From d341c0c3f1ed6b82edeb7b36446b2e4c0b7bfc6f Mon Sep 17 00:00:00 2001 From: smayzy Date: Thu, 9 Oct 2025 17:55:32 +0200 Subject: [PATCH] format nix code --- hosts/desktop1/configuration.nix | 15 +- hosts/server1/configuration.nix | 13 +- modules/nix/containers/nixos/httpd.nix | 20 +- modules/nix/containers/nixos/traefik.nix | 676 ++++++++++++----------- modules/nix/containers/nixos/unbound.nix | 78 +-- modules/nix/groups/laptop.nix | 7 +- 6 files changed, 444 insertions(+), 365 deletions(-) diff --git a/hosts/desktop1/configuration.nix b/hosts/desktop1/configuration.nix index 136b045..f0b74cd 100644 --- a/hosts/desktop1/configuration.nix +++ b/hosts/desktop1/configuration.nix @@ -9,9 +9,18 @@ networking.hostName = "desktop1"; networking.bridges.br0.interfaces = [ "enp4s0" ]; - networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.146"; prefixLength = 24; } ]; + networking.interfaces.br0.ipv4.addresses = [ + { + address = "192.168.1.146"; + prefixLength = 24; + } + ]; networking.defaultGateway = "192.168.1.254"; - networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ]; + networking.nameservers = [ + "192.168.1.202" + "192.168.1.137" + "192.168.1.49" + ]; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -22,7 +31,7 @@ hyprland.enable = true; kde.enable = true; docker.enable = true; - containers = { + containers = { nixos = { }; docker = { diff --git a/hosts/server1/configuration.nix b/hosts/server1/configuration.nix index 4321915..673083d 100644 --- a/hosts/server1/configuration.nix +++ b/hosts/server1/configuration.nix @@ -9,9 +9,18 @@ networking.hostName = "server1"; networking.bridges.br0.interfaces = [ "ens18" ]; - networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.1.197"; prefixLength = 24; } ]; + networking.interfaces.br0.ipv4.addresses = [ + { + address = "192.168.1.197"; + prefixLength = 24; + } + ]; networking.defaultGateway = "192.168.1.254"; - networking.nameservers = [ "192.168.1.202" "192.168.1.137" "192.168.1.49" ]; + networking.nameservers = [ + "192.168.1.202" + "192.168.1.137" + "192.168.1.49" + ]; age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/modules/nix/containers/nixos/httpd.nix b/modules/nix/containers/nixos/httpd.nix index dd5bb8e..b0ec7bd 100644 --- a/modules/nix/containers/nixos/httpd.nix +++ b/modules/nix/containers/nixos/httpd.nix @@ -16,23 +16,25 @@ in description = "ip addr e.g. (192.168.1.20)"; }; }; - + config = mkIf cfg.enable { containers.httpd = { autoStart = true; privateNetwork = true; hostBridge = net.bridge; localAddress = cfg.ip; - config = { ... }: { - system.stateVersion = "25.11"; + config = + { ... }: + { + system.stateVersion = "25.11"; - services.httpd = { - enable = true; + services.httpd = { + enable = true; + }; + networking.defaultGateway = net.gateway; + networking.nameservers = net.dns; + networking.firewall.allowedTCPPorts = [ 80 ]; }; - networking.defaultGateway = net.gateway; - networking.nameservers = net.dns; - networking.firewall.allowedTCPPorts = [ 80 ]; - }; }; }; } diff --git a/modules/nix/containers/nixos/traefik.nix b/modules/nix/containers/nixos/traefik.nix index fdd4805..2410ff9 100644 --- a/modules/nix/containers/nixos/traefik.nix +++ b/modules/nix/containers/nixos/traefik.nix @@ -16,7 +16,7 @@ in description = "ip addr e.g. (192.168.1.20)"; }; }; - + config = mkIf cfg.enable { age.secrets = { traefik-cf-tk = { @@ -30,7 +30,7 @@ in mode = "0444"; }; }; - + containers.traefik = { bindMounts = { "/run/secrets/traefik-cf-tk" = { @@ -47,330 +47,382 @@ in privateNetwork = true; hostBridge = net.bridge; localAddress = cfg.ip; - config = { ... }: { - system.stateVersion = "25.11"; + config = + { ... }: + { + system.stateVersion = "25.11"; - networking.defaultGateway = net.gateway; - networking.nameservers = net.dns; - networking.firewall.allowedTCPPorts = [ 80 443 880 