Myned/nixos
Myned/nixos
1
1
Fork 0
Code Issues Activity

Compare commits

base: Myned:2e55702e49e35caa4ccafab2659477c5eadb2d7f
Branches Tags
Myned:master
...
compare: Myned:5a98adcd2731501899a9aac8fc2d222047ba40c4
Branches Tags
Myned:master

8 commits
2e55702e49 ... 5a98adcd27

Author SHA1 Message Date
Myned
5a98adcd27
agenix: modify Caddyfile 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:44:05 -06:00
Myned
225766361e
caddy: add disabled plugins 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:43:53 -06:00
Myned
0fc8faa151
search: use kagi for reddit 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:43:28 -06:00
Myned
c35b0147c3
sysctl: increase quic buffer 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:43:03 -06:00
Myned
00dc56ae04
pkgs: add q 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:42:44 -06:00
Myned
a55109782c
adguardhome: fix ports 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:42:34 -06:00
Myned
88e234f0ac
containers: explicitly indicate tcp ports 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:42:13 -06:00
Myned
a169bf2511
actualbudget: upgrade to 25.2.1 
Signed-off-by: Myned <dev@bjork.tech>
 2025-02-06 20:41:26 -06:00
21 changed files with 55 additions and 28 deletions
Show stats Expand all files Collapse all files

4
options/custom/containers/actualbudget.nix
View file

@ -15,8 +15,8 @@ in {
virtualisation.arion.projects.actualbudget.settings.services = { virtualisation.arion.projects.actualbudget.settings.services = {
actualbudget.service = { actualbudget.service = {
container_name = "actualbudget"; container_name = "actualbudget";
image = "actualbudget/actual-server:25.2.0"; image = "actualbudget/actual-server:25.2.1";
ports = ["127.0.0.1:5006:5006"]; ports = ["127.0.0.1:5006:5006/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"]; volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
}; };

13
options/custom/containers/adguardhome.nix
View file

@ -17,15 +17,18 @@ in {
virtualisation.arion.projects.adguardhome.settings.services = { virtualisation.arion.projects.adguardhome.settings.services = {
# https://github.com/AdguardTeam/AdGuardHome # https://github.com/AdguardTeam/AdGuardHome
# https://adguard-dns.io/kb/adguard-home/overview/ # https://adguard-dns.io/kb/adguard-home/overview/
#?? ls /var/lib/caddy/.local/share/caddy/certificates/*
adguardhome.service = { adguardhome.service = {
container_name = "adguardhome"; container_name = "adguardhome";
image = "adguard/adguardhome:v0.107.56"; image = "adguard/adguardhome:v0.107.56";
ports = [ ports = [
"53:53" # DNS "53:53/tcp" # DNS
"853:853" # DNS-over-TLS "53:53/udp" # DNS
"3003:80" # Admin panel "853:853/tcp" # DNS-over-TLS
"8443:443" # DNS-over-HTTPS "853:853/udp" # DNS-over-QUIC
"3003:80/tcp" # Admin panel
"8443:443/tcp" # DNS-over-HTTPS
]; ];
restart = "unless-stopped"; restart = "unless-stopped";
@ -40,11 +43,13 @@ in {
# https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption # https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
53 # DNS
853 # DNS-over-TLS 853 # DNS-over-TLS
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
53 # DNS 53 # DNS
853 # DNS-over-QUIC
]; ];
}; };

2
options/custom/containers/conduwuit.nix
View file

@ -25,7 +25,7 @@ in {
conduwuit.service = { conduwuit.service = {
container_name = "conduwuit"; container_name = "conduwuit";
image = "girlbossceo/conduwuit:main"; image = "girlbossceo/conduwuit:main";
ports = ["127.0.0.1:6167:6167"]; ports = ["127.0.0.1:6167:6167/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
environment = { environment = {

4
options/custom/containers/forgejo.nix
View file

@ -38,8 +38,8 @@ in {
volumes = ["${config.custom.containers.directory}/forgejo/data:/data"]; volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
ports = [ ports = [
"127.0.0.1:3333:3000" "127.0.0.1:3333:3000/tcp"
"22:2222" "22:2222/tcp"
]; ];
}; };

