rpqt/flocon
rpqt/flocon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move services to internal clan tld

Browse source
This commit is contained in:
Romain Paquet 2026-01-05 21:42:17 +01:00
parent 9e3d99231d
commit dda8ca5d0f
10 changed files with 83 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

11
machines/genepi/actual.nix
View file

@ -1,4 +1,7 @@
{ config, ... }:
let
domain = "actual.val";
in
{
services.actual = {
enable = true;
@ -8,12 +11,14 @@
};
};
services.nginx.virtualHosts."actual.home.rpqt.fr" = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "home.rpqt.fr";
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${builtins.toString config.services.actual.settings.port}";
};
clan.core.state.acutal.folders = [ "/var/lib/actual" ];
security.acme.certs.${domain}.server = "https://ca.val/acme/acme/directory";
clan.core.state.actual.folders = [ "/var/lib/actual" ];
}

12
machines/genepi/freshrss.nix
View file

@ -1,13 +1,13 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "rss.${domain}";
tld = "val";
domain = "rss.${tld}";
in
{
services.freshrss = {
enable = true;
baseUrl = "https://${subdomain}";
virtualHost = "${subdomain}";
baseUrl = "https://${domain}";
virtualHost = "${domain}";
defaultUser = "rpqt";
passwordFile = config.clan.core.vars.generators.freshrss.files.freshrss-password.path;
@ -15,9 +15,11 @@ in
services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
clan.core.vars.generators.freshrss = {
prompts.freshrss-password = {
description = "freshrss default user password";

21
machines/genepi/glance-config.nix
View file

@ -1,3 +1,4 @@
{ tld }:
{
theme = {
light = true;
@ -41,22 +42,22 @@
sites = [
{
title = "Immich";
url = "https://images.home.rpqt.fr";
url = "https://images.${tld}";
icon = "sh:immich";
}
{
title = "FreshRSS";
url = "https://rss.home.rpqt.fr";
url = "https://rss.${tld}";
icon = "sh:freshrss";
}
{
title = "Syncthing";
url = "https://genepi.home.rpqt.fr/syncthing";
url = "https://genepi.${tld}/syncthing";
icon = "sh:syncthing";
}
{
title = "Actual Budget";
url = "https://actual.home.rpqt.fr";
url = "https://actual.${tld}";
icon = "sh:actual-budget";
}
{
@ -66,12 +67,12 @@
}
{
title = "Pinchflat";
url = "https://pinchflat.home.rpqt.fr";
url = "https://pinchflat.${tld}";
icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png";
}
{
title = "Home Assistant";
url = "https://assistant.home.rpqt.fr";
url = "https://assistant.${tld}";
icon = "sh:home-assistant";
}
{
@ -98,12 +99,12 @@
sites = [
{
title = "Grafana";
url = "https://grafana.home.rpqt.fr";
url = "https://grafana.${tld}";
icon = "sh:grafana";
}
{
title = "Prometheus";
url = "http://genepi.home.rpqt.fr:9090";
url = "http://genepi.${tld}:9090";
icon = "sh:prometheus";
}
];
@ -115,7 +116,7 @@
sites = [
{
title = "Lounge";
url = "https://lounge.home.rpqt.fr";
url = "https://lounge.${tld}";
icon = "si:html5";
}
{
@ -178,7 +179,7 @@
cache = "12h";
feeds = [
{
url = "https://rss.home.rpqt.fr/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss";
url = "https://rss.${tld}/api/query.php?user=rpqt&t=74HfeLZ6Wu9h4MmjNR38Rz&f=rss";
}
];
}

12
machines/genepi/glance.nix
View file

@ -1,18 +1,20 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "glance.${domain}";
tld = "val";
domain = "glance.${tld}";
in
{
services.glance = {
enable = true;
settings = ./glance-config.nix;
settings = (import ./glance-config.nix) { inherit tld; };
};
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${toString config.services.glance.settings.server.port}";
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

10
machines/genepi/homeassistant.nix
View file

@ -1,7 +1,7 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "assistant.${domain}";
tld = "val";
domain = "assistant.${tld}";
in
{
services.home-assistant = {
@ -26,9 +26,9 @@ in
};
};
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
extraConfig = ''
proxy_buffering off;
'';
@ -37,4 +37,6 @@ in
proxyWebsockets = true;
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

12
machines/genepi/immich.nix
View file

@ -1,19 +1,19 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
subdomain = "images.${domain}";
tld = "val";
domain = "images.${tld}";
in
{
services.immich = {
enable = true;
settings = {
server.externalDomain = "https://${subdomain}";
server.externalDomain = "https://${domain}";
};
};
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
locations."/" = {
proxyPass = "http://${toString config.services.immich.host}:${toString config.services.immich.port}";
proxyWebsockets = true;
@ -26,5 +26,7 @@ in
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
clan.core.state.immich.folders = [ "/var/lib/immich" ];
}

9
machines/genepi/monitoring/grafana.nix
View file

@ -1,6 +1,6 @@
{ config, ... }:
let
domain = "home.rpqt.fr";
tld = "val";
in
{
services.grafana = {
@ -8,7 +8,7 @@ in
settings = {
server = {
http_port = 3000;
domain = "grafana.${domain}";
domain = "grafana.${tld}";
};
};
provision = {
@ -31,10 +31,13 @@ in
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
forceSSL = true;
useACMEHost = "${domain}";
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
security.acme.certs.${config.services.grafana.settings.server.domain}.server =
"https://ca.${tld}/acme/acme/directory";
}

10
machines/genepi/pinchflat.nix
View file

@ -3,6 +3,10 @@
pkgs,
...
}:
let
tld = "val";
domain = "pinchflat.${tld}";
in
{
services.pinchflat = {
enable = true;
@ -23,9 +27,11 @@
clan.core.state.pinchflat.folders = [ "/var/lib/pinchflat" ];
services.nginx.virtualHosts."pinchflat.home.rpqt.fr" = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "home.rpqt.fr";
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.pinchflat.port}";
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}

20
machines/genepi/syncthing.nix
View file

@ -1,31 +1,41 @@
{
config,
lib,
pkgs,
...
}:
let
user = "rpqt";
home = config.users.users.${user}.home;
domain = "home.rpqt.fr";
subdomain = "genepi.${domain}";
tld = "val";
domain = "genepi.${tld}";
in
{
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/syncthing".proxyPass = "http://${config.services.syncthing.guiAddress}";
enableACME = true;
locations."/syncthing" = {
proxyPass = "http://${config.services.syncthing.guiAddress}";
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
services.syncthing = {
enable = true;
user = user;
group = lib.mkForce "users";
dataDir = home;
configDir = lib.mkForce "${home}/.config/syncthing";
guiAddress = "0.0.0.0:8384";
guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path;
};
networking.firewall.interfaces.wireguard = {
allowedTCPPorts = [ 8384 ];
};
clan.core.vars.generators.syncthing-gui = {
files.password = {
secret = true;

10
modules/lounge.nix
View file

@ -1,7 +1,13 @@
let
tld = "val";
domain = "lounge.${tld}";
in
{
services.nginx.virtualHosts."lounge.home.rpqt.fr" = {
useACMEHost = "home.rpqt.fr";
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
root = "/var/www/lounge";
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
}