4443 ]; + networking.defaultGateway = net.gateway; + networking.nameservers = net.dns; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 880 + 4443 + ]; - systemd.services.traefik.serviceConfig.EnvironmentFile = [ - "/run/secrets/traefik-cf-tk" - ]; + systemd.services.traefik.serviceConfig.EnvironmentFile = [ + "/run/secrets/traefik-cf-tk" + ]; - services.traefik = { - enable = true; - staticConfigOptions = { - global = { - checkNewVersion = false; - sendAnonymousUsage = false; - }; - log = { - level = "WARN"; - }; - api = { - dashboard = true; - disabledashboardad = true; - }; - entryPoints = { - local = { - address = ":80"; + services.traefik = { + enable = true; + staticConfigOptions = { + global = { + checkNewVersion = false; + sendAnonymousUsage = false; }; - localSec = { - address = ":443"; + log = { + level = "WARN"; }; - ext = { - address = ":880"; + api = { + dashboard = true; + disabledashboardad = true; }; - extSec = { - address = ":4443"; + entryPoints = { + local = { + address = ":80"; + }; + localSec = { + address = ":443"; + }; + ext = { + address = ":880"; + }; + extSec = { + address = ":4443"; + }; }; - }; - certificatesResolvers = { - cloudflare = { - acme = { - email = "smayzy@smayzy.ovh"; - storage = "/var/lib/traefik/acme.json"; - dnsChallenge = { - provider = "cloudflare"; - resolvers = [ "192.168.1.202" ]; - propagation.delayBeforeChecks = 15; + certificatesResolvers = { + cloudflare = { + acme = { + email = "smayzy@smayzy.ovh"; + storage = "/var/lib/traefik/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ "192.168.1.202" ]; + propagation.delayBeforeChecks = 15; + }; }; }; }; + }; + dynamicConfigOptions = { + http = { + routers = { + traefik = { + rule = "Host(`traefik.internal.smayzy.ovh`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"; + entryPoints = [ "localSec" ]; + service = "api@internal"; + tls.certResolver = "cloudflare"; + middlewares = [ "dashboard-auth" ]; + }; + bazarr-anime = { + rule = "Host(`bazarr-anime.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "bazarr-anime"; + tls.certResolver = "cloudflare"; + }; + bazarr = { + rule = "Host(`bazarr.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "bazarr"; + tls.certResolver = "cloudflare"; + }; + lidarr = { + rule = "Host(`lidarr.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "lidarr"; + tls.certResolver = "cloudflare"; + }; + nzbget = { + rule = "Host(`nzbget.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "nzbget"; + tls.certResolver = "cloudflare"; + }; + prowlarr = { + rule = "Host(`prowlarr.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "prowlarr"; + tls.certResolver = "cloudflare"; + }; + qbittorrent = { + rule = "Host(`qbittorrent.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "qbittorrent"; + tls.certResolver = "cloudflare"; + }; + radarr = { + rule = "Host(`radarr.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "radarr"; + tls.certResolver = "cloudflare"; + }; + sonarr-anime = { + rule = "Host(`sonarr-anime.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "sonarr-anime"; + tls.certResolver = "cloudflare"; + }; + sonarr = { + rule = "Host(`sonarr.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "sonarr"; + tls.certResolver = "cloudflare"; + }; + srv1-proxmox = { + rule = "Host(`srv1-proxmox.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "srv1-proxmox"; + tls.certResolver = "cloudflare"; + }; + srv2-proxmox = { + rule = "Host(`srv2-proxmox.internal.smayzy.ovh`)"; + entryPoints = [ "localSec" ]; + service = "srv2-proxmox"; + tls.certResolver = "cloudflare"; + }; - }; - dynamicConfigOptions = { - http = { - routers = { - traefik = { - rule = "Host(`traefik.internal.smayzy.ovh`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"; - entryPoints = [ "localSec" ]; - service = "api@internal"; - tls.certResolver = "cloudflare"; - middlewares = [ "dashboard-auth" ]; - }; - bazarr-anime = { - rule = "Host(`bazarr-anime.