upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-14 02:20:53 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: services for nas all up and running

Browse source
This commit is contained in:
Nick 2025-12-09 21:01:56 -06:00
parent 92088ed139
commit 8649008c93
9 changed files with 54 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/config/instances/config/photoprism.nix
View file

@ -21,7 +21,7 @@ in
"images" "images"
]; ];
ports = { ports = {
port0 = 3030; port0 = 2342;
}; };
interfaces = { interfaces = {
interface0 = interface0 =

8
modules/config/instances/config/vaultwarden.nix
View file

@ -37,12 +37,12 @@ in
email = "noreply@${domain0}"; email = "noreply@${domain0}";
microvm = { microvm = {
id = "vm-${name}"; id = "vm-${name}";
mac = "02:00:00:00:51:01"; mac = "02:00:00:00:78:88";
idUser = "vmuser-vault"; idUser = "vmuser-vault";
macUser = "02:00:00:00:00:01"; macUser = "02:00:00:00:00:88";
ip = "192.168.50.111"; ip = "192.168.50.88";
gate = "192.168.50.1"; gate = "192.168.50.1";
ssh = 2201; ssh = 2588;
}; };
ssl = { ssl = {
path = ssl; path = ssl;

3
modules/nixos/homelab/guests/firefly-iii/config/default.nix
View file

@ -103,6 +103,7 @@ in
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
80
smtpCfg.ports.port1 smtpCfg.ports.port1
serviceCfg.ports.port0 serviceCfg.ports.port0
serviceCfg.ports.port1 serviceCfg.ports.port1
@ -138,7 +139,7 @@ in
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s*"; matchConfig.Name = "enp0s6";
addresses = [ addresses = [
{ Address = "${ip}/24"; } { Address = "${ip}/24"; }
]; ];

2
modules/nixos/homelab/guests/opencloud/config/default.nix
View file

@ -91,7 +91,7 @@ in
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s*"; matchConfig.Name = "enp0s6";
addresses = [ addresses = [
{ Address = "${ip}/24"; } { Address = "${ip}/24"; }
]; ];

33
modules/nixos/homelab/guests/photoprism/config/default.nix
View file

@ -34,11 +34,12 @@ in
enable = true; enable = true;
settings = { settings = {
PHOTOPRISM_SITE_URL = "https://${host}"; PHOTOPRISM_SITE_URL = "https://${host}";
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_ADMIN_USER = user; PHOTOPRISM_ADMIN_USER = user;
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_DEFAULT_LOCAL = "en"; PHOTOPRISM_DEFAULT_LOCAL = "en";
}; };
passwordFile = "/run/secrets/${user}-pass"; passwordFile = "/etc/photoprism-secrets/${user}-pass";
# databasePasswordFile = "/etc/photoprism-secrets/${user}-pass";
storagePath = "/var/lib/${serviceCfg.name}"; storagePath = "/var/lib/${serviceCfg.name}";
originalsPath = "/var/lib/${serviceCfg.name}-media"; originalsPath = "/var/lib/${serviceCfg.name}-media";
address = "0.0.0.0"; address = "0.0.0.0";
@ -61,17 +62,41 @@ in
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
2342 serviceCfg.ports.port0
]; ];
systemd = { systemd = {
services = { services = {
# fix-secrets-permissions = {
# description = "Fix secrets permissions for photoprism";
# wantedBy = [ "multi-user.target" ];
# before = [
# "photoprism.service"
# ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# mkdir -p /etc/photoprism-secrets
# cp /run/secrets/${user}-pass /etc/photoprism-secrets/${user}-pass
# chmod 755 /etc/photoprism-secrets
# chmod 644 /etc/photoprism-secrets/*
# '';
# };
photoprism = { photoprism = {
serviceConfig = { serviceConfig = {
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
User = serviceCfg.name; User = serviceCfg.name;
Group = serviceCfg.name; Group = serviceCfg.name;
# Override LoadCredential to use our secrets path
LoadCredential = lib.mkForce [
"PHOTOPRISM_ADMIN_PASSWORD_FILE:/run/secrets/${user}-pass"
];
}; };
# Make sure secrets are mounted before service starts
after = [ "run-secrets.mount" ];
requires = [ "run-secrets.mount" ];
}; };
systemd-networkd.wantedBy = [ systemd-networkd.wantedBy = [
"multi-user.target" "multi-user.target"
@ -80,7 +105,7 @@ in
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s*"; matchConfig.Name = "enp0s6";
addresses = [ addresses = [
{ Address = "${ip}/24"; } { Address = "${ip}/24"; }
]; ];

