commit 87fbc29d320021564878f74739a3ddced63fdc0f · aylac.top/nixcfg-own-knot

-1

hosts/jezebel/default.nix

···

       44
       44
        
               enable = true;

     

       45
       45
        
               enableCaddy = true;

     

       46
       46
        
             };

     

       47
       47
       -
             tangled-knot.enable = false;

     

       48
       47
        
             uptime-kuma.enable = true;

     

       49
       48
        
           };

     

       50
       49
        
         };

+3 -2

hosts/nanpi/default.nix

···

       37
       37
        
             arr.enable = true;

     

       38
       38
        
           };

     

       39
       39
        
           services = {

     

       40
       40
       -
             audiobookshelf.enable = true;

     

       40
       40
       +
             audiobookshelf.enable = false;

     

       41
       41
        
             caddy.enable = true;

     

       42
       42
        
             cloudflared.enable = true;

     

       43
       43
       -
             copyparty.enable = true;

     

       43
       43
       +
             copyparty.enable = false;

     

       44
       44
        
             dnsmasq.enable = true;

     

       45
       45
        
             forgejo.enable = true;

     

       46
       46
        
             glance.enable = true;

     
···

       71
       71
        
             };

     

       72
       72
        
             vaultwarden.enable = true;

     

       73
       73
        
             webdav.enable = true;

     

       74
       74
       +
             tangled-knot.enable = true;

     

       74
       75
        
           };

     

       75
       76
        
         };

     

       76
       77

+9

modules/home/programs/ssh/default.nix

···

       20
       20
        
             # in

     

       21
       21
        
             #   rootMe "dewford";

     

       22
       22
        
       

     

       23
       23
       +
             matchBlocks = {

     

       24
       24
       +
               "knot.aylac.top" = {

     

       25
       25
       +
                 user = "git";

     

       26
       26
       +
                 # dont know if i can just link snippets knot here

     

       27
       27
       +
                 hostname = "nanpi";

     

       28
       28
       +
                 port = 2222;

     

       29
       29
       +
               };

     

       30
       30
       +
             };

     

       31
       31
       +
       

     

       23
       32
        
             package = pkgs.openssh;

     

       24
       33
        
           };

     

       25
       34
        
         };

+4 -4

modules/nixos/profiles/arr/default.nix

···

       64
       64
        
       

     

       65
       65
        
               autobrr = {

     

       66
       66
        
                 enable = true;

     

       67
       67
       -
                 openFirewall = true; # Port: 7474

     

       67
       67
       +
                 openFirewall = false; # Port: 7474

     

       68
       68
        
                 secretFile = config.age.secrets.autobrr.path;

     

       69
       69
        
                 settings = {

     

       70
       70
        
                   host = "0.0.0.0";

     
···

       87
       87
        
               prowlarr = {

     

       88
       88
        
                 enable = true;

     

       89
       89
        
                 # dataDir = "${cfg.dataDir}/prowlarr";

     

       90
       90
       -
                 openFirewall = true; # Port: 9696

     

       90
       90
       +
                 openFirewall = false; # Port: 9696

     

       91
       91
        
               };

     

       92
       92
        
       

     

       93
       93
        
               radarr = {

     

       94
       94
        
                 enable = true;

     

       95
       95
        
                 dataDir = "${cfg.dataDir}/radarr/.config/Radarr/";

     

       96
       96
       -
                 openFirewall = true; # Port: 7878

     

       96
       96
       +
                 openFirewall = false; # Port: 7878

     

       97
       97
        
               };

     

       98
       98
        
       

     

       99
       99
        
               sonarr = {

     

       100
       100
        
                 enable = true;

     

       101
       101
        
                 dataDir = "${cfg.dataDir}/sonarr/.config/NzbDrone/";

     

       102
       102
       -
                 openFirewall = true; # Port: 8989

     

       102
       102
       +
                 openFirewall = false; # Port: 8989

     

       103
       103
        
               };

     

       104
       104
        
       

     

       105
       105
        
               #flaresolverr = {

+3 -2

modules/nixos/profiles/backups/default.nix

···

       269
       269
        
             }

     

       270
       270
        
             {

     

       271
       271
        
               name = "tangled-knot";

     

       272
       272
       -
               inherit (config.services.tangled-knot) enable;

     

       273
       273
       -
               paths = [config.services.tangled-knot.stateDir];

     

       272
       272
       +
               containerised = true;

     

       273
       273
       +
               inherit (config.myNixOS.services.tangled-knot) enable;

     

       274
       274
       +
               paths = ["/var/lib/nixos-containers/tangled-knot${config.containers.tangled-knot.config.services.tangled-knot.stateDir}"];

     

       274
       275
        
             }

     

       275
       276
        
           ];

     

       276
       277
        
         };

+1 -1

modules/nixos/services/caddy/default.nix

···

       31
       31
        
       

     

       32
       32
        
               package = pkgs.caddy.withPlugins {

     

       33
       33
        
                 plugins = ["github.com/tailscale/caddy-tailscale@v0.0.0-20250508175905-642f61fea3cc"];

     

       34
       34
       -
                 hash = "sha256-r68btTv8N7X/pKwGkP8FWg371rt+bZETXdEN0/ZlFJI=";

     

       34
       34
       +
                 hash = "sha256-r9EDkhcgwK11dB46AV+Em8ZE6Aa7IDMwibDGkg3e/rc=";

     

       35
       35
        
               };

     

       36
       36
        
             };

     

       37
       37
        
             tailscale.permitCertUid = "caddy";

+38 -21

modules/nixos/services/tangled-knot/default.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
        
         lib,

     

       4
       4
       +
         self,

     

       4
       5
        
         ...

