homelab/config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Make ashers site work

Browse source
This commit is contained in:
kalle 2025-06-11 23:39:50 +02:00
parent 30a471535a
commit 27bc5c0d2f
5 changed files with 88 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/portainer.nix
View file

@ -13,6 +13,12 @@ rec {
target = "http://${ip}:80";
priority = 1;
}
{
name = "${hostname}-asher-portfolio";
rule = "Host(`asherdejong.nl`)";
target = "http://${ip}:80";
priority = 1;
}
{
name = "${hostname}-transmission";
rule = "Host(`transmission.kallestruik.nl`) && ClientIP(`192.168.10.0/24`)";

10
roles/forgejo.nix
View file

@ -1,3 +1,7 @@
let
appDataInCeph = "/appdata/forgejo";
appDir = "/cephfs${appDataInCeph}";
in
{
name = "Forgejo";
description = ''
@ -21,6 +25,8 @@
}
];
cephBackupPaths = [ appDataInCeph ];
nixosModule =
{
pkgs,
@ -77,7 +83,7 @@
echo "No arguments supplied"
exit 1
fi
sudo -u forgejo -- ${lib.getExe pkgs.forgejo} --config /cephfs/appdata/forgejo/custom/conf/app.ini $@
sudo -u forgejo -- ${lib.getExe pkgs.forgejo} --config ${appDir}/custom/conf/app.ini $@
'';
in
[
@ -92,7 +98,7 @@
services.forgejo = {
enable = true;
package = pkgs.forgejo;
stateDir = "/cephfs/appdata/forgejo";
stateDir = appDir;
lfs.enable = true;
database = {

139
roles/freshrss.nix
View file

@ -1,3 +1,8 @@
let
appDataInCeph = "/appdata/freshrss";
appDir = "/cephfs${appDataInCeph}";
dataDir = "${appDir}/data";
in
{
name = "FreshRSS";
description = ''
@ -21,6 +26,8 @@
}
];
cephBackupPaths = [ appDataInCeph ];
nixosModule =
{
lib,
@ -34,82 +41,74 @@
domain = lib.mkOption {
type = lib.types.str;
};
adminUser = lib.mkOption {
type = lib.types.str;
};
};
config =
let
appDir = "/cephfs/appdata/freshrss";
dataDir = "${appDir}/data";
in
{
networking.firewall.allowedTCPPorts = [
1342 # Freshrss
];
config = {
networking.firewall.allowedTCPPorts = [
1342 # Freshrss
];
sops.secrets = {
"freshrss/client_id" = {
owner = "freshrss";
};
"freshrss/client_secret" = {
owner = "freshrss";
};
};
sops.templates."freshrss-secret.env" = {
sops.secrets = {
"freshrss/client_id" = {
owner = "freshrss";
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."freshrss/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."freshrss/client_secret"}
'';
};
# Set up user to run freshrss
users.users."freshrss" = {
isSystemUser = true;
group = "freshrss";
};
users.groups."freshrss" = { };
systemd.tmpfiles.rules = [
"d '${appDir}' 0750 freshrss freshrss - -"
"d '${dataDir}' 0750 freshrss freshrss - -"
"d '${appDir}/extensions' 0750 freshrss freshrss - -"
];
# Create the database
postgres.databases = [ "freshrss" ];
# Make sure that ceph is mounted before trying to start freshrss
systemd.services.podman-freshrss = {
after = [ "cephfs.mount" ];
};
podman.containers = {
"freshrss" = {
imageMetadata = dockerImages.freshrss;
autoStart = true;
environment = {
TZ = "Europe/Amsterdam";
CRON_MIN = "3,33";
OIDC_ENABLED = "1";
OIDC_PROVIDER_METADATA_URL = "https://auth.kallestruik.nl/application/o/freshrss/.well-known/openid-configuration";
OIDC_X_FORWARDED_HEADERS = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES = "openid email profile";
};
environmentFiles = [
config.sops.templates."freshrss-secret.env".path
];
volumes = [
"${dataDir}:/var/www/FreshRSS/data"
"${appDir}/extensions:/var/www/FreshRSS/extensions"
];
ports = [
"1342:80"
];
};
"freshrss/client_secret" = {
owner = "freshrss";
};
};
sops.templates."freshrss-secret.env" = {
owner = "freshrss";
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."freshrss/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."freshrss/client_secret"}
'';
};
# Set up user to run freshrss
users.users."freshrss" = {
isSystemUser = true;
group = "freshrss";
};
users.groups."freshrss" = { };
systemd.tmpfiles.rules = [
"d '${appDir}' 0750 freshrss freshrss - -"
"d '${dataDir}' 0750 freshrss freshrss - -"
"d '${appDir}/extensions' 0750 freshrss freshrss - -"
];
# Create the database
postgres.databases = [ "freshrss" ];
# Make sure that ceph is mounted before trying to start freshrss
systemd.services.podman-freshrss = {
after = [ "cephfs.mount" ];
};
podman.containers = {
"freshrss" = {
imageMetadata = dockerImages.freshrss;
autoStart = true;
environment = {
TZ = "Europe/Amsterdam";
CRON_MIN = "3,33";
OIDC_ENABLED = "1";
OIDC_PROVIDER_METADATA_URL = "https://auth.kallestruik.nl/application/o/freshrss/.well-known/openid-configuration";
OIDC_X_FORWARDED_HEADERS = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES = "openid email profile";
};
environmentFiles = [
config.sops.templates."freshrss-secret.env".path
];
volumes = [
"${dataDir}:/var/www/FreshRSS/data"
"${appDir}/extensions:/var/www/FreshRSS/extensions"
];
ports = [
"1342:80"
];
};
};
};
};
}

4
roles/traefik.nix
View file

@ -115,6 +115,9 @@
dnsChallenge = {
provider = "cloudflare";
};
httpChallenge = {
entryPoint = "web";
};
};
};
};
@ -130,6 +133,7 @@
service = route.name;
rule = route.rule;
priority = route.priority or "0";
tls.certresolver = "letsencrypt";
};
}) routes
);

1
utils.nix
View file

@ -49,6 +49,7 @@
mkRole = cfg: {
inherit (cfg) name description nixosModule;
traefikRoutes = cfg.traefikRoutes or ({ ... }: [ ]);
cephBackupPaths = cfg.cephBackupPaths or [ ];
};
mkHost = cfg: {