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "bazarr-anime"; - tls.certResolver = "cloudflare"; - }; - bazarr = { - rule = "Host(`bazarr.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "bazarr"; - tls.certResolver = "cloudflare"; - }; - lidarr = { - rule = "Host(`lidarr.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "lidarr"; - tls.certResolver = "cloudflare"; - }; - nzbget = { - rule = "Host(`nzbget.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "nzbget"; - tls.certResolver = "cloudflare"; - }; - prowlarr = { - rule = "Host(`prowlarr.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "prowlarr"; - tls.certResolver = "cloudflare"; - }; - qbittorrent = { - rule = "Host(`qbittorrent.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "qbittorrent"; - tls.certResolver = "cloudflare"; - }; - radarr = { - rule = "Host(`radarr.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "radarr"; - tls.certResolver = "cloudflare"; - }; - sonarr-anime = { - rule = "Host(`sonarr-anime.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "sonarr-anime"; - tls.certResolver = "cloudflare"; - }; - sonarr = { - rule = "Host(`sonarr.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "sonarr"; - tls.certResolver = "cloudflare"; - }; - srv1-proxmox = { - rule = "Host(`srv1-proxmox.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "srv1-proxmox"; - tls.certResolver = "cloudflare"; - }; - srv2-proxmox = { - rule = "Host(`srv2-proxmox.internal.smayzy.ovh`)"; - entryPoints = [ "localSec" ]; - service = "srv2-proxmox"; - tls.certResolver = "cloudflare"; - }; - - chat = { - rule = "Host(`chat.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "chat"; - tls.certResolver = "cloudflare"; - }; - crafty = { - rule = "Host(`crafty.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "crafty"; - tls.certResolver = "cloudflare"; - }; - cyberchef = { - rule = "Host(`cyberchef.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "cyberchef"; - tls.certResolver = "cloudflare"; - }; - gitea = { - rule = "Host(`gitea.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "gitea"; - tls.certResolver = "cloudflare"; - }; - jellyfin = { - rule = "Host(`jellyfin.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "jellyfin"; - tls.certResolver = "cloudflare"; - }; - kuma = { - rule = "Host(`kuma.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "kuma"; - tls.certResolver = "cloudflare"; - }; - kutt = { - rule = "Host(`kutt.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "kutt"; - tls.certResolver = "cloudflare"; - }; - matrix = { - rule = "Host(`matrix.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "matrix"; - tls.certResolver = "cloudflare"; - }; - mirror = { - rule = "Host(`mirror.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "mirror"; - tls.certResolver = "cloudflare"; - }; - ombi-anime = { - rule = "Host(`ombi-anime.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "ombi-anime"; - tls.certResolver = "cloudflare"; - }; - ombi = { - rule = "Host(`ombi.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "ombi"; - tls.certResolver = "cloudflare"; - }; - share = { - rule = "Host(`share.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "share"; - tls.certResolver = "cloudflare"; - }; - vault = { - rule = "Host(`vault.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "vault"; - tls.certResolver = "cloudflare"; - }; - wordpress = { - rule = "Host(`wordpress.