCredential = [
"coturnPass"
];
};
script = ''
if [[ ! -f /etc/netbird/coturnPass ]]; then
cat ''${CREDENTIALS_DIRECTORY}/coturnPass > /etc/netbird/coturnPass
fi
'';
};
networking.firewall = {
allowedTCPPorts = [ 80 ];
allowedUDPPorts = [ 3478 ];
allowedUDPPortRanges = [{ from = 51100; to = 56100; }];
};
system.stateVersion = "25.05";
};
};
};
}

20
system/virtualization/containers/traefik/default.nix
View File

@@ -192,12 +192,6 @@
tls.certResolver = "cloudflare";
};
auth = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`auth.esotericbytes.com`)";
service = "keycloak";
tls.certResolver = "cloudflare";
};
/*gitlab = {
entryPoints = [ "websecure" ];
rule = "Host(`gitlab.esotericbytes.com`)";
@@ -233,13 +227,6 @@
tls.certResolver = "cloudflare";
};*/
netbird = {
entryPoints = [ "websecure" "localsecure" ];
rule = "Host(`vpn.esotericbytes.com`)";
service = "netbird";
tls.certResolver = "cloudflare";
};
openwebui = {
entryPoints = [ "localsecure" ];
rule = "Host(`ai.esotericbytes.com`)";
@@ -273,19 +260,12 @@
jellyfin.loadBalancer.servers = [ { url = "http://192.168.100.14:8096"; } ];
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
#novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];
#ntfy.loadBalancer.servers = [ { url = "http://192.168.100.19"; } ];
netbird.loadBalancer = {
passHostHeader = true;
servers = [ { url = "http://192.168.100.23:80"; } ];
};
openwebui.loadBalancer.servers = [ { url = "http://192.168.100.33:8080"; } ];
code-server.loadBalancer.servers = [ { url = "http://192.168.100.31:4444"; } ];

232
system/virtualization/docker/authentik/default.nix
View File

@@ -1 +1,231 @@
{ ... }: {}
{ config, lib, pkgs, ... }: let
hostPort = 9005;
subdomain = "auth";
name = "authentik";
in {
options.sysconfig.docker.authentik.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.authentik.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
};
sops.secrets = {
"authentik/pass" = {};
"authentik/secret_key" = {};
};
sops.templates."authentik.env" = {
content = ''
PG_PASS=${config.sops.placeholder."authentik/pass"}
SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
'';
};
virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine";
environment = {
"POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "\${PG_PASS}";
"POSTGRES_USER" = "authentik";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-postgresql" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-server" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
};
volumes = [
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
];
ports = [
"${builtins.toString hostPort}:9000/tcp"
#"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network-alias=authentik-server"
"--network-alias=${name}"
];
networks = [
"docker-main"
"authentik_default"
];
};
systemd.services."docker-authentik-server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-worker" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"/etc/Authentik/certs:/certs:rw"
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
];
cmd = [ "worker" ];
dependsOn = [
"authentik-postgresql"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=worker"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-worker" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
];
requires = [
"docker-network-authentik_default.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
# Networks
systemd.services."docker-network-authentik_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_default";
};
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Volumes
systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-authentik-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
}

19
system/virtualization/docker/default.nix
View File

@@ -36,13 +36,26 @@
hardware.nvidia-container-toolkit.enable = config.sysconfig.docker.nvidia;
system.activationScripts.setupDockerNet = ''
${pkgs.docker}/bin/docker network ls | grep docker-main ||
${pkgs.docker}/bin/docker network create -d bridge docker-main \
systemd.services."docker-network-setup" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f docker-main";
};
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = {
wantedBy = [ "multi-user.target" ];
};
};
}

1
system/virtualization/docker/docker-mailserver/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

1
system/virtualization/docker/gitea/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

3
system/virtualization/docker/home-assistant/configuration.yaml
View File

@@ -13,5 +13,4 @@ scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.101.1
- 192.168.100.11
- 192.168.101.11

