From 7d8e0da9ec2f8a5fb7510bab1afd6995f93a57cf Mon Sep 17 00:00:00 2001 From: Philipp Date: Thu, 8 May 2025 09:59:28 +0200 Subject: [PATCH] migrate blarm to x86, enable firewall --- modules/nixos/services/caddy/default.nix | 10 +-- .../podman/invidious/default.nix | 10 ++- systems/x86_64-linux/blarm/default.nix | 74 +++++++++++++++++++ 3 files changed, 86 insertions(+), 8 deletions(-) create mode 100644 systems/x86_64-linux/blarm/default.nix diff --git a/modules/nixos/services/caddy/default.nix b/modules/nixos/services/caddy/default.nix index cc27a01..603ae80 100644 --- a/modules/nixos/services/caddy/default.nix +++ b/modules/nixos/services/caddy/default.nix @@ -15,6 +15,11 @@ in }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ + 1338 + 8686 + ]; + services.caddy = { enable = true; virtualHosts = { @@ -24,11 +29,6 @@ in file_server ''; }; - ":1339" = { - extraConfig = '' - reverse_proxy 192.168.1.241:3080 - ''; - }; ":8686" = { extraConfig = '' root * /var/lib/caddy/cinny diff --git a/modules/nixos/virtualisation/podman/invidious/default.nix b/modules/nixos/virtualisation/podman/invidious/default.nix index 71ff310..71e013e 100644 --- a/modules/nixos/virtualisation/podman/invidious/default.nix +++ b/modules/nixos/virtualisation/podman/invidious/default.nix @@ -15,6 +15,10 @@ in }; config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ + 3000 + ]; + sops.secrets.invidious-db = { format = "dotenv"; sopsFile = ../../../../../secrets/invidious-db.env; @@ -46,12 +50,12 @@ in virtualisation.oci-containers.containers = { invidious = { - image = "quay.io/invidious/invidious:latest-arm64"; + image = "quay.io/invidious/invidious:latest"; hostname = "invidious"; volumes = [ "/run/secrets/invidious-config:/invidious/config/config.yml" ]; ports = [ - "192.168.1.202:3000:3000" - "[fd00:192:168:1::202]:3000:3000" + "192.168.10.3:3000:3000" + "[fd00:192:168:10::3]:3000:3000" ]; dependsOn = [ "invidious-db" ]; }; diff --git a/systems/x86_64-linux/blarm/default.nix b/systems/x86_64-linux/blarm/default.nix new file mode 100644 index 0000000..a620325 --- /dev/null +++ b/systems/x86_64-linux/blarm/default.nix @@ -0,0 +1,74 @@ +{ + lib, + pkgs, + namespace, + modulesPath, + ... +}: +with lib.${namespace}; +{ + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; + + nix.settings = { + trusted-users = [ "philipp" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + + networking.hostName = "blarm"; + + # Disable documentation + documentation = { + nixos.enable = false; + man.generateCaches = false; + }; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + users.users.philipp = { + isNormalUser = true; + description = "Philipp Böhm"; + extraGroups = [ + "wheel" + "caddy" + ]; + }; + + snowfallorg.users.philipp = { + create = true; + admin = true; + home = { + enable = true; + }; + }; + + awesome-flake = { + services = { + ssh = enabled; + caddy = enabled; + restic = enabled; + }; + + container = { + invidious = enabled; + }; + + system.sops = enabled; + cli.neovim = enabled; + }; + + environment.systemPackages = with pkgs; [ + git + ]; + + system.stateVersion = "24.11"; + +}