rpqt/flocon
rpqt/flocon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move services to internal clan tld

Browse source
This commit is contained in:
Romain Paquet 2026-01-05 21:42:17 +01:00
parent 9e3d99231d
commit dda8ca5d0f
10 changed files with 83 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

11
machines/genepi/actual.nix
View file

@ -1,4 +1,7 @@
{ config, ... }: { config, ... }:
let
domain = "actual.val";
in
{ {
services.actual = { services.actual = {
enable = true; enable = true;
@ -8,12 +11,14 @@
}; };
}; };
services.nginx.virtualHosts."actual.home.rpqt.fr" = { services.nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "home.rpqt.fr"; enableACME = true;
locations."/".proxyPass = locations."/".proxyPass =
"http://127.0.0.1:${builtins.toString config.services.actual.settings.port}"; "http://127.0.0.1:${builtins.toString config.services.actual.settings.port}";
}; };
clan.core.state.acutal.folders = [ "/var/lib/actual" ]; security.acme.certs.${domain}.server = "https://ca.val/acme/acme/directory";
clan.core.state.actual.folders = [ "/var/lib/actual" ];
} }

12
machines/genepi/freshrss.nix
View file

@ -1,13 +1,13 @@
{ config, ... }: { config, ... }:
let let
domain = "home.rpqt.fr"; tld = "val";
subdomain = "rss.${domain}"; domain = "rss.${tld}";
in in
{ {
services.freshrss = { services.freshrss = {
enable = true; enable = true;
baseUrl = "https://${subdomain}"; baseUrl = "https://${domain}";
virtualHost = "${subdomain}"; virtualHost = "${domain}";
defaultUser = "rpqt"; defaultUser = "rpqt";
passwordFile = config.clan.core.vars.generators.freshrss.files.freshrss-password.path; passwordFile = config.clan.core.vars.generators.freshrss.files.freshrss-password.path;
@ -15,9 +15,11 @@ in
services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = { services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; enableACME = true;
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
clan.core.vars.generators.freshrss = { clan.core.vars.generators.freshrss = {
prompts.freshrss-password = { prompts.freshrss-password = {
description = "freshrss default user password"; description = "freshrss default user password";

21
machines/genepi/glance-config.nix
View file

@ -1,3 +1,4 @@
{ tld }:
{ {
theme = { theme = {
light = true; light = true;
@ -41,22 +42,22 @@
sites = [ sites = [
{ {
title = "Immich"; title = "Immich";
url = "https://images.home.rpqt.fr"; url = "https://images.${tld}";
icon = "sh:immich"; icon = "sh:immich";
} }
{ {
title = "FreshRSS"; title = "FreshRSS";
url = "https://rss.home.rpqt.fr"; url = "https://rss.${tld}";
icon = "sh:freshrss"; icon = "sh:freshrss";
} }
{ {
title = "Syncthing"; title = "Syncthing";
url = "https://genepi.home.rpqt.fr/syncthing"; url = "https://genepi.${tld}/syncthing";
icon = "sh:syncthing"; icon = "sh:syncthing";
} }
{ {
title = "Actual Budget"; title = "Actual Budget";
url = "https://actual.home.rpqt.fr"; url = "https://actual.${tld}";
icon = "sh:actual-budget"; icon = "sh:actual-budget";
} }
{ {
@ -66,12 +67,12 @@
} }
{ {
title = "Pinchflat"; title = "Pinchflat";
url = "https://pinchflat.home.rpqt.fr"; url = "https://pinchflat.${tld}";
icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png"; icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png";
} }
{ {
title = "Home Assistant"; title = "Home Assistant";
url = "https://assistant.home.rpqt.fr"; url = "https://assistant.${tld}";
icon = "sh:home-assistant"; icon = "sh:home-assistant";
} }
{ {
@ -98,12 +99,12 @@
sites = [ sites = [
{ {
title = "Grafana"; title = "Grafana";
url = "https://grafana.home.rpqt.fr"; url = "https://grafana.${tld}";
icon = "sh:grafana"; icon = "sh:grafana";
} }
{ {
title = "Prometheus"; title = "Prometheus";
url = "http://genepi.home.rpqt.fr:9090"; url = "http://genepi.${tld}:9090";
icon = "sh:prometheus"; icon = "sh:prometheus";
} }
]; ];
@ -115,7 +116,7 @@
sites = [ sites = [
{ {
title = "Lounge"; title = "Lounge";
url = "https://lounge.home.rpqt.fr"; url = "https://lounge.${tld}";
icon = "si:html5"; icon = "si:html5";
} }
{ {
@ -178,7 +179,7 @@
cache = "12h"; cache = "12h";
feeds = [ feeds = [
{ {
url = "https://rss.home.rpqt.fr/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss"; url = "https://rss.${tld}/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss";
} }
]; ];
} }