21
system/virtualization/docker/home-assistant/default.nix
View File

@@ -1,7 +1,5 @@
{ config, lib, ... }: let
hostPort = 9003;
subdomain = "hass";
name = "home-assistant";
@@ -15,12 +13,6 @@ in {
config = lib.mkIf (config.sysconfig.docker.home-assistant.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
};
environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
virtualisation.oci-containers.containers.home-assistant = {
@@ -36,24 +28,25 @@ in {
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123";
};
extraOptions = [
"--ip=192.168.101.6"
];
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
"${builtins.toString hostPort}:8123"
];
volumes = [

117
system/virtualization/docker/jellyfin/default.nix Normal file
View File

@@ -0,0 +1,117 @@
{ config, lib, pkgs, ... }: let
subdomain = "watch";
name = "jellyfin";
in {
options.sysconfig.docker.jellyfin.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.jellyfin.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 7359 ];
virtualisation.oci-containers.containers.jellyfin = {
image = "jellyfin/jellyfin:10.11.6";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.21"
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
};
systemd.services."docker-jellyfin" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}

1
system/virtualization/docker/kiwix/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

1
system/virtualization/docker/minecraft/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

11
system/virtualization/docker/n8n/default.nix
View File

@@ -35,20 +35,21 @@ in {
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.7"
ports = [
];
ports = [
"${builtins.toString hostPort}:5678"
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [

27
system/virtualization/docker/netbird/config/management.json Normal file
View File

@@ -0,0 +1,27 @@
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:vpn.esotericbytes.com:3478"
}
],
"Relay": {
"Addresses": ["rels://vpn.esotericbytes.com:443"],
"CredentialsTTL": "24h",
"Secret": "0qSIu/S2sXHJbo0SyBNm4SFxAItRoPLKR4wjnW/Zsgc"
},
"Signal": {
"Proto": "https",
"URI": "vpn.esotericbytes.com:443"
},
"Datadir": "/var/lib/netbird",
"DataStoreEncryptionKey": "FZnQt+JqAC8GEXUSJwhrgo0vn4PoDetoAhjUx9nSJR0=",
"EmbeddedIdP": {
"Enabled": true,
"Issuer": "https://vpn.esotericbytes.com/oauth2",
"DashboardRedirectURIs": [
"https://vpn.esotericbytes.com/nb-auth",
"https://vpn.esotericbytes.com/nb-silent-auth"
]
}
}

229
system/virtualization/docker/netbird/default.nix Normal file
View File

@@ -0,0 +1,229 @@
{ config, lib, pkgs, ... }: {
options.sysconfig.docker.netbird.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.netbird.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedUDPPorts = [ 3478 ];
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
};
environment.etc."netbird/management.json".source = ./config/management.json;
# Containers
virtualisation.oci-containers.containers."netbird-dashboard" = {
image = "netbirdio/dashboard:v2.30.1";
environment = {
"AUTH_AUDIENCE" = "netbird-dashboard";
"AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
"AUTH_CLIENT_ID" = "netbird-dashboard";
"AUTH_CLIENT_SECRET" = "";
"AUTH_REDIRECT_URI" = "/nb-auth";
"AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
"AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
"LETSENCRYPT_DOMAIN" = "none";
"NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NGINX_SSL_PORT" = "443";
"USE_AUTH0" = "false";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
"traefik.http.routers.netbird-dashboard.priority" = "1";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
"traefik.http.routers.netbird-dashboard.tls" = "true";
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=dashboard"
"--network=docker-main"
"--ip=192.168.101.5"
];
};
systemd.services."docker-netbird-dashboard" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-management" = {
image = "netbirdio/management:0.64.4";
volumes = [
"/etc/netbird/management.json:/etc/netbird/management.json:rw"
"netbird_netbird_management:/var/lib/netbird:rw"
];
cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-api.entrypoints" = "websecure";
"traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
"traefik.http.routers.netbird-api.service" = "netbird-api";
"traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
};
systemd.services."docker-netbird-management" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-netbird_netbird_management.service"
];
requires = [
"docker-volume-netbird_netbird_management.service"
];
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-relay" = {
image = "netbirdio/relay:0.64.4";
environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
ports = [
"3478:3478/udp"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-relay.entrypoints" = "websecure";
"traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
"traefik.http.routers.netbird-relay.tls" = "true";
"traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=relay"
"--network=docker-main"
"--ip=192.168.101.3"
];
};
systemd.services."docker-netbird-relay" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-signal" = {
image = "netbirdio/signal:0.64.4";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
"traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
"traefik.http.routers.netbird-signal-grpc.tls" = "true";
"traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
"traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
"traefik.http.routers.netbird-signal-ws.tls" = "true";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=signal"
"--network=docker-main"
];
};
systemd.services."docker-netbird-signal" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
# Volumes
systemd.services."docker-volume-netbird_netbird_management" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-netbird-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
}

