Compare commits
No commits in common. "5a98adcd2731501899a9aac8fc2d222047ba40c4" and "2e55702e49e35caa4ccafab2659477c5eadb2d7f" have entirely different histories.
5a98adcd27
...
2e55702e49
21 changed files with 28 additions and 55 deletions
|
|
@ -15,8 +15,8 @@ in {
|
||||||
virtualisation.arion.projects.actualbudget.settings.services = {
|
virtualisation.arion.projects.actualbudget.settings.services = {
|
||||||
actualbudget.service = {
|
actualbudget.service = {
|
||||||
container_name = "actualbudget";
|
container_name = "actualbudget";
|
||||||
image = "actualbudget/actual-server:25.2.1";
|
image = "actualbudget/actual-server:25.2.0";
|
||||||
ports = ["127.0.0.1:5006:5006/tcp"];
|
ports = ["127.0.0.1:5006:5006"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
|
volumes = ["${config.custom.containers.directory}/actualbudget/data:/data"];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -17,18 +17,15 @@ in {
|
||||||
virtualisation.arion.projects.adguardhome.settings.services = {
|
virtualisation.arion.projects.adguardhome.settings.services = {
|
||||||
# https://github.com/AdguardTeam/AdGuardHome
|
# https://github.com/AdguardTeam/AdGuardHome
|
||||||
# https://adguard-dns.io/kb/adguard-home/overview/
|
# https://adguard-dns.io/kb/adguard-home/overview/
|
||||||
#?? ls /var/lib/caddy/.local/share/caddy/certificates/*
|
|
||||||
adguardhome.service = {
|
adguardhome.service = {
|
||||||
container_name = "adguardhome";
|
container_name = "adguardhome";
|
||||||
image = "adguard/adguardhome:v0.107.56";
|
image = "adguard/adguardhome:v0.107.56";
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
"53:53/tcp" # DNS
|
"53:53" # DNS
|
||||||
"53:53/udp" # DNS
|
"853:853" # DNS-over-TLS
|
||||||
"853:853/tcp" # DNS-over-TLS
|
"3003:80" # Admin panel
|
||||||
"853:853/udp" # DNS-over-QUIC
|
"8443:443" # DNS-over-HTTPS
|
||||||
"3003:80/tcp" # Admin panel
|
|
||||||
"8443:443/tcp" # DNS-over-HTTPS
|
|
||||||
];
|
];
|
||||||
|
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
@ -43,13 +40,11 @@ in {
|
||||||
# https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
|
# https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
53 # DNS
|
|
||||||
853 # DNS-over-TLS
|
853 # DNS-over-TLS
|
||||||
];
|
];
|
||||||
|
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
53 # DNS
|
53 # DNS
|
||||||
853 # DNS-over-QUIC
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ in {
|
||||||
conduwuit.service = {
|
conduwuit.service = {
|
||||||
container_name = "conduwuit";
|
container_name = "conduwuit";
|
||||||
image = "girlbossceo/conduwuit:main";
|
image = "girlbossceo/conduwuit:main";
|
||||||
ports = ["127.0.0.1:6167:6167/tcp"];
|
ports = ["127.0.0.1:6167:6167"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
|
|
||||||
|
|
@ -38,8 +38,8 @@ in {
|
||||||
volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
|
volumes = ["${config.custom.containers.directory}/forgejo/data:/data"];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
"127.0.0.1:3333:3000/tcp"
|
"127.0.0.1:3333:3000"
|
||||||
"22:2222/tcp"
|
"22:2222"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ in {
|
||||||
container_name = "foundryvtt";
|
container_name = "foundryvtt";
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/foundryvtt/.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/foundryvtt/.env".path];
|
||||||
image = "felddy/foundryvtt:12";
|
image = "felddy/foundryvtt:12";
|
||||||
ports = ["127.0.0.1:30000:30000/tcp"];
|
ports = ["127.0.0.1:30000:30000"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
|
volumes = ["${config.custom.containers.directory}/foundryvtt/data:/data"];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -35,8 +35,8 @@ in {
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
"9999:9999/tcp"
|
"9999:9999"
|
||||||
"9090:9090/tcp"
|
"9090:9090"
|
||||||
];
|
];
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ in {
|
||||||
homeassistant.service = {
|
homeassistant.service = {
|
||||||
container_name = "homeassistant";
|
container_name = "homeassistant";
|
||||||
image = "homeassistant/home-assistant:2025.1";
|
image = "homeassistant/home-assistant:2025.1";
|
||||||
ports = ["8123:8123/tcp"];
|
ports = ["8123:8123"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
|
volumes = ["${config.custom.containers.directory}/homeassistant/config:/config"];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ in {
|
||||||
container_name = "mastodon";
|
container_name = "mastodon";
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/mastodon/.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/mastodon/.env".path];
|
||||||
image = "lscr.io/linuxserver/mastodon:4.3.3";
|
image = "lscr.io/linuxserver/mastodon:4.3.3";
|
||||||
ports = ["3000:443/tcp"];
|
ports = ["3000:443"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];
|
volumes = ["${config.custom.containers.directory}/mastodon/config:/config"];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ in {
|
||||||
netbox.service =
|
netbox.service =
|
||||||
netbox
|
netbox
|
||||||
// {
|
// {
|
||||||
ports = ["8585:8080/tcp"];
|
ports = ["8585:8080"];
|
||||||
|
|
||||||
# https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
|
# https://github.com/netbox-community/netbox-docker/wiki/Using-Netbox-Plugins
|
||||||
#!! Context modifications require a rebuild
|
#!! Context modifications require a rebuild
|
||||||
|
|
|
||||||
|
|
@ -28,7 +28,7 @@ in {
|
||||||
container_name = "nextcloud";
|
container_name = "nextcloud";
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/nextcloud/.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/nextcloud/.env".path];
|
||||||
image = "nextcloud:29-apache";
|
image = "nextcloud:29-apache";
|
||||||
ports = ["127.0.0.1:8181:80/tcp"];
|
ports = ["127.0.0.1:8181:80"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
||||||
|
|
@ -28,8 +28,8 @@ in {
|
||||||
image = "ossrs/oryx:5";
|
image = "ossrs/oryx:5";
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
"127.0.0.1:2022:2022/tcp" # HTTP
|
"127.0.0.1:2022:2022" # HTTP
|
||||||
"1935:1935/tcp" # RTMP
|
"1935:1935" # RTMP
|
||||||
"8000:8000/udp" # WebRTC
|
"8000:8000/udp" # WebRTC
|
||||||
"10080:10080/udp" # SRT
|
"10080:10080/udp" # SRT
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -20,8 +20,8 @@ in {
|
||||||
volumes = ["${config.custom.containers.directory}/owncast/data:/app/data"];
|
volumes = ["${config.custom.containers.directory}/owncast/data:/app/data"];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
"1935:1935/tcp"
|
"1935:1935"
|
||||||
"127.0.0.1:8800:8080/tcp"
|
"127.0.0.1:8800:8080"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ in {
|
||||||
redlib.service = {
|
redlib.service = {
|
||||||
container_name = "redlib";
|
container_name = "redlib";
|
||||||
image = "quay.io/redlib/redlib:latest";
|
image = "quay.io/redlib/redlib:latest";
|
||||||
ports = ["127.0.0.1:8888:8080/tcp"];
|
ports = ["127.0.0.1:8888:8080"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,7 @@ in {
|
||||||
depends_on = ["cache"];
|
depends_on = ["cache"];
|
||||||
env_file = [config.age.secrets."${config.custom.profile}/searxng/.env".path];
|
env_file = [config.age.secrets."${config.custom.profile}/searxng/.env".path];
|
||||||
image = "searxng/searxng:latest";
|
image = "searxng/searxng:latest";
|
||||||
ports = ["127.0.0.1:8000:8080/tcp"];
|
ports = ["127.0.0.1:8000:8080"];
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
|
||||||
|
|
@ -270,7 +270,7 @@ in {
|
||||||
{
|
{
|
||||||
name = "Reddit";
|
name = "Reddit";
|
||||||
shortcut = "r";
|
shortcut = "r";
|
||||||
url = "https://kagi.com/search?q=site%3Areddit.com+{searchTerms}";
|
url = "https://www.google.com/search?q=site%3Areddit.com+{searchTerms}";
