homelab/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Make ashers site work

Browse source
This commit is contained in:
kalle 2025-06-11 23:39:50 +02:00
parent 30a471535a
commit 27bc5c0d2f
5 changed files with 88 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/portainer.nix
View file

@ -13,6 +13,12 @@ rec {
target = "http://${ip}:80"; target = "http://${ip}:80";
priority = 1; priority = 1;
} }
{
name = "${hostname}-asher-portfolio";
rule = "Host(`asherdejong.nl`)";
target = "http://${ip}:80";
priority = 1;
}
{ {
name = "${hostname}-transmission"; name = "${hostname}-transmission";
rule = "Host(`transmission.kallestruik.nl`) && ClientIP(`192.168.10.0/24`)"; rule = "Host(`transmission.kallestruik.nl`) && ClientIP(`192.168.10.0/24`)";

10
roles/forgejo.nix
View file

@ -1,3 +1,7 @@
let
appDataInCeph = "/appdata/forgejo";
appDir = "/cephfs${appDataInCeph}";
in
{ {
name = "Forgejo"; name = "Forgejo";
description = '' description = ''
@ -21,6 +25,8 @@
} }
]; ];
cephBackupPaths = [ appDataInCeph ];
nixosModule = nixosModule =
{ {
pkgs, pkgs,
@ -77,7 +83,7 @@
echo "No arguments supplied" echo "No arguments supplied"
exit 1 exit 1
fi fi
sudo -u forgejo -- ${lib.getExe pkgs.forgejo} --config /cephfs/appdata/forgejo/custom/conf/app.ini $@ sudo -u forgejo -- ${lib.getExe pkgs.forgejo} --config ${appDir}/custom/conf/app.ini $@
''; '';
in in
[ [
@ -92,7 +98,7 @@
services.forgejo = { services.forgejo = {
enable = true; enable = true;
package = pkgs.forgejo; package = pkgs.forgejo;
stateDir = "/cephfs/appdata/forgejo"; stateDir = appDir;
lfs.enable = true; lfs.enable = true;
database = { database = {

139
roles/freshrss.nix
View file

@ -1,3 +1,8 @@
let
appDataInCeph = "/appdata/freshrss";
appDir = "/cephfs${appDataInCeph}";
dataDir = "${appDir}/data";
in
{ {
name = "FreshRSS"; name = "FreshRSS";
description = '' description = ''
@ -21,6 +26,8 @@
} }
]; ];
cephBackupPaths = [ appDataInCeph ];
nixosModule = nixosModule =
{ {
lib, lib,
@ -34,82 +41,74 @@
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
adminUser = lib.mkOption {
type = lib.types.str;
};
}; };
config = config = {
let networking.firewall.allowedTCPPorts = [
appDir = "/cephfs/appdata/freshrss"; 1342 # Freshrss
dataDir = "${appDir}/data"; ];
in
{
networking.firewall.allowedTCPPorts = [
1342 # Freshrss
];
sops.secrets = { sops.secrets = {
"freshrss/client_id" = { "freshrss/client_id" = {
owner = "freshrss";
};
"freshrss/client_secret" = {
owner = "freshrss";
};
};
sops.templates."freshrss-secret.env" = {
owner = "freshrss"; owner = "freshrss";
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."freshrss/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."freshrss/client_secret"}
'';
}; };
"freshrss/client_secret" = {
# Set up user to run freshrss owner = "freshrss";
users.users."freshrss" = {
isSystemUser = true;
group = "freshrss";
};
users.groups."freshrss" = { };
systemd.tmpfiles.rules = [
"d '${appDir}' 0750 freshrss freshrss - -"
"d '${dataDir}' 0750 freshrss freshrss - -"
"d '${appDir}/extensions' 0750 freshrss freshrss - -"
];
# Create the database
postgres.databases = [ "freshrss" ];
# Make sure that ceph is mounted before trying to start freshrss
systemd.services.podman-freshrss = {
after = [ "cephfs.mount" ];
};
podman.containers = {
"freshrss" = {
imageMetadata = dockerImages.freshrss;
autoStart = true;
environment = {
TZ = "Europe/Amsterdam";
CRON_MIN = "3,33";
OIDC_ENABLED = "1";
OIDC_PROVIDER_METADATA_URL = "https://auth.kallestruik.nl/application/o/freshrss/.well-known/openid-configuration";
OIDC_X_FORWARDED_HEADERS = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES = "openid email profile";
};
environmentFiles = [
config.sops.templates."freshrss-secret.env".path
];
volumes = [
"${dataDir}:/var/www/FreshRSS/data"
"${appDir}/extensions:/var/www/FreshRSS/extensions"
];
ports = [
"1342:80"
];
};
}; };
}; };
sops.templates."freshrss-secret.env" = {
owner = "freshrss";
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."freshrss/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."freshrss/client_secret"}
'';
};
# Set up user to run freshrss
users.users."freshrss" = {
isSystemUser = true;
group = "freshrss";
};
users.groups."freshrss" = { };
systemd.tmpfiles.rules = [
"d '${appDir}' 0750 freshrss freshrss - -"
"d '${dataDir}' 0750 freshrss freshrss - -"
"d '${appDir}/extensions' 0750 freshrss freshrss - -"
];
# Create the database
postgres.databases = [ "freshrss" ];
# Make sure that ceph is mounted before trying to start freshrss
systemd.services.podman-freshrss = {
after = [ "cephfs.mount" ];
};
podman.containers = {
"freshrss" = {
imageMetadata = dockerImages.freshrss;
autoStart = true;
environment = {
TZ = "Europe/Amsterdam";
CRON_MIN = "3,33";
OIDC_ENABLED = "1";
OIDC_PROVIDER_METADATA_URL = "https://auth.kallestruik.nl/application/o/freshrss/.well-known/openid-configuration";
OIDC_X_FORWARDED_HEADERS = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES = "openid email profile";
};
environmentFiles = [
config.sops.templates."freshrss-secret.env".path
];
volumes = [
"${dataDir}:/var/www/FreshRSS/data"
"${appDir}/extensions:/var/www/FreshRSS/extensions"
];
ports = [
"1342:80"
];
};
};
};
}; };
} }

4
roles/traefik.nix
View file

@ -115,6 +115,9 @@
dnsChallenge = { dnsChallenge = {
provider = "cloudflare"; provider = "cloudflare";
}; };
httpChallenge = {
entryPoint = "web";
};
}; };
}; };
}; };
@ -130,6 +133,7 @@
service = route.name; service = route.name;
rule = route.rule; rule = route.rule;
priority = route.priority or "0"; priority = route.priority or "0";
tls.certresolver = "letsencrypt";
}; };
}) routes }) routes
); );

1
utils.nix
View file

@ -49,6 +49,7 @@
mkRole = cfg: { mkRole = cfg: {
inherit (cfg) name description nixosModule; inherit (cfg) name description nixosModule;
traefikRoutes = cfg.traefikRoutes or ({ ... }: [ ]); traefikRoutes = cfg.traefikRoutes or ({ ... }: [ ]);
cephBackupPaths = cfg.cephBackupPaths or [ ];
}; };
mkHost = cfg: { mkHost = cfg: {