115
system/virtualization/docker/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,115 @@
{ config, lib, pkgs, ... }: let
subdomain = "cloud";
name = "nextcloud";
in {
options.sysconfig.docker.nextcloud.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.nextcloud.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
};
systemd.services."docker-nextcloud" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
};
systemd.services."docker-volume-nextcloud" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}

32
system/virtualization/docker/ollama/default.nix
View File

@@ -1,4 +1,12 @@
{ config, lib, pkgs, ... }: {
{ config, lib, pkgs, ... }: let
hostPort = 11434;
subdomain = "ollama";
name = "ollama";
in {
options.sysconfig.docker.ollama.enable = with lib; mkOption {
type = with types; bool;
@@ -13,11 +21,11 @@
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ 11434 ];
allowedTCPPorts = [ hostPort ];
};
"ve-openwebui" = {
allowedTCPPorts = [ 11434 ];
allowedTCPPorts = [ hostPort ];
};
};
@@ -27,14 +35,14 @@
# unstable, waiting for 26.05
#pull = "newer";
hostname = "ollama.esotericbytes.com";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"11434:11434"
"${builtins.toString hostPort}:11434"
];
volumes = [
@@ -42,17 +50,19 @@
];
labels = {
"traefik.http.routers.ollama.entrypoints" = "localsecure";
"traefik.http.routers.ollama.rule" = "Host(`ollama.esotericbytes.com`)";
"traefik.http.routers.ollama.service" = "ollama";
"traefik.http.routers.ollama.tls.certResolver" = "cloudflare";
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:11434";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.4"
"--ip=192.168.101.6"
];
environment = {

96
system/virtualization/docker/openwebui/default.nix Normal file
View File

@@ -0,0 +1,96 @@
{ config, lib, pkgs, ... }: let
subdomain = "ai";
name = "openwebui";
in {
options.sysconfig.docker.openwebui.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.openwebui.enable && config.sysconfig.docker.enable) {
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:v0.7.2";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
};
systemd.services."docker-openwebui" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
};
systemd.services."docker-volume-openwebui" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}

1
system/virtualization/docker/passbolt/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

167
system/virtualization/docker/passbolt/docker-compose.nix Normal file
View File