2
options/custom/containers/foundryvtt.nix
View file

@ -26,7 +26,7 @@ in {
container_name = "foundryvtt"; container_name = "foundryvtt";
env_file = [config.age.secrets."${config.custom.profile}/foundryvtt/.env".path]; env_file = [config.age.secrets."${config.custom.profile}/foundryvtt/.env".path];
image = "felddy/foundryvtt:12"; image = "felddy/foundryvtt:12";
ports = ["127.0.0.1:30000:30000"]; ports = ["127.0.0.1:30000:30000/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"]; volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
}; };

4
options/custom/containers/headscale.nix
View file

@ -35,8 +35,8 @@ in {
restart = "unless-stopped"; restart = "unless-stopped";
ports = [ ports = [
"9999:9999" "9999:9999/tcp"
"9090:9090" "9090:9090/tcp"
]; ];
volumes = [ volumes = [

2
options/custom/containers/homeassistant.nix
View file

@ -16,7 +16,7 @@ in {
homeassistant.service = { homeassistant.service = {
container_name = "homeassistant"; container_name = "homeassistant";
image = "homeassistant/home-assistant:2025.1"; image = "homeassistant/home-assistant:2025.1";
ports = ["8123:8123"]; ports = ["8123:8123/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"]; volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
}; };

2
options/custom/containers/mastodon.nix
View file

@ -29,7 +29,7 @@ in {
container_name = "mastodon"; container_name = "mastodon";
env_file = [config.age.secrets."${config.custom.profile}/mastodon/.env".path]; env_file = [config.age.secrets."${config.custom.profile}/mastodon/.env".path];
image = "lscr.io/linuxserver/mastodon:4.3.3"; image = "lscr.io/linuxserver/mastodon:4.3.3";
ports = ["3000:443"]; ports = ["3000:443/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.containers.directory}/mastodon/config:/config"]; volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];

2
options/custom/containers/netbox/default.nix
View file

@ -39,7 +39,7 @@ in {
netbox.service = netbox.service =
netbox netbox
// { // {
ports = ["8585:8080"]; ports = ["8585:8080/tcp"];
# https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins # https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
#!! Context modifications require a rebuild #!! Context modifications require a rebuild

2
options/custom/containers/nextcloud.nix
View file

@ -28,7 +28,7 @@ in {
container_name = "nextcloud"; container_name = "nextcloud";
env_file = [config.age.secrets."${config.custom.profile}/nextcloud/.env".path]; env_file = [config.age.secrets."${config.custom.profile}/nextcloud/.env".path];
image = "nextcloud:29-apache"; image = "nextcloud:29-apache";
ports = ["127.0.0.1:8181:80"]; ports = ["127.0.0.1:8181:80/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = [ volumes = [

4
options/custom/containers/oryx.nix
View file

@ -28,8 +28,8 @@ in {
image = "ossrs/oryx:5"; image = "ossrs/oryx:5";
ports = [ ports = [
"127.0.0.1:2022:2022" # HTTP "127.0.0.1:2022:2022/tcp" # HTTP
"1935:1935" # RTMP "1935:1935/tcp" # RTMP
"8000:8000/udp" # WebRTC "8000:8000/udp" # WebRTC
"10080:10080/udp" # SRT "10080:10080/udp" # SRT
]; ];

4
options/custom/containers/owncast.nix
View file

@ -20,8 +20,8 @@ in {
volumes = ["${config.custom.containers.directory}/owncast/data:/app/data"]; volumes = ["${config.custom.containers.directory}/owncast/data:/app/data"];
ports = [ ports = [
"1935:1935" "1935:1935/tcp"
"127.0.0.1:8800:8080" "127.0.0.1:8800:8080/tcp"
]; ];
}; };
}; };

2
options/custom/containers/redlib.nix
View file

@ -16,7 +16,7 @@ in {
redlib.service = { redlib.service = {
container_name = "redlib"; container_name = "redlib";
image = "quay.io/redlib/redlib:latest"; image = "quay.io/redlib/redlib:latest";
ports = ["127.0.0.1:8888:8080"]; ports = ["127.0.0.1:8888:8080/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
environment = { environment = {

2
options/custom/containers/searxng/default.nix
View file

@ -29,7 +29,7 @@ in {
depends_on = ["cache"]; depends_on = ["cache"];
env_file = [config.age.secrets."${config.custom.profile}/searxng/.env".path]; env_file = [config.age.secrets."${config.custom.profile}/searxng/.env".path];
image = "searxng/searxng:latest"; image = "searxng/searxng:latest";
ports = ["127.0.0.1:8000:8080"]; ports = ["127.0.0.1:8000:8080/tcp"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = [ volumes = [

