xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

partsdb

Browse source
This commit is contained in:
Lucy Hochkamp 2025-02-28 15:48:13 +01:00
parent 458168036c
commit cfa803bc82
No known key found for this signature in database
7 changed files with 53 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/ds9/containers.nix
View file

@ -22,7 +22,7 @@ let
''; '';
in in
{ {
imports = [ ./authentik.nix ]; imports = [ ./authentik.nix ./part-db.nix ];
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
networking.firewall.interfaces."podman+".allowedTCPPorts = [ 12300 3001 ]; networking.firewall.interfaces."podman+".allowedTCPPorts = [ 12300 3001 ];
fileSystems."/var/lib/containers" = { fileSystems."/var/lib/containers" = {
@ -222,12 +222,14 @@ in
''; '';
}; };
virtualisation.oci-containers.containers.archivebox = { virtualisation.oci-containers.containers.archivebox = {
image = "archivebox/archivebox:latest"; image = "archivebox/archivebox:dev";
environment = { environment = {
ALLOWED_HOSTS = "*"; # set this to the hostname(s) you're going to serve the site from! ALLOWED_HOSTS = "*"; # set this to the hostname(s) you're going to serve the site from!
CSRF_TRUSTED_ORIGINS = "https://archive.hailsatan.eu"; # you MUST set this to the server's URL for admin login and the REST API to work CSRF_TRUSTED_ORIGINS = "https://archive.hailsatan.eu"; # you MUST set this to the server's URL for admin login and the REST API to work
PUBLIC_INDEX = "True"; # set to False to prevent anonymous users from viewing snapshot list REVERSE_PROXY_USER_HEADER="X-Authentik-Username";
PUBLIC_SNAPSHOTS = "True"; # set to False to prevent anonymous users from viewing snapshot content REVERSE_PROXY_WHITELIST="10.88.0.1/32";
PUBLIC_INDEX = "False"; # set to False to prevent anonymous users from viewing snapshot list
PUBLIC_SNAPSHOTS = "False"; # set to False to prevent anonymous users from viewing snapshot content
PUBLIC_ADD_VIEW = "False"; # set to True to allow anonymous users to submit new URLs to archive PUBLIC_ADD_VIEW = "False"; # set to True to allow anonymous users to submit new URLs to archive
SEARCH_BACKEND_ENGINE = "sonic"; # tells ArchiveBox to use sonic container below for fast full-text search SEARCH_BACKEND_ENGINE = "sonic"; # tells ArchiveBox to use sonic container below for fast full-text search
SEARCH_BACKEND_HOST_NAME = "archivebox_sonic"; SEARCH_BACKEND_HOST_NAME = "archivebox_sonic";

55
hosts/ds9/default.nix
View file

@ -212,64 +212,37 @@ in
handle @grafana { handle @grafana {
import podmanRedirWithAuth http://grafana:3000 import podmanRedirWithAuth http://grafana:3000
} }
handle { @hoard host hoard.hailsatan.eu
import podmanRedirWithAuth http://127.0.0.1:8001 handle @hoard {
import podmanRedirWithAuth http://partdb-server:80
} }
handle {
abort
}
'';
virtualHosts."*.hailsatan.eu".extraConfig = ''
import blockBots
# tailscale only
bind [fd7a:115c:a1e0:ab12:4843:cd96:6253:6019]
@immich host immich.hailsatan.eu @immich host immich.hailsatan.eu
handle @immich { handle @immich {
import podmanRedir http://immich-server:2283 import podmanRedirWithAuth http://immich-server:2283
} }
@cd host cd.hailsatan.eu @cd host cd.hailsatan.eu
handle @cd { handle @cd {
import podmanRedir http://changedetection:5000 import podmanRedirWithAuth http://changedetection:5000
}
@grafana host grafana.hailsatan.eu
handle @grafana {
import podmanRedirWithAuth http://grafana:3000
} }
@node-red host node-red.hailsatan.eu @node-red host node-red.hailsatan.eu
handle @node-red { handle @node-red {
import podmanRedir http://node-red:1880 import podmanRedirWithAuth http://node-red:1880
} }
@labello host labello.hailsatan.eu @labello host labello.hailsatan.eu
handle @labello { handle @labello {
import podmanRedir http://labello:4242 import podmanRedirWithAuth http://labello:4242
} }
# @bzzt-api host bzzt-api.hailsatan.eu
# handle @bzzt-api {
# reverse_proxy http://127.0.0.1:5001
# }
# @bzzt-lcg host bzzt-lcg.hailsatan.eu
# handle @bzzt-lcg {
# reverse_proxy http://127.0.0.1:5003
# }
# @bzzt host bzzt.hailsatan.eu
# handle @bzzt {
# reverse_proxy http://127.0.0.1:5002
# }
@archivebox host archivebox.hailsatan.eu @archivebox host archivebox.hailsatan.eu
handle @archivebox { handle @archivebox {
import podmanRedir http://archivebox:8000 handle /api/* {
} import podmanRedir http://archivebox:8000
@jellyfin host j.hailsatan.eu }
handle @jellyfin { handle {
import podmanRedir http://jellyfin:8096 import podmanRedirWithAuth http://archivebox:8000
}
} }
handle { handle {
reverse_proxy http://127.0.0.1:8001 import podmanRedirWithAuth http://127.0.0.1:8001
} }
''; '';
}; };