14
modules/nixos/homelab/guests/syncthing/config/default.nix
View file

@ -11,6 +11,7 @@ in
syncthingVM = syncthingVM =
{ {
user, user,
pass,
ip, ip,
mac, mac,
userMac, userMac,
@ -38,14 +39,17 @@ in
openDefaultPorts = true; openDefaultPorts = true;
systemService = true; systemService = true;
guiAddress = "0.0.0.0:${toString serviceCfg.ports.port0}"; guiAddress = "0.0.0.0:${toString serviceCfg.ports.port0}";
guiPasswordFile = "/run/secrets/${user}-pass"; # guiPasswordFile = "/run/secrets/${user}-pass";
settings = { settings = {
gui = {
user = user;
password = pass;
};
folders = folders; folders = folders;
devices = devices; devices = devices;
options = { options = {
upAccepted = -1; urAccepted = -1;
user = user;
authMode = "static";
}; };
}; };
}; };
@ -74,7 +78,7 @@ in
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s*"; matchConfig.Name = "enp0s8";
addresses = [ addresses = [
{ Address = "${ip}/24"; } { Address = "${ip}/24"; }
]; ];

1
modules/nixos/homelab/guests/syncthing/syncthingEris/default.nix
View file

@ -87,6 +87,7 @@ let
in in
syncthingVM { syncthingVM {
user = user0; user = user0;
pass = "$2y$05$WoNmQOeBPM5GhxhgkUmZqOoyBU0Y34e9N7gLZ3Xwb2J8V0j5Uoy7u";
ip = interface0Cfg.microvm.ip; ip = interface0Cfg.microvm.ip;
mac = interface0Cfg.microvm.mac; mac = interface0Cfg.microvm.mac;
userMac = interface0Cfg.microvm.macUser; userMac = interface0Cfg.microvm.macUser;

6
modules/nixos/homelab/guests/vaultwarden/config/default.nix
View file

@ -59,7 +59,8 @@ in
# Rocket (Web Server) Settings # Rocket (Web Server) Settings
ROCKET_ADDRESS = "0.0.0.0"; ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = serviceCfg.ports.port0; # ROCKET_PORT = serviceCfg.ports.port0;
ENABLE_WEBSOCKET = true;
}; };
# Environment file with secrets (mounted from host) # Environment file with secrets (mounted from host)
@ -77,6 +78,7 @@ in
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 22
587 587
serviceCfg.ports.port0
]; ];
systemd = { systemd = {
services = { services = {
@ -85,7 +87,7 @@ in
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s*"; matchConfig.Name = "enp0s5";
addresses = [ addresses = [
{ Address = "${ip}/24"; } { Address = "${ip}/24"; }
]; ];

