TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-03-11 13:24:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

I haven't slept for 24 hours I literally couldn't care less

Browse source
This commit is contained in:
TheWanderingCrow 2026-01-15 22:59:57 -05:00
parent 5b53eff0f3
commit f24fc3fea2
9 changed files with 72 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

8
flake.lock generated
View file

@ -308,11 +308,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768333551, "lastModified": 1768736546,
"narHash": "sha256-6NHNKXhqYmd2qijZlzJQPL4Tj8m6BjtaapW+6JBSibM=", "narHash": "sha256-xaV4wHscyAmx81otKSk0KtjKrJLNQubcCsn4hFtnxMc=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "ae5835ad7cdeb9953b416de89bf265ac697f956d", "rev": "4a28f177c02450a7ef951fc4858e61e9cba67001",
"revCount": 167, "revCount": 171,
"type": "git", "type": "git",
"url": "ssh://git@github.com/TheWanderingCrow/nix-secrets" "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
}, },

2
hosts/nixos/HandlerOne/default.nix
View file

@ -47,8 +47,6 @@
# Hosted services # Hosted services
"modules/services/mealie" "modules/services/mealie"
"modules/services/actualbudget" "modules/services/actualbudget"
# "modules/services/frigate"
"modules/services/homepage"
"modules/services/mqtt" "modules/services/mqtt"
"modules/services/lubelogger" "modules/services/lubelogger"
"modules/services/trilium" "modules/services/trilium"

15
modules/quadlets/frigate/default.nix
View file

@ -25,6 +25,9 @@ let
enabled = true; enabled = true;
host = "host.containers.internal"; host = "host.containers.internal";
port = 1883; port = 1883;
topic_prefix = "frigate";
user = "{FRIGATE_MQTT_USER}";
password = "{FRIGATE_MQTT_PASSWORD}";
}; };
ui = { ui = {
timezone = "America/New_York"; timezone = "America/New_York";
@ -78,7 +81,7 @@ let
#################### ####################
record = { record = {
enabled = true; enabled = true;
retain.days = 0; # as per official documentation continuous.days = 0; # as per official documentation
alerts.retain.days = 14; alerts.retain.days = 14;
detections.retain.days = 14; detections.retain.days = 14;
}; };
@ -146,11 +149,19 @@ in
sops = { sops = {
templates."frigate_env".content = '' templates."frigate_env".content = ''
FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"} FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
FRIGATE_MQTT_USER=${config.sops.placeholder."frigate/mqtt/user"}
FRIGATE_MQTT_PASSWORD=${config.sops.placeholder."frigate/mqtt/pass"}
''; '';
secrets = { secrets = {
"frigate/jwt" = { "frigate/jwt" = {
sopsFile = "${sopsFolder}/services.yaml"; sopsFile = "${sopsFolder}/services.yaml";
}; };
"frigate/mqtt/user" = {
sopsFile = "${sopsFolder}/services.yaml";
};
"frigate/mqtt/pass" = {
sopsFile = "${sopsFolder}/services.yaml";
};
}; };
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
@ -163,7 +174,7 @@ in
virtualisation.quadlet = { virtualisation.quadlet = {
containers = { containers = {
frigate.containerConfig = { frigate.containerConfig = {
image = "ghcr.io/blakeblackshear/frigate:0.17.0-beta1"; image = "ghcr.io/blakeblackshear/frigate:0.17.0-beta2";
environmentFiles = [ config.sops.templates."frigate_env".path ]; environmentFiles = [ config.sops.templates."frigate_env".path ];
devices = [ devices = [
"/dev/bus/usb:/dev/bus/usb" "/dev/bus/usb:/dev/bus/usb"

2
modules/services/actualbudget/default.nix
View file

@ -85,8 +85,6 @@ in
reverse_proxy http://10.88.0.12 reverse_proxy http://10.88.0.12
''; '';
"api.budget.wanderingcrow.net".extraConfig = '' "api.budget.wanderingcrow.net".extraConfig = ''
@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges
abort @block
reverse_proxy http://10.88.0.13:5007 reverse_proxy http://10.88.0.13:5007
''; '';
}; };

