desktop-2024-11-03-09-13-27

2024-11-03 09:13:27 +01:00
parent 4160c3408f
commit ed7833b3e9
38 changed files with 525 additions and 1245 deletions
--- a/services/adguardhome.nix
+++ b/services/adguardhome.nix
@@ -1,15 +1,17 @@
-{ config, pkgs, lib, ... }:
-let
-  dns-domain = "dns.szczepan.ski";
-in
 {
-  security.acme.certs.${dns-domain}.postRun =
-    ''
-      cp fullchain.pem /var/lib/AdGuardHome/chain.pem \
-        && cp key.pem /var/lib/AdGuardHome/key.pem \
-        && chown adguardhome:adguardhome /var/lib/AdGuardHome/chain.pem \
-        && chown adguardhome:adguardhome /var/lib/AdGuardHome/key.pem
-    '';
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  dns-domain = "dns.szczepan.ski";
+in {
+  security.acme.certs.${dns-domain}.postRun = ''
+    cp fullchain.pem /var/lib/AdGuardHome/chain.pem \
+      && cp key.pem /var/lib/AdGuardHome/key.pem \
+      && chown adguardhome:adguardhome /var/lib/AdGuardHome/chain.pem \
+      && chown adguardhome:adguardhome /var/lib/AdGuardHome/key.pem
+  '';

  services = {
    nginx = {
@@ -18,7 +20,7 @@ in
          forceSSL = true;
          enableACME = true;
          locations = {
-            "/" = { proxyPass = "https://127.0.0.1:3003/"; };
+            "/" = {proxyPass = "https://127.0.0.1:3003/";};
          };
        };
      };
@@ -30,10 +32,12 @@ in
      host = "127.0.0.1";
      port = 3002;
      settings = {
-        users = [{
-          name = "alex";
-          password = "$2y$10$UhKvi4oztTfULWlIKnQhveORKXpIKCqpawJ/skSBAH96Njn4YDhTC";
-        }];
+        users = [
+          {
+            name = "alex";
+            password = "$2y$10$UhKvi4oztTfULWlIKnQhveORKXpIKCqpawJ/skSBAH96Njn4YDhTC";
+          }
+        ];
        dns = {
          bind_hots = [
            "0.0.0.0"
@@ -76,10 +80,14 @@ in
        # The following notation uses map
        # to not have to manually create {enabled = true; url = "";} for every filter
        # This is,qq however, fully optional
-        filters = map (url: { enabled = true; url = url; }) [
-          "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
-          "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
-        ];
+        filters =
+          map (url: {
+            enabled = true;
+            url = url;
+          }) [
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
+          ];
      };
    };
  };
--- a/services/frigate.nix
+++ b/services/frigate.nix
@@ -1,8 +1,11 @@
-{ config, lib, pkgs, ... }:
-let
-  secrets = import ../configs/secrets.nix;
-in
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  secrets = import ../configs/secrets.nix;
+in {
  services = {
    nginx = {
      virtualHosts = {
@@ -58,12 +61,14 @@ in
          # };

          garage = {
-            ffmpeg.inputs = [{
-              path = "rtsp://admin:REMOVED@192.168.178.42:554/H.264";
-              # input_args = "preset-rtsp-restream";
-              # roles = [ "record" "detect" ];
-              roles = [ "record" ];
-            }];
+            ffmpeg.inputs = [
+              {
+                path = "rtsp://admin:REMOVED@192.168.178.42:554/H.264";
+                # input_args = "preset-rtsp-restream";
+                # roles = [ "record" "detect" ];
+                roles = ["record"];
+              }
+            ];

            record = {
              enabled = true;
@@ -78,7 +83,6 @@ in
              };
            };
          };
-
        };
      };
    };
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -1,12 +1,16 @@
-{ config, lib, pkgs, ... }:
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
  services = {
    nginx = {
      virtualHosts = {
        ${config.services.gitea.settings.server.DOMAIN} = {
          forceSSL = true;
          enableACME = true;
-          locations = { "/" = { proxyPass = "http://127.0.0.1:3001/"; }; };
+          locations = {"/" = {proxyPass = "http://127.0.0.1:3001/";};};
        };
      };
    };
--- a/services/goaccess.nix
+++ b/services/goaccess.nix
@@ -1,8 +1,11 @@
-{ config, lib, pkgs, ... }:
-let
-  secrets = import ../configs/secrets.nix;
-in
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  secrets = import ../configs/secrets.nix;
+in {
  services = {
    nginx = {
      virtualHosts = {
@@ -11,7 +14,7 @@ in
          enableACME = true;
          basicAuthFile = config.sops.secrets.goaccess-htpasswd.path;
          locations = {
-            "/" = { root = "/var/www/goaccess"; };
+            "/" = {root = "/var/www/goaccess";};
            "/ws" = {
              proxyPass = "http://127.0.0.1:7890/";
              proxyWebsockets = true;
@@ -25,7 +28,7 @@ in
  systemd = {
    tmpfiles.settings = {
      "goaccess" = {
-        "/var/www/goaccess" = { d.mode = "0755"; };
+        "/var/www/goaccess" = {d.mode = "0755";};
      };
    };

@@ -35,8 +38,8 @@ in

      goaccess = {
        description = "GoAccess real-time web log analysis";
-        after = [ "network.target" ];
-        wantedBy = [ "multi-user.target" ];
+        after = ["network.target"];
+        wantedBy = ["multi-user.target"];
        script = "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess - -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\"";
        # serviceConfig = {
        #   StateDirectory = "/var/www/goaccess";
--- a/services/headscale.nix
+++ b/services/headscale.nix
@@ -1,6 +1,10 @@
-{ config, lib, pkgs, ... }:
 {
-  environment.systemPackages = with pkgs; [ headscale ];
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = with pkgs; [headscale];

  services = {
    nginx = {
@@ -39,7 +43,7 @@
          override_local_dns = true;
          base_domain = "szczepan.ski";
          magic_dns = true;
-          domains = [ "main.szczepan.ski" ];
+          domains = ["main.szczepan.ski"];
          nameservers = [
            "100.64.0.2"
            "127.0.0.1"
@@ -47,6 +51,5 @@
        };
      };
    };
-
  };
 }
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
  services = {
    nginx = {
      virtualHosts = {
@@ -66,7 +70,8 @@
          phonetrack
          previewgenerator
          tasks
-          unroundedcorners;
+          unroundedcorners
+          ;
        # user_migration = pkgs.fetchNextcloudApp {
        #   sha256 = "sha256-OwALAM/WPJ4gXHQado0njfJL+ciDsvfbPjqGWk23Pm8=";
        #   url = "https://github.com/nextcloud-releases/user_migration/releases/download/v6.0.0/user_migration-v6.0.0.tar.gz";
@@ -98,6 +103,6 @@
  };

  systemd.services.nextcloud-cron = {
-    path = [ pkgs.perl ];
+    path = [pkgs.perl];
  };
 }
--- a/services/rustdesk-server.nix
+++ b/services/rustdesk-server.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
  services = {
    rustdesk-server = {
      enable = true;
--- a/services/uptime-kuma.nix
+++ b/services/uptime-kuma.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
  services = {
    uptime-kuma = {
      enable = true;
@@ -14,7 +18,7 @@
        "uptime.szczepan.ski" = {
          forceSSL = true;
          enableACME = true;
-          locations = { "/" = { proxyPass = "http://127.0.0.1:4000/"; }; };
+          locations = {"/" = {proxyPass = "http://127.0.0.1:4000/";};};
        };
      };
    };