Myned/nixos
Myned/nixos
1
1
Fork 0
Code Issues Activity

Compare commits

base: Myned:2e55702e49e35caa4ccafab2659477c5eadb2d7f
Branches Tags
Myned:master
..
compare: Myned:ecf4bf815a2bb769d0f195a080235b8baae35b80
Branches Tags
Myned:master

No commits in common. "2e55702e49e35caa4ccafab2659477c5eadb2d7f" and "ecf4bf815a2bb769d0f195a080235b8baae35b80" have entirely different histories.
2e55702e49 ... ecf4bf815a

9 changed files with 24 additions and 99 deletions
Show stats Expand all files Collapse all files

5
options/custom/containers/actualbudget.nix
View file

@ -15,10 +15,11 @@ in {
virtualisation.arion.projects.actualbudget.settings.services = { virtualisation.arion.projects.actualbudget.settings.services = {
actualbudget.service = { actualbudget.service = {
container_name = "actualbudget"; container_name = "actualbudget";
image = "actualbudget/actual-server:25.2.0"; image = "actualbudget/actual-server:24.9.0";
ports = ["127.0.0.1:5006:5006"]; ports = ["5006:5006"];
restart = "unless-stopped"; restart = "unless-stopped";
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"]; volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
# TODO: Set up trusted proxies
}; };
}; };
}; };

56
options/custom/containers/adguardhome.nix
View file

@ -1,56 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.custom.containers.adguardhome;
in {
options = {
custom.containers.adguardhome.enable = mkOption {default = false;};
};
config = mkIf cfg.enable {
#?? arion-adguardhome pull
environment.shellAliases.arion-adguardhome = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.adguardhome.settings.out.dockerComposeYaml}";
virtualisation.arion.projects.adguardhome.settings.services = {
# https://github.com/AdguardTeam/AdGuardHome
# https://adguard-dns.io/kb/adguard-home/overview/
adguardhome.service = {
container_name = "adguardhome";
image = "adguard/adguardhome:v0.107.56";
ports = [
"53:53" # DNS
"853:853" # DNS-over-TLS
"3003:80" # Admin panel
"8443:443" # DNS-over-HTTPS
];
restart = "unless-stopped";
volumes = [
"${config.custom.containers.directory}/adguardhome/config:/opt/adguardhome/conf"
"${config.custom.containers.directory}/adguardhome/data:/opt/adguardhome/data"
];
};
};
# https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
networking.firewall = {
allowedTCPPorts = [
853 # DNS-over-TLS
];
allowedUDPPorts = [
53 # DNS
];
};
# https://adguard-dns.io/kb/adguard-home/faq/#bindinuse
services.resolved.extraConfig = ''
DNSStubListener=false
'';
};
}

20
options/custom/containers/coturn.nix
View file

@ -46,25 +46,5 @@ in {
}; };
}; };
}; };
networking.firewall = {
allowedTCPPorts = [
3478 # TURN
5349 # TURN
];
allowedUDPPorts = [
3478 # TURN
5349 # TURN
];
allowedUDPPortRanges = [
{
# TURN
from = 49152;
to = 65535;
}
];
};
}; };
} }

11
options/custom/containers/oryx.nix
View file

@ -38,16 +38,5 @@ in {
volumes = ["${config.custom.containers.directory}/oryx/data:/data"]; volumes = ["${config.custom.containers.directory}/oryx/data:/data"];
}; };
}; };
networking.firewall = {
allowedTCPPorts = [
1935 # RTMP
];
allowedUDPPorts = [
8000 # WebRTC
10080 # SRT
];
};
}; };
} }

6
options/custom/containers/owncast.nix
View file

@ -25,11 +25,5 @@ in {
]; ];
}; };
}; };
networking.firewall = {
allowedTCPPorts = [
1935 # RTMP
];
};
}; };
} }

20
options/custom/services/caddy.nix
View file

@ -54,9 +54,29 @@ in {
# https://github.com/coturn/coturn/blob/master/docker/coturn/README.md # https://github.com/coturn/coturn/blob/master/docker/coturn/README.md
# https://element-hq.github.io/synapse/latest/turn-howto.html # https://element-hq.github.io/synapse/latest/turn-howto.html
networking.firewall = { networking.firewall = {
enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
80 # HTTP 80 # HTTP
443 # HTTPS 443 # HTTPS
1935 # RTMP
3478 # TURN
5349 # TURN
];
allowedUDPPorts = [
3478 # TURN
5349 # TURN
8000 # WebRTC
10080 # SRT
];
allowedUDPPortRanges = [
{
# TURN
from = 49152;
to = 65535;
}
]; ];
}; };
}; };

2
options/custom/settings/networking.nix
View file

@ -9,7 +9,6 @@ in {
options.custom.settings.networking = { options.custom.settings.networking = {
enable = mkOption {default = false;}; enable = mkOption {default = false;};
dns = mkOption {default = config.custom.default;}; dns = mkOption {default = config.custom.default;};
firewall = mkOption {default = config.custom.default;};
ipv4 = mkOption {default = null;}; ipv4 = mkOption {default = null;};
ipv6 = mkOption {default = null;}; ipv6 = mkOption {default = null;};
networkd = mkOption {default = !cfg.networkmanager;}; networkd = mkOption {default = !cfg.networkmanager;};
@ -31,7 +30,6 @@ in {
# https://wiki.nixos.org/wiki/Networking # https://wiki.nixos.org/wiki/Networking
networking = { networking = {
hostName = config.custom.hostname; hostName = config.custom.hostname;
firewall.enable = cfg.firewall;
useNetworkd = cfg.networkd; useNetworkd = cfg.networkd;
wireless.iwd.enable = cfg.wifi; wireless.iwd.enable = cfg.wifi;

3
profiles/server/default.nix
View file

@ -10,8 +10,7 @@
containers = { containers = {
enable = true; enable = true;
boot = true; boot = true;
actualbudget.enable = true; #// actualbudget.enable = true;
adguardhome.enable = true;
conduwuit.enable = true; conduwuit.enable = true;
coturn.enable = true; coturn.enable = true;
forgejo.enable = true; forgejo.enable = true;

BIN
secrets/server/caddy/Caddyfile
View file

Binary file not shown.