6
secrets/secrets.yaml
View file

@ -75,7 +75,7 @@ photoprism:
stacie-pass: ENC[AES256_GCM,data:45nwjOXOI2wYPi7H2RtUVMESCxLTYQrF4600MQHoCDwm,iv:WgYqJjbIO8fzU/z19RsiUpIbWQmyT4iU4yAFIj1fcsU=,tag:jzsYNrerq6syemssOOOwTg==,type:str] stacie-pass: ENC[AES256_GCM,data:45nwjOXOI2wYPi7H2RtUVMESCxLTYQrF4600MQHoCDwm,iv:WgYqJjbIO8fzU/z19RsiUpIbWQmyT4iU4yAFIj1fcsU=,tag:jzsYNrerq6syemssOOOwTg==,type:str]
garnet-pass: ENC[AES256_GCM,data:ccb7NJxYZxXeuiHxn6ntssTmnN9AoaqoFe8pFkPLNgLm,iv:yeTPsn01pVuWp5qVaFl1dWCoMYX6koBKN5ehJgCSix4=,tag:Pd2erGL2hBQnN5JZNBPo5A==,type:str] garnet-pass: ENC[AES256_GCM,data:ccb7NJxYZxXeuiHxn6ntssTmnN9AoaqoFe8pFkPLNgLm,iv:yeTPsn01pVuWp5qVaFl1dWCoMYX6koBKN5ehJgCSix4=,tag:Pd2erGL2hBQnN5JZNBPo5A==,type:str]
syncthing: syncthing:
nick-pass: ENC[AES256_GCM,data:1GBRck3M9E9x1vJs8iHMF5IHVEwozrZ2Kon6MOx7MjwK,iv:4FfSlWDH4klRXvKU19w/iI233v0OudkLxsT16fYi4GU=,tag:MVOX7+Z+BRIxaiO/Rl+sMQ==,type:str] nick-pass: ENC[AES256_GCM,data:Ypb3g/siQqTyiIYowT/mOMEOwCrWwKXfjomrYew8qf/N,iv:5iuSMhhcm4/9S3ut+DKXyh687exqM00Q/H05L4eI7NY=,tag:/THFt1Ipv16NSknNCdjl0w==,type:str]
listenbrainz-token: ENC[AES256_GCM,data:rSLVOYj4PbWII+CQa3VzK36Tns5PTr6wwE9ARlGwt7h5HAf7,iv:GXpJlchq1B/jTjvn5EWrZ3pnCZgGcDNHEYA2+yESUsc=,tag:im6e/xqQMgbKPt9ey3l2TA==,type:str] listenbrainz-token: ENC[AES256_GCM,data:rSLVOYj4PbWII+CQa3VzK36Tns5PTr6wwE9ARlGwt7h5HAf7,iv:GXpJlchq1B/jTjvn5EWrZ3pnCZgGcDNHEYA2+yESUsc=,tag:im6e/xqQMgbKPt9ey3l2TA==,type:str]
sops: sops:
age: age:
@ -88,7 +88,7 @@ sops:
bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD
aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-09T22:33:37Z" lastmodified: "2025-12-10T02:07:35Z"
mac: ENC[AES256_GCM,data:nMOflva5Y8/ARjuQJi3xxrlHE9gPWrBsEVPlV/hRAHOT96DjeQwotlOXSVHKQA5oTdX9tyBhlCtAV+FXWlE9+X/SDNJ1McKOPRNyg63iroMDzO0U6o56yWD7mETdv2H+mrSqJMPXibwRyeWtRMXeFc2paay1C87gSaY7cxa5HT8=,iv:MmxVhxWO3HnLSU4DHERWYdnRTRfKFkTPPgK834oF6Uk=,tag:+MaLPsgjm07kyseF9Hgy9A==,type:str] mac: ENC[AES256_GCM,data:W+q1Qy0tWuWBVQyVoyE2xnfxHEnHvBTt+HWnx/gEK4i+jgnJFGCn8EjZycBwr9jrMTCf70HpSnPIyKd8xg0n6E49Y0yHq6WBOG2K3SKFueqohljNf4QfpG4Gtrr6pyWFXDs5WKdRd9iszTs8jZ4bnOVNsMBggE5r8Sqt4Pu6Ico=,iv:1Pp2nLyjhSRnjPCBzFRll7m+NO/h7Y5l+nCXOoEGE6Q=,tag:9KPuFI0keIsVF5c6BPyQow==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0