187 lines
4 KiB
Nix
187 lines
4 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}:
|
|
let
|
|
p = import ../parameters.nix;
|
|
in
|
|
{
|
|
|
|
age.secrets = {
|
|
searx-secret.file = ../../secrets/searx-secret.age;
|
|
tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
|
|
cloudflare-pasetto-apiKey = {
|
|
file = ../../secrets/cloudflare-pasetto-apiKey.age;
|
|
owner = config.services.caddy.user;
|
|
group = config.services.caddy.group;
|
|
};
|
|
};
|
|
|
|
my = {
|
|
utils = {
|
|
commons.enable = true;
|
|
lxc-standard.enable = true;
|
|
};
|
|
|
|
services = {
|
|
|
|
authentik.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.authentik;
|
|
};
|
|
|
|
dashy = {
|
|
enable = false;
|
|
settings = import ./dashy-settings.nix;
|
|
proxy = {
|
|
enable = false;
|
|
domain = p.domains.public;
|
|
host = p.hosts.caddy;
|
|
};
|
|
};
|
|
|
|
firefly-iii.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.firefly-iii;
|
|
};
|
|
|
|
forgejo.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.forgejo;
|
|
};
|
|
|
|
immich.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.immich;
|
|
};
|
|
|
|
media-mgr.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.arr;
|
|
};
|
|
|
|
nextcloud.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.nextcloud;
|
|
};
|
|
|
|
paperless.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.paperless;
|
|
};
|
|
|
|
searx = {
|
|
enable = true;
|
|
secretFile = config.age.secrets.searx-secret.path;
|
|
proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.caddy;
|
|
};
|
|
};
|
|
|
|
vaultwarden.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.vaultwarden;
|
|
};
|
|
};
|
|
|
|
monitoring = {
|
|
prometheus.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.metrics;
|
|
};
|
|
|
|
grafana.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.metrics;
|
|
};
|
|
|
|
uptime-kuma.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.portainer;
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
tailscale = {
|
|
enable = true;
|
|
magicDNSDomain = p.domains.tsDns;
|
|
authKeyFile = config.age.secrets.tailscale-authKey.path;
|
|
};
|
|
|
|
caddy = {
|
|
enable = true;
|
|
configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
|
|
domainsList = [
|
|
{
|
|
domain = p.domains.public;
|
|
email = p.email;
|
|
cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
|
|
}
|
|
];
|
|
dynamicdnsDomains = [
|
|
{
|
|
domain = p.domains.public;
|
|
cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN";
|
|
}
|
|
];
|
|
|
|
extraVirtualHosts = [
|
|
{
|
|
subdomain = "h";
|
|
host = "http://${p.hosts.homeassistant}:8123";
|
|
domain = p.domains.public;
|
|
}
|
|
{
|
|
subdomain = "torrent.ts";
|
|
host = "http://qbittorrent.${p.domains.tsDns}:8090";
|
|
domain = p.domains.public;
|
|
}
|
|
{
|
|
subdomain = "ai";
|
|
host = "http://${p.hosts.portainer}:4080";
|
|
domain = p.domains.public;
|
|
}
|
|
{
|
|
subdomain = "keep";
|
|
host = "http://${p.hosts.portainer}:3000";
|
|
domain = p.domains.public;
|
|
}
|
|
{
|
|
subdomain = "maps";
|
|
host = "http://${p.hosts.portainer}:48080";
|
|
domain = p.domains.public;
|
|
}
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
virtualisation = {
|
|
proxmox.enable = true;
|
|
portainer.proxy = {
|
|
enable = true;
|
|
domain = p.domains.public;
|
|
host = p.hosts.portainer;
|
|
};
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|