TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-01-22 06:34:14 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

I haven't slept for 24 hours I literally couldn't care less

Browse source
This commit is contained in:
TheWanderingCrow 2026-01-15 22:59:57 -05:00
parent 5b53eff0f3
commit f24fc3fea2
9 changed files with 72 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/services/actualbudget/default.nix
View file

@ -85,8 +85,6 @@ in
reverse_proxy http://10.88.0.12
'';
"api.budget.wanderingcrow.net".extraConfig = ''
@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges
abort @block
reverse_proxy http://10.88.0.13:5007
'';
};

3
modules/services/fail2ban/default.nix
View file

@ -11,8 +11,5 @@
extraPackages = [
pkgs.curl
];
ignoreIP = [
inputs.nix-secrets.network.primary.publicIP
];
};
}

21
modules/services/mqtt/default.nix
View file

@ -1,14 +1,27 @@
{ inputs, config, ... }:
let
sopsFolder = inputs.nix-secrets + "/sops";
in
{
sops.secrets."frigate/mqtt/pass" = {
sopsFile = "${sopsFolder}/services.yaml";
};
services.mosquitto = {
enable = true;
listeners = [
{
acl = ["pattern readwrite #"];
omitPasswordAuth = true;
settings.allow_anonymous = true;
port = 1883;
users = {
frigate = {
passwordFile = config.sops.secrets."frigate/mqtt/pass".path;
acl = [
"readwrite frigate/#"
];
};
};
}
];
};
networking.firewall.allowedTCPPorts = [1883];
networking.firewall.allowedTCPPorts = [ 1883 ];
}

5
modules/services/ollama/proxy.nix
View file

@ -1,8 +1,7 @@
{inputs, ...}: {
{ inputs, ... }:
{
services.caddy = {
enable = true;
#@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges 72.213.172.231
#abort @block
virtualHosts."chat.wanderingcrow.net".extraConfig = ''
reverse_proxy http://192.168.0.72:3000
'';

69
modules/services/openhab/default.nix
View file

@ -1,41 +1,40 @@
let
volumePath = "/overseer/services";
in
{
lib,
config,
inputs,
...
}: {
systemd.tmpfiles.rules = [
"d ${volumePath}/openhab"
"d ${volumePath}/openhab/conf"
"d ${volumePath}/openhab/userdata"
"d ${volumePath}/openhab/addons"
];
###########
# Service #
###########
{
lib,
config,
inputs,
...
}:
{
systemd.tmpfiles.rules = [
"d ${volumePath}/openhab"
"d ${volumePath}/openhab/conf"
"d ${volumePath}/openhab/userdata"
"d ${volumePath}/openhab/addons"
];
###########
# Service #
###########
virtualisation.oci-containers = {
backend = "podman";
containers."openhab" = {
image = "openhab/openhab:milestone";
extraOptions = ["--ip=10.88.0.9"];
volumes = [
"${volumePath}/openhab/conf:/openhab/conf"
"${volumePath}/openhab/userdata:/openhab/userdata"
"${volumePath}/openhab/addons:/openhab/addons"
];
};
virtualisation.oci-containers = {
backend = "podman";
containers."openhab" = {
image = "openhab/openhab:milestone";
extraOptions = [ "--ip=10.88.0.9" ];
volumes = [
"${volumePath}/openhab/conf:/openhab/conf"
"${volumePath}/openhab/userdata:/openhab/userdata"
"${volumePath}/openhab/addons:/openhab/addons"
];
};
};
services.caddy = {
enable = true;
virtualHosts."openhab.wanderingcrow.net".extraConfig = ''
@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges
abort @block
reverse_proxy http://10.88.0.9:8080
'';
};
}
services.caddy = {
enable = true;
virtualHosts."openhab.wanderingcrow.net".extraConfig = ''
reverse_proxy http://10.88.0.9:8080
'';
};
}

5
modules/services/system-logging/proxy.nix
View file

@ -2,12 +2,11 @@
config,
inputs,
...
}: {
}:
{
services.caddy = {
enable = true;
virtualHosts."logs.wanderingcrow.net".extraConfig = ''
@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges
abort @block
reverse_proxy http://${builtins.toString config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}
'';
};