@@ -0,0 +1,167 @@
# Auto-generated by compose2nix.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."passbolt-db" = {
image = "mariadb:10.11";
environment = {
"MYSQL_DATABASE" = "passbolt";
"MYSQL_PASSWORD" = "P4ssb0lt";
"MYSQL_RANDOM_ROOT_PASSWORD" = "true";
"MYSQL_USER" = "passbolt";
};
volumes = [
"passbolt_database_volume:/var/lib/mysql:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=db"
"--network=passbolt_default"
];
};
systemd.services."docker-passbolt-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_database_volume.service"
];
requires = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_database_volume.service"
];
partOf = [
"docker-compose-passbolt-root.target"
];
wantedBy = [
"docker-compose-passbolt-root.target"
];
};
virtualisation.oci-containers.containers."passbolt-passbolt" = {
image = "passbolt/passbolt:latest-ce";
environment = {
"APP_FULL_BASE_URL" = "https://passbolt.local";
"DATASOURCES_DEFAULT_DATABASE" = "passbolt";
"DATASOURCES_DEFAULT_HOST" = "db";
"DATASOURCES_DEFAULT_PASSWORD" = "P4ssb0lt";
"DATASOURCES_DEFAULT_USERNAME" = "passbolt";
};
volumes = [
"passbolt_gpg_volume:/etc/passbolt/gpg:rw"
"passbolt_jwt_volume:/etc/passbolt/jwt:rw"
];
ports = [
"80:80/tcp"
"443:443/tcp"
];
cmd = [ "/usr/bin/wait-for.sh" "-t" "0" "db:3306" "--" "/docker-entrypoint.sh" ];
dependsOn = [
"passbolt-db"
];
log-driver = "journald";
extraOptions = [
"--network-alias=passbolt"
"--network=passbolt_default"
];
};
systemd.services."docker-passbolt-passbolt" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_gpg_volume.service"
"docker-volume-passbolt_jwt_volume.service"
];
requires = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_gpg_volume.service"
"docker-volume-passbolt_jwt_volume.service"
];
partOf = [
"docker-compose-passbolt-root.target"
];
wantedBy = [
"docker-compose-passbolt-root.target"
];
};
# Networks
systemd.services."docker-network-passbolt_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f passbolt_default";
};
script = ''
docker network inspect passbolt_default || docker network create passbolt_default
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
# Volumes
systemd.services."docker-volume-passbolt_database_volume" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect passbolt_database_volume || docker volume create passbolt_database_volume
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
systemd.services."docker-volume-passbolt_gpg_volume" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect passbolt_gpg_volume || docker volume create passbolt_gpg_volume
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
systemd.services."docker-volume-passbolt_jwt_volume" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect passbolt_jwt_volume || docker volume create passbolt_jwt_volume
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-passbolt-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

34
system/virtualization/docker/pihole/default.nix
View File

@@ -1,4 +1,12 @@
{ config, lib, ... }: {
{ config, lib, ... }: let
hostPort = 9001;
subdomain = "pihole";
name = "pihole";
in {
options.sysconfig.docker.pihole.enable = with lib; mkOption {
type = with types; bool;
@@ -7,6 +15,8 @@
config = lib.mkIf (config.sysconfig.docker.pihole.enable && config.sysconfig.docker.enable) {
virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ];
environment.etc."resolv.conf" = {
enable = true;
text = ''
@@ -22,7 +32,7 @@
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ 9001 ];
allowedTCPPorts = [ hostPort ];
};
};
@@ -32,27 +42,29 @@
# unstable, waiting for 26.05
#pull = "newer";
hostname = "pihole.esotericbytes.com";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.http.routers.pihole.entrypoints" = "localsecure";
"traefik.http.routers.pihole.rule" = "Host(`pihole.esotericbytes.com`)";
"traefik.http.routers.pihole.service" = "pihole";
"traefik.http.routers.pihole.tls.certResolver" = "cloudflare";
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.pihole.loadbalancer.server.url" = "http://192.168.100.10:9001";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "80";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.3"
extraOptions = [
"--ip=192.168.101.12"
];
ports = [
"9001:80"
"${builtins.toString hostPort}:80"
"127.0.0.1:53:53/tcp"
"127.0.0.1:53:53/udp"
];

