Compare commits
8 commits
2e55702e49
...
5a98adcd27
| Author | SHA1 | Date | |
|---|---|---|---|
5a98adcd27
|
|||
|
225766361e
|
|||
|
0fc8faa151
|
|||
|
c35b0147c3
|
|||
|
00dc56ae04
|
|||
|
a55109782c
|
|||
|
88e234f0ac
|
|||
|
a169bf2511
|
21 changed files with 55 additions and 28 deletions
|
|
@ -15,8 +15,8 @@ in {
|
|||
virtualisation.arion.projects.actualbudget.settings.services = {
|
||||
actualbudget.service = {
|
||||
container_name = "actualbudget";
|
||||
image = "actualbudget/actual-server:25.2.0";
|
||||
ports = ["127.0.0.1:5006:5006"];
|
||||
image = "actualbudget/actual-server:25.2.1";
|
||||
ports = ["127.0.0.1:5006:5006/tcp"];
|
||||
restart = "unless-stopped";
|
||||
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -17,15 +17,18 @@ in {
|
|||
virtualisation.arion.projects.adguardhome.settings.services = {
|
||||
# https://github.com/AdguardTeam/AdGuardHome
|
||||
# https://adguard-dns.io/kb/adguard-home/overview/
|
||||
#?? ls /var/lib/caddy/.local/share/caddy/certificates/*
|
||||
adguardhome.service = {
|
||||
container_name = "adguardhome";
|
||||
image = "adguard/adguardhome:v0.107.56";
|
||||
|
||||
ports = [
|
||||
"53:53" # DNS
|
||||
"853:853" # DNS-over-TLS
|
||||
"3003:80" # Admin panel
|
||||
"8443:443" # DNS-over-HTTPS
|
||||
"53:53/tcp" # DNS
|
||||
"53:53/udp" # DNS
|
||||
"853:853/tcp" # DNS-over-TLS
|
||||
"853:853/udp" # DNS-over-QUIC
|
||||
"3003:80/tcp" # Admin panel
|
||||
"8443:443/tcp" # DNS-over-HTTPS
|
||||
];
|
||||
|
||||
restart = "unless-stopped";
|
||||
|
|
@ -40,11 +43,13 @@ in {
|
|||
# https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
53 # DNS
|
||||
853 # DNS-over-TLS
|
||||
];
|
||||
|
||||
allowedUDPPorts = [
|
||||
53 # DNS
|
||||
853 # DNS-over-QUIC
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ in {
|
|||
conduwuit.service = {
|
||||
container_name = "conduwuit";
|
||||
image = "girlbossceo/conduwuit:main";
|
||||
ports = ["127.0.0.1:6167:6167"];
|
||||
ports = ["127.0.0.1:6167:6167/tcp"];
|
||||
restart = "unless-stopped";
|
||||
|
||||
environment = {
|
||||
|
|
|
|||
|
|
@ -38,8 +38,8 @@ in {
|
|||
volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
|
||||
|
||||
ports = [
|
||||
"127.0.0.1:3333:3000"
|
||||
"22:2222"
|
||||
"127.0.0.1:3333:3000/tcp"
|
||||
"22:2222/tcp"
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ in {
|
|||
container_name = "foundryvtt";
|
||||
env_file = [config.age.secrets."${config.custom.profile}/foundryvtt/.env".path];
|
||||
image = "felddy/foundryvtt:12";
|
||||
ports = ["127.0.0.1:30000:30000"];
|
||||
ports = ["127.0.0.1:30000:30000/tcp"];
|
||||
restart = "unless-stopped";
|
||||
volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -35,8 +35,8 @@ in {
|
|||
restart = "unless-stopped";
|
||||
|
||||
ports = [
|
||||
"9999:9999"
|
||||
"9090:9090"
|
||||
"9999:9999/tcp"
|
||||
"9090:9090/tcp"
|
||||
];
|
||||
|
||||
volumes = [
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ in {
|
|||
homeassistant.service = {
|
||||
container_name = "homeassistant";
|
||||
image = "homeassistant/home-assistant:2025.1";
|
||||
ports = ["8123:8123"];
|
||||
ports = ["8123:8123/tcp"];
|
||||
restart = "unless-stopped";
|
||||
volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ in {
|
|||
container_name = "mastodon";
|
||||
env_file = [config.age.secrets."${config.custom.profile}/mastodon/.env".path];
|
||||
image = "lscr.io/linuxserver/mastodon:4.3.3";
|
||||
ports = ["3000:443"];
|
||||
ports = ["3000:443/tcp"];
|
||||
restart = "unless-stopped";
|
||||
volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];
|
||||
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ in {
|
|||
netbox.service =
|
||||
netbox
|
||||
// {
|
||||
ports = ["8585:8080"];
|
||||
ports = ["8585:8080/tcp"];
|
||||
|
||||
# https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
|
||||
#!! Context modifications require a rebuild
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ in {
|
|||
container_name = "nextcloud";
|
||||
env_file = [config.age.secrets."${config.custom.profile}/nextcloud/.env".path];
|
||||
image = "nextcloud:29-apache";
|
||||
ports = ["127.0.0.1:8181:80"];
|
||||
ports = ["127.0.0.1:8181:80/tcp"];
|
||||
restart = "unless-stopped";
|
||||
|
||||
volumes = [
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ in {
|
|||
image = "ossrs/oryx:5";