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "wordpress"; - tls.certResolver = "cloudflare"; - }; - mail = { - rule = "Host(`autoconfig.smayzy.ovh`) || Host(`autodiscover.smayzy.ovh`) || Host(`mail.smayzy.ovh`) || Host(`mta-sts.mail.smayzy.ovh`) || Host(`mta-sts.smayzy.ovh`) || Host(`smayzy.ovh`) || Host(`www.smayzy.ovh`)"; - entryPoints = [ "ext" "extSec" ]; - service = "mail"; - tls.certResolver = "cloudflare"; - }; - }; - services = { - "bazarr-anime".loadBalancer = { - servers = [ { url = "http://192.168.1.147:6768" ; } ]; - }; - "bazarr".loadBalancer = { - servers = [ { url = "http://192.168.1.147:6767" ; } ]; - }; - "lidarr".loadBalancer = { - servers = [ { url = "http://192.168.1.147:8686" ; } ]; - }; - "nzbget".loadBalancer = { - servers = [ { url = "http://192.168.1.147:6789" ; } ]; - }; - "prowlarr".loadBalancer = { - servers = [ { url = "http://192.168.1.147:9696" ; } ]; - }; - "qbittorrent".loadBalancer = { - servers = [ { url = "http://192.168.1.147:8080" ; } ]; - }; - "radarr".loadBalancer = { - servers = [ { url = "http://192.168.1.147:7878" ; } ]; - }; - "sonarr-anime".loadBalancer = { - servers = [ { url = "http://192.168.1.147:8988" ; } ]; - }; - "sonarr".loadBalancer = { - servers = [ { url = "http://192.168.1.147:8989" ; } ]; - }; - "srv1-proxmox".loadBalancer = { - servers = [ { url = "https://192.168.1.193:8006"; } ]; - serversTransport = "srv1-proxmox"; - }; - "srv2-proxmox".loadBalancer = { - servers = [ { url = "https://192.168.1.113:8006"; } ]; - serversTransport = "srv2-proxmox"; - }; - - "chat".loadBalancer = { - servers = [ { url = "http://192.168.1.114:80" ; } ]; - }; - "crafty".loadBalancer = { - servers = [ { url = "https://192.168.1.34:8443" ; } ]; - }; - "cyberchef".loadBalancer = { - servers = [ { url = "http://192.168.1.197:6900" ; } ]; - }; - "gitea".loadBalancer = { - servers = [ { url = "http://192.168.1.28:3000" ; } ]; - }; - "jellyfin".loadBalancer = { - servers = [ { url = "http://192.168.1.147:8096" ; } ]; - }; - "kuma".loadBalancer = { - servers = [ { url = "http://192.168.1.176:80" ; } ]; - }; - "kutt".loadBalancer = { - servers = [ { url = "http://192.168.1.132:80" ; } ]; - }; - "matrix".loadBalancer = { - servers = [ { url = "http://192.168.1.114:80" ; } ]; - }; - "mirror".loadBalancer = { - servers = [ { url = "http://192.168.1.185:80" ; } ]; - }; - "ombi-anime".loadBalancer = { - servers = [ { url = "http://192.168.1.147:3580" ; } ]; - }; - "ombi".loadBalancer = { - servers = [ { url = "http://192.168.1.147:3579" ; } ]; - }; - "share".loadBalancer = { - servers = [ { url = "http://192.168.1.98:80" ; } ]; - }; - "vault".loadBalancer = { - servers = [ { url = "http://192.168.1.160:80" ; } ]; - }; - "wordpress".loadBalancer = { - servers = [ { url = "http://192.168.1.16:80" ; } ]; - }; - "mail".loadBalancer = { - servers = [ { url = "https://192.168.1.128:443" ; } ]; - }; - }; - serversTransports = { - srv1-proxmox = { - serverName = "srv1-proxmox.internal.smayzy.ovh"; - }; - srv2-proxmox = { - serverName = "srv2-proxmox.internal.smayzy.ovh"; - }; - }; - middlewares ={ - dashboard-auth = { - basicAuth = { - usersFile = "/run/secrets/traefik-dashboard-auth"; + chat = { + rule = "Host(`chat.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "chat"; + tls.certResolver = "cloudflare"; + }; + crafty = { + rule = "Host(`crafty.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "crafty"; + tls.certResolver = "cloudflare"; + }; + cyberchef = { + rule = "Host(`cyberchef.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "cyberchef"; + tls.certResolver = "cloudflare"; + }; + gitea = { + rule = "Host(`gitea.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "gitea"; + tls.certResolver = "cloudflare"; + }; + jellyfin = { + rule = "Host(`jellyfin.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "jellyfin"; + tls.certResolver = "cloudflare"; + }; + kuma = { + rule = "Host(`kuma.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "kuma"; + tls.certResolver = "cloudflare"; + }; + kutt = { + rule = "Host(`kutt.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "kutt"; + tls.certResolver = "cloudflare"; + }; + matrix = { + rule = "Host(`matrix.