36
system/virtualization/docker/portainer/default.nix
View File

@@ -1,4 +1,12 @@
{ config, lib, ... }: {
{ config, lib, ... }: let
hostPort = 9000;
subdomain = "portainer";
name = "portainer";
in {
options.sysconfig.docker.portainer.enable = with lib; mkOption {
type = with types; bool;
@@ -9,7 +17,7 @@
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ 9000 ];
allowedTCPPorts = [ hostPort ];
};
};
@@ -19,28 +27,30 @@
# unstable, waiting for 26.05
#pull = "newer";
hostname = "portainer.esotericbytes.com";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.http.routers.portainer.entrypoints" = "localsecure";
"traefik.http.routers.portainer.rule" = "Host(`prtnr.esotericbytes.com`)";
"traefik.http.routers.portainer.service" = "portainer";
"traefik.http.routers.portainer.tls.certResolver" = "cloudflare";
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.portainer.loadbalancer.server.url" = "http://192.168.100.10:9000";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "9000";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.2"
];
ports = [
"127.0.0.1:8000:8000"
"9000:9000"
"${builtins.toString hostPort}:9000"
];
extraOptions = [
"--ip=192.168.101.10"
];
volumes = [

1
system/virtualization/docker/rustdesk/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

77
system/virtualization/docker/rustdesk/docker-compose.nix Normal file
View File

@@ -0,0 +1,77 @@
# Auto-generated by compose2nix.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."hbbr" = {
image = "rustdesk/rustdesk-server:latest";
volumes = [
"/home/nathan/Projects/Olympus/system/virtualization/docker/rustdesk/data:/root:rw"
];
cmd = [ "hbbr" ];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."docker-hbbr" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-rustdesk-root.target"
];
wantedBy = [
"docker-compose-rustdesk-root.target"
];
};
virtualisation.oci-containers.containers."hbbs" = {
image = "rustdesk/rustdesk-server:latest";
volumes = [
"/home/nathan/Projects/Olympus/system/virtualization/docker/rustdesk/data:/root:rw"
];
cmd = [ "hbbs" ];
dependsOn = [
"hbbr"
];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."docker-hbbs" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-rustdesk-root.target"
];
wantedBy = [
"docker-compose-rustdesk-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-rustdesk-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

35
system/virtualization/docker/searxng/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, ... }: {
{ config, lib, ... }: let
subdomain = "searxng";
name = "searxng";
in {
options.sysconfig.docker.searxng.enable = with lib; mkOption {
type = with types; bool;
@@ -7,12 +13,6 @@
config = lib.mkIf (config.sysconfig.docker.searxng.enable && config.sysconfig.docker.enable) {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ 9002 ];
};
};
environment.etc."searxng/settings.yml".source = ./settings.yml;
virtualisation.oci-containers.containers.searxng = {
@@ -21,27 +21,28 @@
# unstable, waiting for 26.05
#pull = "newer";
hostname = "searxng.esotericbytes.com";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.http.routers.searxng.entrypoints" = "localsecure";
"traefik.http.routers.searxng.rule" = "Host(`searxng.esotericbytes.com`)";
"traefik.http.routers.searxng.service" = "searxng";
"traefik.http.routers.searxng.tls.certResolver" = "cloudflare";
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.searxng.loadbalancer.server.url" = "http://192.168.100.10:9002";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
"--ip=192.168.101.5"
ports = [
];
ports = [
"9002:8080"
extraOptions = [
"--ip=192.168.101.9"
];
volumes = [

58
system/virtualization/docker/traefik/config/routing.yml Normal file
View File

@@ -0,0 +1,58 @@
http:
routers:
homepageSecure:
entryPoints:
- "websecure"
- "localsecure"
rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
service: "homepage"
tls:
certResolver: "cloudflare"
code-server:
entryPoints:
- "localsecure"
rule: "Host(`code.esotericbytes.com`)"
service: "code-server"
tls:
certResolver: "cloudflare"
gitea:
entryPoints:
- "localsecure"
- "websecure"
rule: "Host(`gitea.esotericbytes.com`)"
service: "gitea"
tls:
certResolver: "cloudflare"
services:
homepage:
loadBalancer:
servers:
- url: "http://192.168.100.13:80"
code-server:
loadBalancer:
servers:
- url: "http://192.168.100.31:4444"
gitea:
loadBalancer:
servers:
- url: "http://192.168.100.20:3000"
tcp:
routers:
gitea-ssh:
entryPoints:
- "gitea-ssh"
rule: "HostSNI(`*`)"
service: "gitea-ssh"
services:
gitea-ssh:
loadBalancer:
servers:
- address: "192.168.100.20:2222"

