k/nixos_configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nixos_configs/hosts/server/service.nix
k 70cc2587aa added cockpit
2025-07-13 10:32:20 -04:00

196 lines
4.4 KiB
Nix
Raw Blame History

{
pkgs,
lib,
...
}: {
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443 22];
allowedUDPPorts = [];
};
security.acme = {
acceptTerms = true;
defaults.email = "markers711@gmail.com";
};
virtualisation = {
docker = {enable = true;};
libvirtd = {enable = true;};
kvmgt = {enable = true;};
};
services = {
openssh = {enable = true;};
jellyfin = {enable = true;};
fail2ban = {enable = true;};
postgresql = {enable = true;};
i2p = {enable = true;};
cockpit = {
enable = true;
allowed-origins = ["https://pit.dhilton.xyz"];
};
nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
ollama = {
enable = true;
package = pkgs.ollama-intel;
};
gitea = {
enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
service.ENABLE_PUSH_CREATE_USER = true;
server = {
HTTP_PORT = 8001;
DOMAIN = "dhilton.xyz";
ROOT_URL = "https://git.dhilton.xyz";
ENABLE_PUSH_CREATE_USER = true;
};
};
};
gitea-actions-runner.instances.home = {
enable = true;
url = "https://git.dhilton.xyz";
name = "nixsrv";
token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj";
labels = [
"ubuntu-latest:docker://catthehacker/ubuntu:act-latest"
"ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04"
"ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04"
"ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04"
"native:host"
];
};
home-assistant = {
enable = true;
extraComponents = ["wiz" "fail2ban" "ollama" "wyoming"];
config = {
default_config = {};
"automation ui" = "!include automations.yaml";
http = {
use_x_forwarded_for = "true";
trusted_proxies = ["127.0.0.1"];
server_port = 8002;
};
};
};
wyoming = {
piper.servers."piperNix" = {
enable = true;
uri = "tcp://0.0.0.0:10200";
voice = "en-us-ryan-low";
};
faster-whisper.servers."whisperNix" = {
enable = true;
uri = "tcp://0.0.0.0:10300";
language = "en";
};
};
searx = {
enable = true;
settings = {
server.port = 8003;
server.secret_key = "secretlol";
search.formats = ["html" "json"];
};
};
akkoma = {
enable = true;
initDb.enable = true;
config = {
":pleroma" = {
":instance" = {
name = "dhilton fedi";
description = "dhilton akkoma server";
email = "markers711@gmail.com";
registration_open = false;
};
"Pleroma.Web.Endpoint" = {url.host = "fed.dhilton.xyz";};
};
};
nginx = {
enableACME = true;
forceSSL = true;
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"dhilton.xyz" = {
enableACME = true;
forceSSL = true;
root = "/var/www/dhilton";
};
"git.dhilton.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8001";
proxyWebsockets = true;
};
};
"jel.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
"hom.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8002";
proxyWebsockets = true;
};
};
"srx.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
proxyWebsockets = true;
};
};
"pit.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9090";
proxyWebsockets = true;
};
};
"nix.dhilton.xyz" = {
locations."/".proxyPass = "http://127.0.0.1:5000";
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink