jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

"fixes"

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-04 06:31:41 -06:00
parent efe5cb0f99
commit 3f13527e51
8 changed files with 141 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/modules.nix
View File

@@ -49,7 +49,7 @@ in
server = "192.168.100.15";
miniserver = "192.168.1.100";
workstation = "192.168.100.18";
vps = "45.79.25.87";
vps = "45.33.0.228";
wg-vps = "10.77.0.1";
wg-server = "10.77.0.2";
wg-g1 = "10.9.0.2";
@@ -73,7 +73,7 @@ in
};
mainServer = lib.mkOption {
type = lib.types.str;
default = "miniserver";
default = "vps";
description = "The hostname of the main server.";
};
postgresSocket = lib.mkOption {

4
modules/network/nginx.nix
View File

@@ -30,13 +30,13 @@ let
"gitea"
"lidarr"
"ombi"
"prowlarr"
"radarr"
"sonarr"
"stash"
];
proxyReversePrivateServices = [
"homepage"
"prowlarr"
"stash"
];
mkServiceConfig =
type: services: lib.listToAttrs (map (name: lib.nameValuePair name { inherit type; }) services);

8
modules/servers/prowlarr.nix
View File

@@ -10,6 +10,14 @@ in
{
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
config = lib.mkIf cfg.enable {
sops.secrets = lib.mkIf cfg.enable {
"private-ca/pem" = {
sopsFile = ../../secrets/certs.yaml;
owner = "nginx";
group = "nginx";
};
};
my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
users.users.prowlarr = {
uid = 987;
group = "piracy";

6
modules/servers/stash.nix
View File

@@ -34,7 +34,13 @@ in
"stash/password".sopsFile = ../../secrets/secrets.yaml;
"stash/jwt".sopsFile = ../../secrets/secrets.yaml;
"stash/session".sopsFile = ../../secrets/secrets.yaml;
"private-ca/pem" = {
sopsFile = ../../secrets/certs.yaml;
owner = "nginx";
group = "nginx";
};
};
my.servers.stash.certPath = config.sops.secrets."private-ca/pem".path;
services.stash = {
inherit (cfg) enable;
group = "glue";

43
modules/services/wireguard.nix
View File

@@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
let
@@ -20,32 +19,36 @@ in
internalInterfaces = [ "wg0" ];
};
wireguard.interfaces.wg0 = {
ips = [ "10.100.0.1/24" ];
ips = [
"${config.my.ips.wg-vps}/24"
"10.8.0.1/24"
"10.9.0.1/24"
];
listenPort = port;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
postSetup = "";
postShutdown = "";
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [
{
publicKey = "ciupBjCcIpd3K5vlzNMJC8iiyNqB9xXwkSC6UXPKP3g=";
allowedIPs = [ "10.100.0.2/32" ];
} # phone
publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4=";
allowedIPs = [ "${config.my.ips.wg-server}/32" ];
}
{
publicKey = "JgeA1ElDwR7oLmyGn8RzvxiscMBhR8+L+mEjY1Cq7gk=";
allowedIPs = [ "10.100.0.3/32" ];
} # tablet
publicKey = "rFgT6TXzRazK6GMazMNGjtOvzAAPST0LvCfN7QXsLho=";
allowedIPs = [ "${config.my.ips.wg-friend1}/32" ];
}
{
publicKey = "giPVRUTLtqPGb57R4foGZMNS0tjIp2ry6lMKYtqHjn4=";
allowedIPs = [ "10.100.0.15/32" ];
} # jeancarlos
publicKey = "R1CTx5+CXivMI6ZEmRYsyFUFILhe6Qnub0iEIRvvrEY=";
allowedIPs = [ "${config.my.ips.wg-friend2}/32" ];
}
{
publicKey = "92JdW/NExg1tUE4cEyl6Yn+0Eex+iFVA37ahPRhRnRM=";
allowedIPs = [ "10.100.0.16/32" ];
} # gorilia
publicKey = "ecPNSacD6yVwpnLBs171z0xkw9M1DXKh/Kn70cIBcwA=";
allowedIPs = [ "${config.my.ips.wg-friend3}/32" ];
}
{
publicKey = "yg+2miZCrx89znFaUlU/le/7UIPgEAMY74fZfEwz8g4=";
allowedIPs = [ "${config.my.ips.wg-friend4}/32" ];
}
];
};
};