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -497,7 +497,7 @@ in {
|
||||||
Name = "Reddit";
|
Name = "Reddit";
|
||||||
Alias = "r";
|
Alias = "r";
|
||||||
IconURL = "https://www.redditstatic.com/desktop2x/img/favicon/favicon-96x96.png";
|
IconURL = "https://www.redditstatic.com/desktop2x/img/favicon/favicon-96x96.png";
|
||||||
URLTemplate = "https://kagi.com/search?q=site%3Areddit.com+{searchTerms}";
|
URLTemplate = "https://www.google.com/search?q=site%3Areddit.com+{searchTerms}";
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -209,7 +209,7 @@ case "$1" in
|
||||||
'r '*)
|
'r '*)
|
||||||
label="Reddit"
|
label="Reddit"
|
||||||
icon="reddit"
|
icon="reddit"
|
||||||
url="https://kagi.com/search?q=site%3Areddit.com+"
|
url="https://www.google.com/search?q=site%3Areddit.com+"
|
||||||
query="${1:2}"
|
query="${1:2}"
|
||||||
;;
|
;;
|
||||||
's '*)
|
's '*)
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,6 @@
|
||||||
config,
|
config,
|
||||||
inputs,
|
inputs,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
|
|
@ -27,25 +26,6 @@ in {
|
||||||
caddy = {
|
caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
# BUG: DNS-over-TLS not currently functional, reattempt when fixed or PROXY protocol supported
|
|
||||||
# https://github.com/mholt/caddy-l4/issues/276
|
|
||||||
# https://github.com/AdguardTeam/AdGuardHome/issues/2798
|
|
||||||
# TODO: Use stable package when available with plugins
|
|
||||||
# https://github.com/NixOS/nixpkgs/pull/358586
|
|
||||||
# package = pkgs.unstable.caddy.withPlugins {
|
|
||||||
# #?? Copy from failed build
|
|
||||||
# hash = "sha256-rB2exWVfKS82QpAuEM6+PlUNNmd8sqxvqNHRxCVIE/c=";
|
|
||||||
|
|
||||||
# #?? REPO@TAG
|
|
||||||
# plugins = [
|
|
||||||
# # https://github.com/mholt/caddy-l4
|
|
||||||
# "github.com/mholt/caddy-l4@v0.0.0-20250124234235-87e3e5e2c7f9"
|
|
||||||
|
|
||||||
# # https://github.com/tailscale/caddy-tailscale
|
|
||||||
# "github.com/tailscale/caddy-tailscale@v0.0.0-20250207004440-fd3f49d73216"
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
# TODO: Convert services to Tailscale subdomains when supported or use plugin when supported by nix
|
# TODO: Convert services to Tailscale subdomains when supported or use plugin when supported by nix
|
||||||
# https://github.com/tailscale/tailscale/issues/7081
|
# https://github.com/tailscale/tailscale/issues/7081
|
||||||
# https://github.com/tailscale/caddy-tailscale
|
# https://github.com/tailscale/caddy-tailscale
|
||||||
|
|
@ -70,6 +50,9 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# https://wiki.nixos.org/wiki/Firewall
|
||||||
|
# https://github.com/coturn/coturn/blob/master/docker/coturn/README.md
|
||||||
|
# https://element-hq.github.io/synapse/latest/turn-howto.html
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
80 # HTTP
|
80 # HTTP
|
||||||
|
|
|
||||||
|
|
@ -48,10 +48,6 @@ in {
|
||||||
|
|
||||||
# https://docs.syncthing.net/users/faq.html#inotify-limits
|
# https://docs.syncthing.net/users/faq.html#inotify-limits
|
||||||
"fs.inotify.max_user_watches" = 204800;
|
"fs.inotify.max_user_watches" = 204800;
|
||||||
|
|
||||||
# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
|
|
||||||
"net.core.rmem_max" = 7500000;
|
|
||||||
"net.core.wmem_max" = 7500000;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
loader = {
|
loader = {
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,6 @@ in {
|
||||||
nmap # Network scanner
|
nmap # Network scanner
|
||||||
nvd # Nix diff viewer
|
nvd # Nix diff viewer
|
||||||
progress # Coreutils progress viewer
|
progress # Coreutils progress viewer
|
||||||
q # DNS tester
|
|
||||||
rclone # File sync
|
rclone # File sync
|
||||||
stress # CPU stress tester
|
stress # CPU stress tester
|
||||||
testdisk # Data recovery tool
|
testdisk # Data recovery tool
|
||||||
|
|
|
||||||
Binary file not shown.
Loading…
Add table
Reference in a new issue