12
machines/genepi/glance.nix
View file

@ -1,18 +1,20 @@
{ config, ... }: { config, ... }:
let let
domain = "home.rpqt.fr"; tld = "val";
subdomain = "glance.${domain}"; domain = "glance.${tld}";
in in
{ {
services.glance = { services.glance = {
enable = true; enable = true;
settings = ./glance-config.nix; settings = (import ./glance-config.nix) { inherit tld; };
}; };
services.nginx.virtualHosts.${subdomain} = { services.nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; enableACME = true;
locations."/".proxyPass = locations."/".proxyPass =
"http://127.0.0.1:${toString config.services.glance.settings.server.port}"; "http://127.0.0.1:${toString config.services.glance.settings.server.port}";
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
} }

10
machines/genepi/homeassistant.nix
View file

@ -1,7 +1,7 @@
{ config, ... }: { config, ... }:
let let
domain = "home.rpqt.fr"; tld = "val";
subdomain = "assistant.${domain}"; domain = "assistant.${tld}";
in in
{ {
services.home-assistant = { services.home-assistant = {
@ -26,9 +26,9 @@ in
}; };
}; };
services.nginx.virtualHosts.${subdomain} = { services.nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; enableACME = true;
extraConfig = '' extraConfig = ''
proxy_buffering off; proxy_buffering off;
''; '';
@ -37,4 +37,6 @@ in
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
} }

12
machines/genepi/immich.nix
View file

@ -1,19 +1,19 @@
{ config, ... }: { config, ... }:
let let
domain = "home.rpqt.fr"; tld = "val";
subdomain = "images.${domain}"; domain = "images.${tld}";
in in
{ {
services.immich = { services.immich = {
enable = true; enable = true;
settings = { settings = {
server.externalDomain = "https://${subdomain}"; server.externalDomain = "https://${domain}";
}; };
}; };
services.nginx.virtualHosts.${subdomain} = { services.nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://${toString config.services.immich.host}:${toString config.services.immich.port}"; proxyPass = "http://${toString config.services.immich.host}:${toString config.services.immich.port}";
proxyWebsockets = true; proxyWebsockets = true;
@ -26,5 +26,7 @@ in
}; };
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
clan.core.state.immich.folders = [ "/var/lib/immich" ]; clan.core.state.immich.folders = [ "/var/lib/immich" ];
} }

9
machines/genepi/monitoring/grafana.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
domain = "home.rpqt.fr"; tld = "val";
in in
{ {
services.grafana = { services.grafana = {
@ -8,7 +8,7 @@ in
settings = { settings = {
server = { server = {
http_port = 3000; http_port = 3000;
domain = "grafana.${domain}"; domain = "grafana.${tld}";
}; };
}; };
provision = { provision = {
@ -31,10 +31,13 @@ in
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
security.acme.certs.${config.services.grafana.settings.server.domain}.server =
"https://ca.${tld}/acme/acme/directory";
} }

10
machines/genepi/pinchflat.nix
View file

@ -3,6 +3,10 @@
pkgs, pkgs,
... ...
}: }:
let
tld = "val";
domain = "pinchflat.${tld}";
in
{ {
services.pinchflat = { services.pinchflat = {
enable = true; enable = true;
@ -23,9 +27,11 @@
clan.core.state.pinchflat.folders = [ "/var/lib/pinchflat" ]; clan.core.state.pinchflat.folders = [ "/var/lib/pinchflat" ];
services.nginx.virtualHosts."pinchflat.home.rpqt.fr" = { services.nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "home.rpqt.fr"; enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.pinchflat.port}"; locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.pinchflat.port}";
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
} }

20
machines/genepi/syncthing.nix
View file

@ -1,31 +1,41 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
let let
user = "rpqt"; user = "rpqt";
home = config.users.users.${user}.home; home = config.users.users.${user}.home;
domain = "home.rpqt.fr"; tld = "val";
subdomain = "genepi.${domain}"; domain = "genepi.${tld}";
in in
{ {
services.nginx.virtualHosts.${subdomain} = { services.nginx.virtualHosts.${domain} = {
forceSSL = true; forceSSL = true;
useACMEHost = "${domain}"; enableACME = true;
locations."/syncthing".proxyPass = "http://${config.services.syncthing.guiAddress}"; locations."/syncthing" = {
proxyPass = "http://${config.services.syncthing.guiAddress}";
};
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = user; user = user;
group = lib.mkForce "users"; group = lib.mkForce "users";
dataDir = home; dataDir = home;
configDir = lib.mkForce "${home}/.config/syncthing"; configDir = lib.mkForce "${home}/.config/syncthing";
guiAddress = "0.0.0.0:8384";
guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path; guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path;
}; };
networking.firewall.interfaces.wireguard = {
allowedTCPPorts = [ 8384 ];
};
clan.core.vars.generators.syncthing-gui = { clan.core.vars.generators.syncthing-gui = {
files.password = { files.password = {
secret = true; secret = true;

10
modules/lounge.nix
View file

@ -1,7 +1,13 @@
let
tld = "val";
domain = "lounge.${tld}";
in
{ {
services.nginx.virtualHosts."lounge.home.rpqt.fr" = { services.nginx.virtualHosts.${domain} = {
useACMEHost = "home.rpqt.fr"; enableACME = true;
forceSSL = true; forceSSL = true;
root = "/var/www/lounge"; root = "/var/www/lounge";
}; };
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
} }