187 lines
3.8 KiB
Nix
187 lines
3.8 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
inputs,
|
|
...
|
|
}:
|
|
let
|
|
tailscaleMagicDNS = "neon-dory.ts.net";
|
|
publicDomain = "pasetto.me";
|
|
tsDomain = "tegola.pro";
|
|
email = "pasettodavide@gmail.com";
|
|
hosts = import ../hosts.nix;
|
|
in
|
|
{
|
|
|
|
age.secrets = {
|
|
searx-secret.file = ../../secrets/searx-secret.age;
|
|
tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
|
|
cloudflare-tegola-apiKey = {
|
|
file = ../../secrets/cloudflare-tegola-apiKey.age;
|
|
owner = config.services.caddy.user;
|
|
group = config.services.caddy.group;
|
|
};
|
|
cloudflare-pasetto-apiKey = {
|
|
file = ../../secrets/cloudflare-pasetto-apiKey.age;
|
|
owner = config.services.caddy.user;
|
|
group = config.services.caddy.group;
|
|
};
|
|
ddclient = {
|
|
file = ../../secrets/ddclient.age;
|
|
mode = "400";
|
|
};
|
|
};
|
|
|
|
my = {
|
|
utils = {
|
|
commons.enable = true;
|
|
lxc-standard.enable = true;
|
|
};
|
|
|
|
services = {
|
|
|
|
authentik = {
|
|
enable = true;
|
|
proxy = {
|
|
enable = true;
|
|
domain = tsDomain;
|
|
host = hosts.authentik;
|
|
};
|
|
};
|
|
|
|
dashy = {
|
|
enable = true;
|
|
settings = import ./dashy-settings.nix;
|
|
proxy = {
|
|
enable = true;
|
|
domain = publicDomain;
|
|
host = hosts.caddy;
|
|
};
|
|
};
|
|
|
|
media-mgr = {
|
|
proxy = {
|
|
enable = true;
|
|
domain = tsDomain;
|
|
host = hosts.arr;
|
|
};
|
|
};
|
|
|
|
nextcloud = {
|
|
proxy = {
|
|
enable = true;
|
|
domain = publicDomain;
|
|
host = hosts.nextcloud;
|
|
};
|
|
};
|
|
|
|
searx = {
|
|
enable = true;
|
|
secretFile = config.age.secrets.searx-secret.path;
|
|
enableAI = true;
|
|
perplexicaUrl = hosts.portainer;
|
|
proxy = {
|
|
enable = true;
|
|
domain = tsDomain;
|
|
host = hosts.caddy;
|
|
};
|
|
};
|
|
|
|
vaultwarden = {
|
|
proxy = {
|
|
enable = true;
|
|
domain = publicDomain;
|
|
host = hosts.vaultwarden;
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
monitoring = {
|
|
prometheus = {
|
|
proxy = {
|
|
enable = true;
|
|
domain = tsDomain;
|
|
host = hosts.metrics;
|
|
};
|
|
};
|
|
|
|
grafana = {
|
|
proxy = {
|
|
enable = true;
|
|
domain = tsDomain;
|
|
host = hosts.metrics;
|
|
};
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
tailscale = {
|
|
enable = true;
|
|
magicDNSDomain = tailscaleMagicDNS;
|
|
authKeyFile = config.age.secrets.tailscale-authKey.path;
|
|
};
|
|
|
|
caddy = {
|
|
enable = true;
|
|
configEnvFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
|
|
domainsList = [
|
|
{
|
|
domain = tsDomain;
|
|
email = email;
|
|
cloudflareApiKeyFile = config.age.secrets.cloudflare-tegola-apiKey.path;
|
|
}
|
|
{
|
|
domain = publicDomain;
|
|
email = email;
|
|
cloudflareApiKeyFile = config.age.secrets.cloudflare-pasetto-apiKey.path;
|
|
}
|
|
];
|
|
dynamicdnsDomains = [
|
|
{
|
|
domain = publicDomain;
|
|
cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN";
|
|
}
|
|
];
|
|
|
|
extraVirtualHosts = [
|
|
{
|
|
subdomain = "h";
|
|
host = "http://ha.internal:8123";
|
|
domain = publicDomain;
|
|
}
|
|
];
|
|
|
|
};
|
|
|
|
ddclient = {
|
|
enable = false;
|
|
configFile = config.age.secrets.ddclient.path;
|
|
};
|
|
|
|
};
|
|
|
|
virtualisation = {
|
|
proxmox.enable = true;
|
|
portainer.proxy = {
|
|
enable = true;
|
|
domain = tsDomain;
|
|
host = "portainer.internal";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Extra packages
|
|
environment.systemPackages = with pkgs; [ ];
|
|
|
|
services = {
|
|
iperf3 = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
};
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|