2
options/custom/programs/chromium.nix
View file

@ -270,7 +270,7 @@ in {
{ {
name = "Reddit"; name = "Reddit";
shortcut = "r"; shortcut = "r";
url = "https://www.google.com/search?q=site%3Areddit.com+{searchTerms}"; url = "https://kagi.com/search?q=site%3Areddit.com+{searchTerms}";
} }
{ {

2
options/custom/programs/firefox.nix
View file

@ -497,7 +497,7 @@ in {
Name = "Reddit"; Name = "Reddit";
Alias = "r"; Alias = "r";
IconURL = "https://www.redditstatic.com/desktop2x/img/favicon/favicon-96x96.png"; IconURL = "https://www.redditstatic.com/desktop2x/img/favicon/favicon-96x96.png";
URLTemplate = "https://www.google.com/search?q=site%3Areddit.com+{searchTerms}"; URLTemplate = "https://kagi.com/search?q=site%3Areddit.com+{searchTerms}";
} }
{ {

2
options/custom/programs/walker/search.sh
View file

@ -209,7 +209,7 @@ case "$1" in
'r '*) 'r '*)
label="Reddit" label="Reddit"
icon="reddit" icon="reddit"
url="https://www.google.com/search?q=site%3Areddit.com+" url="https://kagi.com/search?q=site%3Areddit.com+"
query="${1:2}" query="${1:2}"
;; ;;
's '*) 's '*)

23
options/custom/services/caddy.nix
View file

@ -2,6 +2,7 @@
config, config,
inputs, inputs,
lib, lib,
pkgs,
... ...
}: }:
with lib; let with lib; let
@ -26,6 +27,25 @@ in {
caddy = { caddy = {
enable = true; enable = true;
# BUG: DNS-over-TLS not currently functional, reattempt when fixed or PROXY protocol supported
# https://github.com/mholt/caddy-l4/issues/276
# https://github.com/AdguardTeam/AdGuardHome/issues/2798
# TODO: Use stable package when available with plugins
# https://github.com/NixOS/nixpkgs/pull/358586
# package = pkgs.unstable.caddy.withPlugins {
# #?? Copy from failed build
# hash = "sha256-rB2exWVfKS82QpAuEM6+PlUNNmd8sqxvqNHRxCVIE/c=";
# #?? REPO@TAG
# plugins = [
# # https://github.com/mholt/caddy-l4
# "github.com/mholt/caddy-l4@v0.0.0-20250124234235-87e3e5e2c7f9"
# # https://github.com/tailscale/caddy-tailscale
# "github.com/tailscale/caddy-tailscale@v0.0.0-20250207004440-fd3f49d73216"
# ];
# };
# TODO: Convert services to Tailscale subdomains when supported or use plugin when supported by nix # TODO: Convert services to Tailscale subdomains when supported or use plugin when supported by nix
# https://github.com/tailscale/tailscale/issues/7081 # https://github.com/tailscale/tailscale/issues/7081
# https://github.com/tailscale/caddy-tailscale # https://github.com/tailscale/caddy-tailscale
@ -50,9 +70,6 @@ in {
}; };
}; };
# https://wiki.nixos.org/wiki/Firewall
# https://github.com/coturn/coturn/blob/master/docker/coturn/README.md
# https://element-hq.github.io/synapse/latest/turn-howto.html
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
80 # HTTP 80 # HTTP

4
options/custom/settings/boot.nix
View file

@ -48,6 +48,10 @@ in {
# https://docs.syncthing.net/users/faq.html#inotify-limits # https://docs.syncthing.net/users/faq.html#inotify-limits
"fs.inotify.max_user_watches" = 204800; "fs.inotify.max_user_watches" = 204800;
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
"net.core.rmem_max" = 7500000;
"net.core.wmem_max" = 7500000;
}; };
loader = { loader = {

1
options/custom/settings/packages.nix
View file

@ -35,6 +35,7 @@ in {
nmap # Network scanner nmap # Network scanner
nvd # Nix diff viewer nvd # Nix diff viewer
progress # Coreutils progress viewer progress # Coreutils progress viewer
q # DNS tester
rclone # File sync rclone # File sync
stress # CPU stress tester stress # CPU stress tester
testdisk # Data recovery tool testdisk # Data recovery tool

BIN
secrets/server/caddy/Caddyfile
View file

Binary file not shown.