152 lines
3.5 KiB
Nix
152 lines
3.5 KiB
Nix
{ pkgs, lib, ... }: {
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 80 443 22 ];
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "markers711@gmail.com";
|
|
};
|
|
|
|
virtualisation.docker = { enable = true; };
|
|
|
|
services = {
|
|
openssh = { enable = true; };
|
|
|
|
jellyfin = { enable = true; };
|
|
|
|
fail2ban = { enable = true; };
|
|
|
|
gitea = {
|
|
enable = true;
|
|
settings = {
|
|
service.DISABLE_REGISTRATION = true;
|
|
service.ENABLE_PUSH_CREATE_USER = true;
|
|
server = {
|
|
HTTP_PORT = 8001;
|
|
DOMAIN = "dhilton.xyz";
|
|
ROOT_URL = "https://git.dhilton.xyz";
|
|
ENABLE_PUSH_CREATE_USER = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
gitea-actions-runner.instances.home = {
|
|
enable = true;
|
|
url = "https://git.dhilton.xyz";
|
|
name = "nixsrv";
|
|
token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
|
|
labels = [
|
|
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
|
|
"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
|
|
"ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
|
|
"ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04"
|
|
"native:host"
|
|
];
|
|
};
|
|
|
|
home-assistant = {
|
|
enable = true;
|
|
extraComponents = [ "wiz" "fail2ban" ];
|
|
config = {
|
|
default_config = { };
|
|
"automation ui" = "!include automations.yaml";
|
|
http = {
|
|
use_x_forwarded_for = "true";
|
|
trusted_proxies = [ "127.0.0.1" ];
|
|
server_port = 8003;
|
|
};
|
|
};
|
|
};
|
|
|
|
ntfy-sh = {
|
|
enable = true;
|
|
settings = {
|
|
listen-http = ":8004";
|
|
auth-file = "/var/lib/ntfy.db";
|
|
auth-default-access = "read-only";
|
|
base-url = "https://ntfy.dhilton.xyz";
|
|
};
|
|
};
|
|
|
|
searx = {
|
|
enable = true;
|
|
settings = {
|
|
server.port = 8005;
|
|
server.secret_key = "secretlol";
|
|
};
|
|
};
|
|
|
|
nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"dhilton.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
root = "/var/www/dhilton";
|
|
};
|
|
|
|
"git.dhilton.xyz" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8001";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
"ntfy.dhilton.xyz" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8004";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
"jel.dhilton.xyz" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8096";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
"puf.dhilton.xyz" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8002";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
"srx.dhilton.xyz" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8005";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
"hom.dhilton.xyz" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8003";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|