xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

partsdb

Browse source
This commit is contained in:
Lucy Hochkamp 2025-02-28 15:48:13 +01:00
parent 458168036c
commit cfa803bc82
No known key found for this signature in database
7 changed files with 53 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/ds9/containers.nix
View file

@ -22,7 +22,7 @@ let
'';
in
{
imports = [ ./authentik.nix ];
imports = [ ./authentik.nix ./part-db.nix ];
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 12300 3001 ];
fileSystems."/var/lib/containers" = {
@ -222,12 +222,14 @@ in
'';
};
virtualisation.oci-containers.containers.archivebox = {
image = "archivebox/archivebox:latest";
image = "archivebox/archivebox:dev";
environment = {
ALLOWED_HOSTS = "*"; # set this to the hostname(s) you're going to serve the site from!
CSRF_TRUSTED_ORIGINS = "https://archive.hailsatan.eu"; # you MUST set this to the server's URL for admin login and the REST API to work
PUBLIC_INDEX = "True"; # set to False to prevent anonymous users from viewing snapshot list
PUBLIC_SNAPSHOTS = "True"; # set to False to prevent anonymous users from viewing snapshot content
REVERSE_PROXY_USER_HEADER="X-Authentik-Username";
REVERSE_PROXY_WHITELIST="10.88.0.1/32";
PUBLIC_INDEX = "False"; # set to False to prevent anonymous users from viewing snapshot list
PUBLIC_SNAPSHOTS = "False"; # set to False to prevent anonymous users from viewing snapshot content
PUBLIC_ADD_VIEW = "False"; # set to True to allow anonymous users to submit new URLs to archive
SEARCH_BACKEND_ENGINE = "sonic"; # tells ArchiveBox to use sonic container below for fast full-text search
SEARCH_BACKEND_HOST_NAME = "archivebox_sonic";

55
hosts/ds9/default.nix
View file

@ -212,64 +212,37 @@ in
handle @grafana {
import podmanRedirWithAuth http://grafana:3000
}
handle {
import podmanRedirWithAuth http://127.0.0.1:8001
@hoard host hoard.hailsatan.eu
handle @hoard {
import podmanRedirWithAuth http://partdb-server:80
}
handle {
abort
}
'';
virtualHosts."*.hailsatan.eu".extraConfig = ''
import blockBots
# tailscale only
bind [fd7a:115c:a1e0:ab12:4843:cd96:6253:6019]
@immich host immich.hailsatan.eu
handle @immich {
import podmanRedir http://immich-server:2283
import podmanRedirWithAuth http://immich-server:2283
}
@cd host cd.hailsatan.eu
handle @cd {
import podmanRedir http://changedetection:5000
}
@grafana host grafana.hailsatan.eu
handle @grafana {
import podmanRedirWithAuth http://grafana:3000
import podmanRedirWithAuth http://changedetection:5000
}
@node-red host node-red.hailsatan.eu
handle @node-red {
import podmanRedir http://node-red:1880
import podmanRedirWithAuth http://node-red:1880
}
@labello host labello.hailsatan.eu
handle @labello {
import podmanRedir http://labello:4242
import podmanRedirWithAuth http://labello:4242
}
# @bzzt-api host bzzt-api.hailsatan.eu
# handle @bzzt-api {
# reverse_proxy http://127.0.0.1:5001
# }
# @bzzt-lcg host bzzt-lcg.hailsatan.eu
# handle @bzzt-lcg {
# reverse_proxy http://127.0.0.1:5003
# }
# @bzzt host bzzt.hailsatan.eu
# handle @bzzt {
# reverse_proxy http://127.0.0.1:5002
# }
@archivebox host archivebox.hailsatan.eu
handle @archivebox {
import podmanRedir http://archivebox:8000
}
@jellyfin host j.hailsatan.eu
handle @jellyfin {
import podmanRedir http://jellyfin:8096
handle /api/* {
import podmanRedir http://archivebox:8000
}
handle {
import podmanRedirWithAuth http://archivebox:8000
}
}
handle {
reverse_proxy http://127.0.0.1:8001
import podmanRedirWithAuth http://127.0.0.1:8001
}
'';
};

31
hosts/ds9/part-db.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, config, lib, inputs, ... }:
{
ragon.agenix.secrets.ds9PartDbEnv = { };
virtualisation.quadlet =
{
containers = {
partdb-server.containerConfig.image = "jbtronics/part-db1";
partdb-server.containerConfig.networks = [
"db-net"
"podman"
];
partdb-server.containerConfig.volumes = [
"partdb-uploads:/var/www/html/uploads"
"partdb-media:/var/www/html/public/media"
];
partdb-server.containerConfig.environments = {
APP_ENV = "docker";
DEFAULT_LANG = "en";
DEFAULT_TIMEZONE = "Europe/Berlin";
BASE_CURRENCY = "EUR";
INSTANCE_NAME = "xynos_hoard";
TRUSTED_PROXIES = "10.88.0.0/16";
DEFAULT_URI = "https://hoard.hailsatan.eu/";
};
partdb-server.serviceConfig.TimeoutStartSec = "60";
partdb-server.containerConfig.environmentFiles = [
config.age.secrets.ds9PartDbEnv.path
];
};
};
}

26
hosts/picard/ts-ovpn.nix
View file

@ -1,26 +0,0 @@
{ config, pkgs, options, ... }: {
imports = [
../../nixos-modules/services/tailscale-openvpn.nix
../../nixos-modules/system/agenix.nix
];
ragon = {
agenix.secrets."ovpnNl" = { };
agenix.secrets."ovpnDe" = { };
agenix.secrets."ovpnTu" = { };
agenix.secrets."ovpnCrt1" = { };
agenix.secrets."ovpnPw1" = { };
agenix.secrets."ovpnPw2" = { };
agenix.secrets."ovpnScript" = { };
agenix.secrets."tailscaleKey" = { };
services.tailscale-openvpn = {
enable = true;
tsAuthKey = config.age.secrets.tailscaleKey.path;
config = {
nl = config.age.secrets.ovpnNl.path;
de = config.age.secrets.ovpnDe.path;
tu = config.age.secrets.ovpnTu.path;
};
script = config.age.secrets.ovpnScript.path;
};
};
}

1
hosts/theseus/default.nix
View file

@ -207,6 +207,7 @@
discord # shitcord
unstable.signal-desktop
unstable.firefoxpwa
mosh
unstable.plexamp
# firefox
obsidian

BIN
secrets/ds9PartDbEnv.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -21,6 +21,7 @@ in
"ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9PartDbEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;
"plausibleAdminPw.age".publicKeys = pubkeys.ragon.host "picard";