3
modules/services/fail2ban/default.nix
View file

@ -11,8 +11,5 @@
extraPackages = [ extraPackages = [
pkgs.curl pkgs.curl
]; ];
ignoreIP = [
inputs.nix-secrets.network.primary.publicIP
];
}; };
} }

21
modules/services/mqtt/default.nix
View file

@ -1,14 +1,27 @@
{ inputs, config, ... }:
let
sopsFolder = inputs.nix-secrets + "/sops";
in
{ {
sops.secrets."frigate/mqtt/pass" = {
sopsFile = "${sopsFolder}/services.yaml";
};
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
listeners = [ listeners = [
{ {
acl = ["pattern readwrite #"]; port = 1883;
omitPasswordAuth = true; users = {
settings.allow_anonymous = true; frigate = {
passwordFile = config.sops.secrets."frigate/mqtt/pass".path;
acl = [
"readwrite frigate/#"
];
};
};
} }
]; ];
}; };
networking.firewall.allowedTCPPorts = [1883]; networking.firewall.allowedTCPPorts = [ 1883 ];
} }

5
modules/services/ollama/proxy.nix
View file

@ -1,8 +1,7 @@
{inputs, ...}: { { inputs, ... }:
{
services.caddy = { services.caddy = {
enable = true; enable = true;
#@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges 72.213.172.231
#abort @block
virtualHosts."chat.wanderingcrow.net".extraConfig = '' virtualHosts."chat.wanderingcrow.net".extraConfig = ''
reverse_proxy http://192.168.0.72:3000 reverse_proxy http://192.168.0.72:3000
''; '';

69
modules/services/openhab/default.nix
View file

@ -1,41 +1,40 @@
let let
volumePath = "/overseer/services"; volumePath = "/overseer/services";
in in
{ {
lib, lib,
config, config,
inputs, inputs,
... ...
}: { }:
systemd.tmpfiles.rules = [ {
"d ${volumePath}/openhab" systemd.tmpfiles.rules = [
"d ${volumePath}/openhab/conf" "d ${volumePath}/openhab"
"d ${volumePath}/openhab/userdata" "d ${volumePath}/openhab/conf"
"d ${volumePath}/openhab/addons" "d ${volumePath}/openhab/userdata"
]; "d ${volumePath}/openhab/addons"
########### ];
# Service # ###########
########### # Service #
###########
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "podman"; backend = "podman";
containers."openhab" = { containers."openhab" = {
image = "openhab/openhab:milestone"; image = "openhab/openhab:milestone";
extraOptions = ["--ip=10.88.0.9"]; extraOptions = [ "--ip=10.88.0.9" ];
volumes = [ volumes = [
"${volumePath}/openhab/conf:/openhab/conf" "${volumePath}/openhab/conf:/openhab/conf"
"${volumePath}/openhab/userdata:/openhab/userdata" "${volumePath}/openhab/userdata:/openhab/userdata"
"${volumePath}/openhab/addons:/openhab/addons" "${volumePath}/openhab/addons:/openhab/addons"
]; ];
};
}; };
};
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts."openhab.wanderingcrow.net".extraConfig = '' virtualHosts."openhab.wanderingcrow.net".extraConfig = ''
@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges reverse_proxy http://10.88.0.9:8080
abort @block '';
reverse_proxy http://10.88.0.9:8080 };
''; }
};
}

5
modules/services/system-logging/proxy.nix
View file

@ -2,12 +2,11 @@
config, config,
inputs, inputs,
... ...
}: { }:
{
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts."logs.wanderingcrow.net".extraConfig = '' virtualHosts."logs.wanderingcrow.net".extraConfig = ''
@block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges
abort @block
reverse_proxy http://${builtins.toString config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port} reverse_proxy http://${builtins.toString config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}
''; '';
}; };