31
hosts/ds9/part-db.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, config, lib, inputs, ... }:
{
ragon.agenix.secrets.ds9PartDbEnv = { };
virtualisation.quadlet =
{
containers = {
partdb-server.containerConfig.image = "jbtronics/part-db1";
partdb-server.containerConfig.networks = [
"db-net"
"podman"
];
partdb-server.containerConfig.volumes = [
"partdb-uploads:/var/www/html/uploads"
"partdb-media:/var/www/html/public/media"
];
partdb-server.containerConfig.environments = {
APP_ENV = "docker";
DEFAULT_LANG = "en";
DEFAULT_TIMEZONE = "Europe/Berlin";
BASE_CURRENCY = "EUR";
INSTANCE_NAME = "xynos_hoard";
TRUSTED_PROXIES = "10.88.0.0/16";
DEFAULT_URI = "https://hoard.hailsatan.eu/";
};
partdb-server.serviceConfig.TimeoutStartSec = "60";
partdb-server.containerConfig.environmentFiles = [
config.age.secrets.ds9PartDbEnv.path
];
};
};
}

26
hosts/picard/ts-ovpn.nix
View file

@ -1,26 +0,0 @@
{ config, pkgs, options, ... }: {
imports = [
../../nixos-modules/services/tailscale-openvpn.nix
../../nixos-modules/system/agenix.nix
];
ragon = {
agenix.secrets."ovpnNl" = { };
agenix.secrets."ovpnDe" = { };
agenix.secrets."ovpnTu" = { };
agenix.secrets."ovpnCrt1" = { };
agenix.secrets."ovpnPw1" = { };
agenix.secrets."ovpnPw2" = { };
agenix.secrets."ovpnScript" = { };
agenix.secrets."tailscaleKey" = { };
services.tailscale-openvpn = {
enable = true;
tsAuthKey = config.age.secrets.tailscaleKey.path;
config = {
nl = config.age.secrets.ovpnNl.path;
de = config.age.secrets.ovpnDe.path;
tu = config.age.secrets.ovpnTu.path;
};
script = config.age.secrets.ovpnScript.path;
};
};
}

1
hosts/theseus/default.nix
View file

@ -207,6 +207,7 @@
discord # shitcord discord # shitcord
unstable.signal-desktop unstable.signal-desktop
unstable.firefoxpwa unstable.firefoxpwa
mosh
unstable.plexamp unstable.plexamp
# firefox # firefox
obsidian obsidian

BIN
secrets/ds9PartDbEnv.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -21,6 +21,7 @@ in
"ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9PartDbEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server; "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;
"plausibleAdminPw.age".publicKeys = pubkeys.ragon.host "picard"; "plausibleAdminPw.age".publicKeys = pubkeys.ragon.host "picard";