     

       5
       6
        
       }: let

     

       6
       7
        
         name = "tangled-knot";

     
···

       21
       22
        
       

     

       22
       23
        
         config = lib.mkIf cfg.enable {

     

       23
       24
        
           services = {

     

       24
       24
       -
             caddy.virtualHosts = lib.mkIf cfg.autoProxy {

     

       25
       25
       -
               "${service.vHost}" = {

     

       26
       26
       -
                 extraConfig = ''

     

       27
       27
       -
                   encode gzip zstd

     

       28
       28
       -
                   reverse_proxy ${service.hostName}:${toString service.port}

     

       29
       29
       -
                 '';

     

       25
       25
       +
             cloudflared.tunnels."${network.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {

     

       26
       26
       +
               "${service.vHost}" = "http://localhost:${toString service.port}";

     

       27
       27
       +
             };

     

       28
       28
       +
           };

     

       29
       29
       +
       

     

       30
       30
       +
           containers.tangled-knot = {

     

       31
       31
       +
             autoStart = true;

     

       32
       32
       +
             config = {

     

       33
       33
       +
               imports = [self.inputs.tangled-core.nixosModules.knot];

     

       34
       34
       +
       

     

       35
       35
       +
               programs.ssh.knownHosts = config.mySnippets.ssh.knownHosts;

     

       36
       36
       +
       

     

       37
       37
       +
               services.openssh = {

     

       38
       38
       +
                 ports = [service.sshPort];

     

       39
       39
       +
                 settings = {

     

       40
       40
       +
                   PasswordAuthentication = false;

     

       41
       41
       +
                   PubkeyAuthentication = true;

     

       42
       42
       +
                 };

     

       30
       43
        
               };

     

       31
       44
        
       

     

       32
       32
       -
               "ssh.${service.vHost}" = {

     

       33
       33
       -
                 extraConfig = ''

     

       34
       34
       -
                   encode gzip zstd

     

       35
       35
       -
                   reverse_proxy ${service.hostName}:22

     

       36
       36
       -
                 '';

     

       45
       45
       +
               users.users.git.openssh.authorizedKeys.keyFiles =

     

       46
       46
       +
                 lib.map (file: "${self.inputs.secrets}/publicKeys/${file}")

     

       47
       47
       +
                 # right now this config is fine but if i ever get another machine i daily drive or a build server i need to do something else here

     

       48
       48
       +
                 (lib.filter (file:

     

       49
       49
       +
                   if config.networking.hostName == "morgana"

     

       50
       50
       +
                   then "ayla_m23.pub" == file

     

       51
       51
       +
                   else (lib.elem file ["ayla_morgana.pub" "ayla_23.pub"]))

     

       52
       52
       +
                 (builtins.attrNames (builtins.readDir "${self.inputs.secrets}/publicKeys")));

     

       53
       53
       +
       

     

       54
       54
       +
               services.tangled-knot = {

     

       55
       55
       +
                 enable = true;

     

       56
       56
       +
                 openFirewall = cfg.autoProxy;

     

       57
       57
       +
                 stateDir = "/var/lib/knot";

     

       58
       58
       +
                 server = {

     

       59
       59
       +
                   owner = "did:plc:3c6vkaq7xf5kz3va3muptjh5";

     

       60
       60
       +
                   hostname = service.vHost;

     

       61
       61
       +
                   listenAddr = "localhost:${toString service.port}";

     

       62
       62
       +
                 };

     

       37
       63
        
               };

     

       38
       38
       -
             };

     

       39
       64
        
       

     

       40
       40
       -
             tangled-knot = {

     

       41
       41
       -
               enable = true;

     

       42
       42
       -
               openFirewall = true;

     

       43
       43
       -
               stateDir = "/home/git";

     

       44
       44
       -
               server = {

     

       45
       45
       -
                 owner = "did:plc:3c6vkaq7xf5kz3va3muptjh5";

     

       46
       46
       -
                 hostname = service.vHost;

     

       47
       47
       -
                 listenAddr = "0.0.0.0:${toString service.port}";

     

       48
       48
       -
               };

     

       65
       65
       +
               system.stateVersion = "25.11";

     

       49
       66
        
             };

     

       50
       67
        
           };

     

       51
       68
        
         };

+2 -1

modules/snippets/aylac-top/default.nix

···

       46
       46
        
               };

     

       47
       47
        
       

     

       48
       48
        
               tangled-knot = {

     

       49
       49
       -
                 hostName = "jezebel";

     

       49
       49
       +
                 hostName = "nanpi";

     

       50
       50
        
                 port = 5555;

     

       51
       51
       +
                 sshPort = 2222;

     

       51
       52
        
                 vHost = "knot.aylac.top";

     

       52
       53
        
               };

     

       53
       54