Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

plus

Browse Source
This commit is contained in:
Faris 2025-07-19 00:34:01 +01:00
parent ad7c3237db
commit 4a64599fd6
3 changed files with 86 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
home/podman.nix
View File

@ -189,6 +189,40 @@
}; };
}; };
gitea-anubis = {
image = "ghcr.io/techarohq/anubis:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK????
"/pool/services/secrets/anubis-nginx"
];
environment = {
DIFFICULTY = "4";
SERVE_ROBOTS_TXT = "true";
POLICY_FNAME = "/data/cfg/botPolicy.json";
OG_PASSTHROUGH = "true";
OG_EXPIRY_TIME = "24h";
BIND = ":3002";
METRICS_BIND = ":9090";
TARGET = "http://192.168.0.30:3001";
};
volumes = [
"/pool/services/podman/anubis/botPolicy.json:/data/cfg/botPolicy.json:ro"
];
ports = [
"3002:3002"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
home-assistant = { home-assistant = {
image = "ghcr.io/home-assistant/home-assistant:stable"; image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true; autoStart = true;
@ -476,6 +510,40 @@
}; };
}; };
nginx-anubis = {
image = "ghcr.io/techarohq/anubis:latest";
autoStart = true;
autoUpdate = "registry";
network = "bridge";
environmentFile = [
"/pool/services/secrets/default"
"/pool/services/secrets/anubis-default" #WHY DOES THIS NOT WORK????
"/pool/services/secrets/anubis-nginx"
];
environment = {
DIFFICULTY = "4";
SERVE_ROBOTS_TXT = "true";
POLICY_FNAME = "/data/cfg/botPolicy.json";
OG_PASSTHROUGH = "true";
OG_EXPIRY_TIME = "24h";
BIND = ":8881";
METRICS_BIND = ":9090";
TARGET = "http://192.168.0.30:888";
};
volumes = [
"/pool/services/podman/anubis/botPolicy.json:/data/cfg/botPolicy.json:ro"
];
ports = [
"8881:8881"
];
extraConfig = {
Service = {
TimeoutStartSec = 900;
};
};
};
nginx-proxy-manager = { nginx-proxy-manager = {
image = "docker.io/jc21/nginx-proxy-manager:2.9.22"; image = "docker.io/jc21/nginx-proxy-manager:2.9.22";
autoStart = true; autoStart = true;

21
hosts/server/settings.nix
View File

@ -2,6 +2,18 @@
{ {
age.secrets = {
"restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
"restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
"restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
"zfs/pool.key".file = ../../secrets/zfs/pool.key.age;
};
age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
boot.loader.limine.biosDevice = "/dev/vda";
networking = { networking = {
hostName = "nixos-server"; hostName = "nixos-server";
hostId = "bbe3b289"; hostId = "bbe3b289";
@ -17,16 +29,7 @@
defaultGateway = "192.168.0.1"; defaultGateway = "192.168.0.1";
nameservers = [ "192.168.0.1" "1.1.1.1" ]; nameservers = [ "192.168.0.1" "1.1.1.1" ];
}; };
age.secrets = {
"restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
"restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
"restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
"zfs/pool.key".file = ../../secrets/zfs/pool.key.age
};
users.users.admin.linger = true; users.users.admin.linger = true;
age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];

6
secrets/zfs/pool.key.age Normal file
View File

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 XBJw1w aT4N7lGsXH1XV4wBrZ1xoRVOjWrpMcBtNR8gMHUyfRM
sz4CvrJNgx+ms7kGTfg0Wly6Mc2NDwn4sWYvfsJI5lA
--- 9c9kfNpfGRAC6qAkHsfe65j2/83xeo1iIYqNxWMqLy8
#èefIú¬fƒ/ï¨*[0Š~W q¯¾y'j*½ägSþy™Bñy@j£jÜv ¨kæ<6B>ÿ<EFBFBD>ê<>Ï<EFBFBD>
ø¨&®0PÞß×ù‡Õ×ùƒ`œ" +ÜȲ«%ó¦r”«GÀ·ñ