|
||||
|
||||
ports = [
|
||||
"127.0.0.1:2022:2022" # HTTP
|
||||
"1935:1935" # RTMP
|
||||
"127.0.0.1:2022:2022/tcp" # HTTP
|
||||
"1935:1935/tcp" # RTMP
|
||||
"8000:8000/udp" # WebRTC
|
||||
"10080:10080/udp" # SRT
|
||||
];
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ in {
|
|||
volumes = ["${config.custom.containers.directory}/owncast/data:/app/data"];
|
||||
|
||||
ports = [
|
||||
"1935:1935"
|
||||
"127.0.0.1:8800:8080"
|
||||
"1935:1935/tcp"
|
||||
"127.0.0.1:8800:8080/tcp"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ in {
|
|||
redlib.service = {
|
||||
container_name = "redlib";
|
||||
image = "quay.io/redlib/redlib:latest";
|
||||
ports = ["127.0.0.1:8888:8080"];
|
||||
ports = ["127.0.0.1:8888:8080/tcp"];
|
||||
restart = "unless-stopped";
|
||||
|
||||
environment = {
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ in {
|
|||
depends_on = ["cache"];
|
||||
env_file = [config.age.secrets."${config.custom.profile}/searxng/.env".path];
|
||||
image = "searxng/searxng:latest";
|
||||
ports = ["127.0.0.1:8000:8080"];
|
||||
ports = ["127.0.0.1:8000:8080/tcp"];
|
||||
restart = "unless-stopped";
|
||||
|
||||
volumes = [
|
||||
|
|
|
|||
|
|
@ -270,7 +270,7 @@ in {
|
|||
{
|
||||
name = "Reddit";
|
||||
shortcut = "r";
|
||||
url = "https://www.google.com/search?q=site%3Areddit.com+{searchTerms}";
|
||||
url = "https://kagi.com/search?q=site%3Areddit.com+{searchTerms}";
|
||||
}
|
||||
|
||||
{
|
||||
|
|
|
|||
|
|
@ -497,7 +497,7 @@ in {
|
|||
Name = "Reddit";
|
||||
Alias = "r";
|
||||
IconURL = "https://www.redditstatic.com/desktop2x/img/favicon/favicon-96x96.png";
|
||||
URLTemplate = "https://www.google.com/search?q=site%3Areddit.com+{searchTerms}";
|
||||
URLTemplate = "https://kagi.com/search?q=site%3Areddit.com+{searchTerms}";
|
||||
}
|
||||
|
||||
{
|
||||
|
|
|
|||
|
|
@ -209,7 +209,7 @@ case "$1" in
|
|||
'r '*)
|
||||
label="Reddit"
|
||||
icon="reddit"
|
||||
url="https://www.google.com/search?q=site%3Areddit.com+"
|
||||
url="https://kagi.com/search?q=site%3Areddit.com+"
|
||||
query="${1:2}"
|
||||
;;
|
||||
's '*)
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
|
|
@ -26,6 +27,25 @@ in {
|
|||
caddy = {
|
||||
enable = true;
|
||||
|
||||
# BUG: DNS-over-TLS not currently functional, reattempt when fixed or PROXY protocol supported
|
||||
# https://github.com/mholt/caddy-l4/issues/276
|
||||
# https://github.com/AdguardTeam/AdGuardHome/issues/2798
|
||||
# TODO: Use stable package when available with plugins
|
||||
# https://github.com/NixOS/nixpkgs/pull/358586
|
||||
# package = pkgs.unstable.caddy.withPlugins {
|
||||
# #?? Copy from failed build
|
||||
# hash = "sha256-rB2exWVfKS82QpAuEM6+PlUNNmd8sqxvqNHRxCVIE/c=";
|
||||
|
||||
# #?? REPO@TAG
|
||||
# plugins = [
|
||||
# # https://github.com/mholt/caddy-l4
|
||||
# "github.com/mholt/caddy-l4@v0.0.0-20250124234235-87e3e5e2c7f9"
|
||||
|
||||
# # https://github.com/tailscale/caddy-tailscale
|
||||
# "github.com/tailscale/caddy-tailscale@v0.0.0-20250207004440-fd3f49d73216"
|
||||
# ];
|
||||
# };
|
||||
|
||||
# TODO: Convert services to Tailscale subdomains when supported or use plugin when supported by nix
|
||||
# https://github.com/tailscale/tailscale/issues/7081
|
||||
# https://github.com/tailscale/caddy-tailscale
|
||||
|
|
@ -50,9 +70,6 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# https://wiki.nixos.org/wiki/Firewall
|
||||
# https://github.com/coturn/coturn/blob/master/docker/coturn/README.md
|
||||
# https://element-hq.github.io/synapse/latest/turn-howto.html
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [
|
||||
80 # HTTP
|
||||
|
|
|
|||
|
|
@ -48,6 +48,10 @@ in {
|
|||
|
||||
# https://docs.syncthing.net/users/faq.html#inotify-limits
|
||||
"fs.inotify.max_user_watches" = 204800;
|
||||
|
||||
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
|
||||
"net.core.rmem_max" = 7500000;
|
||||
"net.core.wmem_max" = 7500000;
|
||||
};
|
||||
|
||||
loader = {
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ in {
|
|||
nmap # Network scanner
|
||||
nvd # Nix diff viewer
|
||||
progress # Coreutils progress viewer
|
||||
q # DNS tester
|
||||
rclone # File sync
|
||||
stress # CPU stress tester
|
||||
testdisk # Data recovery tool
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Add table
Reference in a new issue