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "matrix"; + tls.certResolver = "cloudflare"; + }; + mirror = { + rule = "Host(`mirror.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "mirror"; + tls.certResolver = "cloudflare"; + }; + ombi-anime = { + rule = "Host(`ombi-anime.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "ombi-anime"; + tls.certResolver = "cloudflare"; + }; + ombi = { + rule = "Host(`ombi.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "ombi"; + tls.certResolver = "cloudflare"; + }; + share = { + rule = "Host(`share.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "share"; + tls.certResolver = "cloudflare"; + }; + vault = { + rule = "Host(`vault.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "vault"; + tls.certResolver = "cloudflare"; + }; + wordpress = { + rule = "Host(`wordpress.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "wordpress"; + tls.certResolver = "cloudflare"; + }; + mail = { + rule = "Host(`autoconfig.smayzy.ovh`) || Host(`autodiscover.smayzy.ovh`) || Host(`mail.smayzy.ovh`) || Host(`mta-sts.mail.smayzy.ovh`) || Host(`mta-sts.smayzy.ovh`) || Host(`smayzy.ovh`) || Host(`www.smayzy.ovh`)"; + entryPoints = [ + "ext" + "extSec" + ]; + service = "mail"; + tls.certResolver = "cloudflare"; }; }; - }; - }; # http - }; # dyna config - }; # services.traefik - }; # config + services = { + "bazarr-anime".loadBalancer = { + servers = [ { url = "http://192.168.1.147:6768"; } ]; + }; + "bazarr".loadBalancer = { + servers = [ { url = "http://192.168.1.147:6767"; } ]; + }; + "lidarr".loadBalancer = { + servers = [ { url = "http://192.168.1.147:8686"; } ]; + }; + "nzbget".loadBalancer = { + servers = [ { url = "http://192.168.1.147:6789"; } ]; + }; + "prowlarr".loadBalancer = { + servers = [ { url = "http://192.168.1.147:9696"; } ]; + }; + "qbittorrent".loadBalancer = { + servers = [ { url = "http://192.168.1.147:8080"; } ]; + }; + "radarr".loadBalancer = { + servers = [ { url = "http://192.168.1.147:7878"; } ]; + }; + "sonarr-anime".loadBalancer = { + servers = [ { url = "http://192.168.1.147:8988"; } ]; + }; + "sonarr".loadBalancer = { + servers = [ { url = "http://192.168.1.147:8989"; } ]; + }; + "srv1-proxmox".loadBalancer = { + servers = [ { url = "https://192.168.1.193:8006"; } ]; + serversTransport = "srv1-proxmox"; + }; + "srv2-proxmox".loadBalancer = { + servers = [ { url = "https://192.168.1.113:8006"; } ]; + serversTransport = "srv2-proxmox"; + }; + + "chat".loadBalancer = { + servers = [ { url = "http://192.168.1.114:80"; } ]; + }; + "crafty".loadBalancer = { + servers = [ { url = "https://192.168.1.34:8443"; } ]; + }; + "cyberchef".loadBalancer = { + servers = [ { url = "http://192.168.1.197:6900"; } ]; + }; + "gitea".loadBalancer = { + servers = [ { url = "http://192.168.1.28:3000"; } ]; + }; + "jellyfin".loadBalancer = { + servers = [ { url = "http://192.168.1.147:8096"; } ]; + }; + "kuma".loadBalancer = { + servers = [ { url = "http://192.168.1.176:80"; } ]; + }; + "kutt".loadBalancer = { + servers = [ { url = "http://192.168.1.132:80"; } ]; + }; + "matrix".loadBalancer = { + servers = [ { url = "http://192.168.1.114:80"; } ]; + }; + "mirror".loadBalancer = { + servers = [ { url = "http://192.168.1.185:80"; } ]; + }; + "ombi-anime".loadBalancer = { + servers = [ { url = "http://192.168.1.147:3580"; } ]; + }; + "ombi".loadBalancer = { + servers = [ { url = "http://192.168.1.147:3579"; } ]; + }; + "share".loadBalancer = { + servers = [ { url = "http://192.168.1.98:80"; } ]; + }; + "vault".loadBalancer = { + servers = [ { url = "http://192.168.1.160:80"; } ]; + }; + "wordpress".loadBalancer = { + servers = [ { url = "http://192.168.1.16:80"; } ]; + }; + "mail".loadBalancer = { + servers = [ { url = "https://192.168.1.128:443"; } ]; + }; + }; + serversTransports = { + srv1-proxmox = { + serverName = "srv1-proxmox.internal.smayzy.ovh"; + }; + srv2-proxmox = { + serverName = "srv2-proxmox.internal.smayzy.ovh"; + }; + }; + middlewares = { + dashboard-auth = { + basicAuth = { + usersFile = "/run/secrets/traefik-dashboard-auth"; + }; + }; + }; + }; # http + }; # dyna config + }; # services.traefik + }; # config }; # ct traefik }; # config } diff --git a/modules/nix/containers/nixos/unbound.nix b/modules/nix/containers/nixos/unbound.nix index ce77d0f..ab018d3 100644 --- a/modules/nix/containers/nixos/unbound.nix +++ b/modules/nix/containers/nixos/unbound.nix @@ -16,55 +16,57 @@ in description = "ip addr e.g. (192.168.1.20)"; }; }; - + config = mkIf cfg.enable { containers.unbound = { autoStart = true; privateNetwork = true; hostBridge = net.bridge; localAddress = cfg.ip; - config = { ... }: { - system.stateVersion = "25.11"; + config = + { ... }: + { + system.stateVersion = "25.11"; - services.unbound = { - enable = true; - settings = { - server = { - interface = [ "0.0.0.0" ]; - qname-minimisation = "yes"; - minimal-responses = "no"; - access-control = [ - "127.0.0.0/8 allow" - "192.168.0.0/16 allow" - ]; - private-domain = [ "internal.smayzy.ovh" ]; - local-zone = [ "internal.smayzy.ovh. static" ]; - local-data = [ - ''"npm-local.internal.smayzy.ovh. A 192.168.1.181"'' - ''"npm.internal.smayzy.ovh. A 192.168.1.181"'' - ''"nfs-srv1.internal.smayzy.ovh. A 192.168.1.48"'' - ''"traefik.internal.smayzy.ovh. A 192.168.1.203"'' + services.unbound = { + enable = true; + settings = { + server = { + interface = [ "0.0.0.0" ]; + qname-minimisation = "yes"; + minimal-responses = "no"; + access-control = [ + "127.0.0.0/8 allow" + "192.168.0.0/16 allow" + ]; + private-domain = [ "internal.smayzy.ovh" ]; + local-zone = [ "internal.smayzy.ovh. static" ]; + local-data = [ + ''"npm-local.internal.smayzy.ovh. A 192.168.1.181"'' + ''"npm.internal.smayzy.ovh. A 192.168.1.181"'' + ''"nfs-srv1.internal.smayzy.ovh. A 192.168.1.48"'' + ''"traefik.internal.smayzy.ovh. A 192.168.1.203"'' - ''"bazarr-anime.internal.smayzy.ovh. A 192.168.1.203"'' - ''"bazarr.internal.smayzy.ovh. A 192.168.1.203"'' - ''"lidarr.internal.smayzy.ovh. A 192.168.1.203"'' - ''"nzbget.internal.smayzy.ovh. A 192.168.1.203"'' - ''"prowlarr.internal.smayzy.ovh. A 192.168.1.203"'' - ''"qbittorrent.internal.smayzy.ovh. A 192.168.1.203"'' - ''"radarr.internal.smayzy.ovh. A 192.168.1.203"'' - ''"sonarr-anime.internal.smayzy.ovh. A 192.168.1.203"'' - ''"sonarr.internal.smayzy.ovh. A 192.168.1.203"'' - ''"srv1-proxmox.internal.smayzy.ovh. A 192.168.1.203"'' - ''"srv2-proxmox.internal.smayzy.ovh. A 192.168.1.203"'' - ]; + ''"bazarr-anime.internal.smayzy.ovh. A 192.168.1.203"'' + ''"bazarr.internal.smayzy.ovh. A 192.168.1.203"'' + ''"lidarr.internal.smayzy.ovh. A 192.168.1.203"'' + ''"nzbget.internal.smayzy.ovh. A 192.168.1.203"'' + ''"prowlarr.internal.smayzy.ovh. A 192.168.1.203"'' + ''"qbittorrent.internal.smayzy.ovh. A 192.168.1.203"'' + ''"radarr.internal.smayzy.ovh. A 192.168.1.203"'' + ''"sonarr-anime.internal.smayzy.ovh. A 192.168.1.203"'' + ''"sonarr.internal.smayzy.ovh. A 192.168.1.203"'' + ''"srv1-proxmox.internal.smayzy.ovh. A 192.168.1.203"'' + ''"srv2-proxmox.internal.smayzy.ovh. A 192.168.1.203"'' + ]; + }; }; }; + networking.defaultGateway = net.gateway; + networking.nameservers = net.dns; + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; }; - networking.defaultGateway = net.gateway; - networking.nameservers = net.dns; - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; - }; }; }; } diff --git a/modules/nix/groups/laptop.nix b/modules/nix/groups/laptop.nix index b60ce54..569b782 100644 --- a/modules/nix/groups/laptop.nix +++ b/modules/nix/groups/laptop.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let inherit (lib) mkIf mkOption types; in