From 540359308e3c54e8881c3293d8eaba4c49c0a914 Mon Sep 17 00:00:00 2001 From: Doloro1978 Date: Fri, 13 Feb 2026 11:34:12 +0000 Subject: [PATCH] meow --- config/hosts/aspects/servers/rpi5.nix | 3 +- config/modules/secrets/server.yaml | 43 ++++++++++++++++++++++ config/modules/services/caddy.nix | 3 -- config/modules/services/ddns.nix | 43 ++++++++++++++++++++++ config/modules/services/home-assistant.nix | 5 --- 5 files changed, 88 insertions(+), 9 deletions(-) create mode 100644 config/modules/secrets/server.yaml create mode 100644 config/modules/services/ddns.nix diff --git a/config/hosts/aspects/servers/rpi5.nix b/config/hosts/aspects/servers/rpi5.nix index 91bc92a..987de2b 100644 --- a/config/hosts/aspects/servers/rpi5.nix +++ b/config/hosts/aspects/servers/rpi5.nix @@ -8,7 +8,8 @@ den.aspects.rpi5 = { includes = [ - + # + ]; nixos = { diff --git a/config/modules/secrets/server.yaml b/config/modules/secrets/server.yaml new file mode 100644 index 0000000..8f379a8 --- /dev/null +++ b/config/modules/secrets/server.yaml @@ -0,0 +1,43 @@ +namedotcom_api_key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7 +sops: + age: + - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0JYbStoeWR0VHV4UXNo + Y3c5d1BUZk5tZm1tc1dXczlCTlBoVHd6R1JjCklXbmNUdU13VWVBT3hwcW9HNHE3 + YjhBWGhZRW5Cc0cyV0hjYXFaY1l2cWsKLS0tIGcxd05BTmVoRjc2dVdNQ1J4M2dx + YUFiaHE1MVQ0NnJZbGsxQ014c0ZieXMK0GD+VeFpYrEGTc0CSYMOftJOTsKJVWvL + DmkxM5fz60j2v0aVAjBp6dRjScWkueKGYtITMHHzjj8QIFJPOR5RVw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTzVUeUg5Tm9sNmt6MDQ2 + Mm1pMTNKeDJ1OU1qS2tqZFdtTm9lcUhOUVVzCitEYzJNOHIrOHFuTUdXdXFPaXhX + M21DSEVGejJsRXNXVSs1WFJqWFMyMFUKLS0tIGkzVzlMNWorTUZsajlWTzBFSlNk + WGJYRWRlYXUrTm5LWWxIUG9MTzNGb2sK8iMaTbdZjqDSJkhsobnilBRsTXkP0lgl + hbHWEX8w2LNvO9IJxbs9wxMwJ4h7vRDLwqDmba7EVFRMb6E9PDyLZg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUZTdWNOa2w0ZU1mSTli + Tm5YYWw5aXVGY1BnQ1hySkFYQ3Q4NUhCR0djCjBHWDljQ1lid2ZFTXRTS0tUUzRM + N0w1N0JkRENXaEwvbE1BM2dEa1Q4TE0KLS0tIEZwYmxleldMbytkcXF0Z0xEcUxU + bGVzUTZkR0JseVRLWFdZUVljZ2VFT0EK2bN6iL20Drd1+eSdXsMRI347wZjZds4a + I8jb7vPiKbHAPp/7zZ5Go7jNIh+UkscOf5YGMja82ts7M81QC0K5+Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWNJNXNnQjZ4a0NsK2dS + ZkpCUkJSUzZhd2NiNWhiNHh5ajQvazZlcUdrCkJDYkJTVXVrVG5Ia3VWVEZRajVi + VGkyZExJdkNxY2JMbXlqd2JMTkNram8KLS0tIDRqTUJDcjR6dUttaWlOS3lpU0s2 + ejV5MytJMXgzNkM1SHN4dXo3eE05WXMKCLGPFGaQa542A1Oqqrq6NtjRBl2rDycB + 6YQjCKReLfT1QA/Q3C3B0eDZm8ZWMV2re55kDCDr7CIIf4mpu1zghw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-02-12T09:29:35Z" + mac: ENC[AES256_GCM,data:5tYqDg30iM0VVSA/K+XkSF3IarRHvjLVSuEdcemKgfBXCzf6Eny3x2Q32FhfgwGQ4SrgPK69YgZjTAOVeeVPGArTRO01SWzeHpcOkejhscZp39Sc+uWRiMMrjeCrvP6dUWrScwYk0naOi4n4rEn1WiwRougfevvsWJXGrwD13I4=,iv:Xo/OMkbr25zQcSgSZgwmruC5YQFrphK78LbBsGcVozs=,tag:4NlviKbACQkT9BT9NCJBXg==,type:str] + encrypted_regex: ^(data|stringData)$ + version: 3.11.0 diff --git a/config/modules/services/caddy.nix b/config/modules/services/caddy.nix index cfa4791..034cb2f 100644 --- a/config/modules/services/caddy.nix +++ b/config/modules/services/caddy.nix @@ -14,9 +14,6 @@ enable = true; email = "doloroo@proton.me"; enableReload = true; - virtualHosts."example.org".extraConfig = '' - reverse_proxy http://10.25.40.6 - ''; }; }; }; diff --git a/config/modules/services/ddns.nix b/config/modules/services/ddns.nix new file mode 100644 index 0000000..1b0bf58 --- /dev/null +++ b/config/modules/services/ddns.nix @@ -0,0 +1,43 @@ +{ + den, + __findFile, + modules, + ... +}: +{ + # Basic traefik + modules.services.provides.ddns = { + nixos = + { config, pkgs, ... }: + let + ddnsImg = pkgs.dockerTools.pullImage { + imageName = "qmcgaw/ddns-updater"; + imageDigest = "sha256:ee16ab4f6203bf9e5b0925d38a0b4ebf2d9f23771f933cfb2f5a2dbd5f9a2f88"; + finalImageName = "qmcgaw/ddns-updater"; + finalImageTag = "latest"; + sha256 = "sha256-dMCHkvoFaORmGwbIM9io4Vc9fq+wBks25k2dmnW7naI="; + arch = "arm64"; + }; + in + { + virtualisation.oci-containers.containers = { + ddns = { + image = "qmcgaw/ddns-updater"; + imageFile = ddnsImg; + volumes = [ + "/run/dbus:/run/dbus:ro" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ "0.0.0.0:8123:8123" ]; + # networks = [ "meow" ]; + }; + }; + networking.firewall = { + allowedTCPPorts = [ + 8123 + ]; + allowedUDPPortRanges = [ ]; + }; + }; + }; +} diff --git a/config/modules/services/home-assistant.nix b/config/modules/services/home-assistant.nix index 09bd587..91ae77b 100644 --- a/config/modules/services/home-assistant.nix +++ b/config/modules/services/home-assistant.nix @@ -24,11 +24,6 @@ home-assistant = { image = "homeassistant/home-assistant"; imageFile = homeAssistantImg; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.websecure.service" = "home-assistant"; - "traefik.http.routers.websecure.rule" = "Host(`ha.home.doloro.co.uk`)"; - }; volumes = [ "/data/homeAssistant:/config" "/run/dbus:/run/dbus:ro"