diff --git a/nixos/mirai/configuration.nix b/nixos/mirai/configuration.nix index e50e2260..1f5039b8 100644 --- a/nixos/mirai/configuration.nix +++ b/nixos/mirai/configuration.nix @@ -1,6 +1,7 @@ { config, pkgs, + device, ... }: { imports = [ @@ -9,6 +10,18 @@ ./mirai.nix # ./docker.nix ]; + + virtualisation.docker.enable = true; + # virtualisation.podman = { + # enable = true; + # dockerSocket.enable = true; + # defaultNetwork.dnsname.enable = true; + # }; + users.extraUsers.${device.user}.extraGroups = ["docker"]; + environment.systemPackages = with pkgs; [ + arion + ]; + security.sudo.wheelNeedsPassword = false; sops = { defaultSopsFile = ../../secrets/secrets.yaml; diff --git a/nixos/mirai/services/default.nix b/nixos/mirai/services/default.nix index dc9ba150..da0b6566 100644 --- a/nixos/mirai/services/default.nix +++ b/nixos/mirai/services/default.nix @@ -3,21 +3,21 @@ ./atuin.nix ./authelia.nix ./caddy.nix + ./excalidraw.nix ./fail2ban.nix + ./flaresolverr.nix ./gitea.nix ./homepage.nix + ./immich.nix ./llama.nix + ./lldap.nix ./minecraft.nix ./nextcloud.nix - ./tailscale.nix ./prowlarr.nix - ./flaresolverr.nix - ./searxng.nix - ./immich.nix - ./lldap.nix ./resolved.nix + ./searxng.nix + ./tailscale.nix - # ./home-assistant.nix # ./jellyfin.nix # ./ldap.nix # ./llama.nix diff --git a/nixos/mirai/services/excalidraw.nix b/nixos/mirai/services/excalidraw.nix new file mode 100644 index 00000000..b21268a2 --- /dev/null +++ b/nixos/mirai/services/excalidraw.nix @@ -0,0 +1,46 @@ +{...}: { + # virtualisation.arion = { + # projects = { + # excalidraw = { + # excalidraw = { + # service.image = "ghcr.io/excalidraw/excalidraw:latest"; + # service.volumes = [ + # "/etc/localtime:/etc/localtime:ro" + # "/run/dbus:/run/dbus:ro" + # ]; + # }; + # }; + # }; + # }; + virtualisation.oci-containers = { + backend = "docker"; + containers = { + excalidraw = { + image = "excalidraw/excalidraw:latest"; + ports = ["127.0.0.1:5959:80"]; + volumes = []; + }; + }; + }; + services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = '' + forward_auth localhost:5555 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + reverse_proxy localhost:5959 + ''; + services.authelia = { + instances.darksailor = { + settings = { + access_control = { + rules = [ + { + domain = "draw.darksailor.dev"; + policy = "one_factor"; + } + ]; + }; + }; + }; + }; +} diff --git a/nixos/mirai/services/home-assistant.nix b/nixos/mirai/services/home-assistant.nix deleted file mode 100644 index 9a9e3a57..00000000 --- a/nixos/mirai/services/home-assistant.nix +++ /dev/null @@ -1,86 +0,0 @@ -{pkgs, ...}: { - services = { - home-assistant = { - enable = true; - extraComponents = [ - "esphome" - "met" - "radio_browser" - "wiz" - "homekit" - "homekit_controller" - ]; - customComponents = [ - pkgs.home-assistant-custom-components.auth-header - ]; - config = { - default_config = {}; - homeassistant = { - external_url = "https://home.darksailor.dev"; - name = "Home Assistant"; - time_zone = "Asia/Kolkata"; - }; - http = { - server_host = "::1"; - trusted_proxies = ["::1"]; - use_x_forwarded_for = true; - }; - auth_header = { - username_header = "Remote-User"; - }; - }; - }; - caddy = { - virtualHosts."home.darksailor.dev".extraConfig = '' - forward_auth localhost:5555 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Email Remote-Name - } - reverse_proxy localhost:8123 - ''; - }; - }; - networking.firewall.allowedTCPPorts = [ - 8888 - 5555 - 5432 - 5000 - 7070 - 6600 - 2019 - 22 - 21064 - 48829 - 11434 - 3000 - 8123 - 5432 - 443 - 22 - 80 - 55447 - 25565 - 21064 - 40000 - ]; - networking.firewall.allowedUDPPorts = [ - 5353 - 41641 - 68 - 5353 - 5353 - 41641 - 47663 - 53040 - 443 - 1900 - 1900 - 5555 - ]; - networking.firewall.allowedTCPPortRanges = [ - { - from = 21063; - to = 21070; - } - ]; -}