87
system/virtualization/docker/traefik/config/traefik.yml Normal file
View File

@@ -0,0 +1,87 @@
providers:
docker:
exposedByDefault: false
file:
filename: "/etc/traefik/routing.yml"
serversTransport:
insecureSkipVerify: true
api:
dashboard: true
global:
checknewversion: true
sendanonymoususage: false
entryPoints:
web:
address: ":81"
http:
redirections:
entryPoint:
to: "websecure"
scheme: "https"
websecure:
address: ":444"
asDefault: true
transport:
respondingTimeouts:
readTimeout: 24h
http:
tls:
certResolver: "cloudflare"
domains:
main: "esotericbytes.com"
sans:
- "*.esotericbytes.com"
encodedCharacters:
allowEncodedSlash: true
allowEncodedQuestionMark: true
allowEncodedPercent: true
local:
address: ":80"
http:
redirections:
entryPoint:
to: "localsecure"
scheme: "https"
localsecure:
address: ":443"
asDefault: true
transport:
respondingTimeouts:
readTimeout: 24h
http:
tls:
certResolver: "cloudflare"
domains:
main: "esotericbytes.com"
sans:
- "*.esotericbytes.com"
encodedCharacters:
allowEncodedSlash: true
allowEncodedQuestionMark: true
allowEncodedPercent: true
gitea-ssh:
address: ":2222"
log:
level: "INFO"
filePath: "/etc/traefik/logs/traefik.log"
format: "json"
certificatesResolvers:
cloudflare:
acme:
storage: "/etc/traefik/acme.json"
keyType: "EC256"
dnsChallenge:
provider: "cloudflare"
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"

108
system/virtualization/docker/traefik/default.nix Normal file
View File

@@ -0,0 +1,108 @@
{ config, lib, ... }: {
options.sysconfig.docker.traefik.enable = with lib; mkOption {
type = with types; bool;
default = false;
};
config = lib.mkIf (config.sysconfig.docker.traefik.enable && config.sysconfig.docker.enable) {
networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ];
sops.secrets = {
"traefik/cf_email" = {};
"traefik/cf_api_key" = {};
};
sops.templates."traefik.env" = {
content = ''
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"}
'';
};
environment.etc = (builtins.listToAttrs (builtins.map (x: {
name = "traefik/${x}";
value = {
source = ./config/${x};
mode = "0664";
};
}) (builtins.attrNames (builtins.readDir ./config))));
/*environment.etc."traefik/traefik.yml" = {
source = ./config/traefik.yml;
};
environment.etc."traefik/routing.yml" = {
source = ./config/routing.yml;
};*/
virtualisation.oci-containers.containers.traefik = {
image = "traefik:v3.6";
environment = {
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
};
environmentFiles = [ config.sops.templates."traefik.env".path ];
volumes = [
"/etc/traefik/:/etc/traefik/"
"/run/docker.sock:/var/run/docker.sock"
];
networks = [
"docker-main"
];
ports = [
"80:80"
"81:81"
"443:443"
"444:444"
"2222:2222"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
"traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
"traefik.http.routers.dashboard.service" = "api@internal";
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
};
extraOptions = [
"--ip=192.168.101.11"
];
log-driver = "journald";
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-traefik-root.target"
];
wantedBy = [
"docker-compose-traefik-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-traefik-root" = {
wantedBy = [ "multi-user.target" ];
};
};
}

1
system/virtualization/docker/wyoming/default.nix Normal file
View File

@@ -0,0 +1 @@
{}