meow

2026-02-13 11:34:12 +00:00
parent 26195b6411
commit 540359308e
5 changed files with 88 additions and 9 deletions
--- a/config/hosts/aspects/servers/rpi5.nix
+++ b/config/hosts/aspects/servers/rpi5.nix
@@ -8,7 +8,8 @@
  den.aspects.rpi5 = {
    includes = [
      <modules/raspberry-pi/5>
-      <modules/services/traefik>
+      # <modules/services/traefik>
      <modules/services/caddy>
      <modules/services/home-assistant>
    ];
    nixos = {
--- a/config/modules/secrets/server.yaml
+++ b/config/modules/secrets/server.yaml
@@ -0,0 +1,43 @@
 namedotcom_api_key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7
 sops:
    age:
        - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0JYbStoeWR0VHV4UXNo
            Y3c5d1BUZk5tZm1tc1dXczlCTlBoVHd6R1JjCklXbmNUdU13VWVBT3hwcW9HNHE3
            YjhBWGhZRW5Cc0cyV0hjYXFaY1l2cWsKLS0tIGcxd05BTmVoRjc2dVdNQ1J4M2dx
            YUFiaHE1MVQ0NnJZbGsxQ014c0ZieXMK0GD+VeFpYrEGTc0CSYMOftJOTsKJVWvL
            DmkxM5fz60j2v0aVAjBp6dRjScWkueKGYtITMHHzjj8QIFJPOR5RVw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTzVUeUg5Tm9sNmt6MDQ2
            Mm1pMTNKeDJ1OU1qS2tqZFdtTm9lcUhOUVVzCitEYzJNOHIrOHFuTUdXdXFPaXhX
            M21DSEVGejJsRXNXVSs1WFJqWFMyMFUKLS0tIGkzVzlMNWorTUZsajlWTzBFSlNk
            WGJYRWRlYXUrTm5LWWxIUG9MTzNGb2sK8iMaTbdZjqDSJkhsobnilBRsTXkP0lgl
            hbHWEX8w2LNvO9IJxbs9wxMwJ4h7vRDLwqDmba7EVFRMb6E9PDyLZg==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUZTdWNOa2w0ZU1mSTli
            Tm5YYWw5aXVGY1BnQ1hySkFYQ3Q4NUhCR0djCjBHWDljQ1lid2ZFTXRTS0tUUzRM
            N0w1N0JkRENXaEwvbE1BM2dEa1Q4TE0KLS0tIEZwYmxleldMbytkcXF0Z0xEcUxU
            bGVzUTZkR0JseVRLWFdZUVljZ2VFT0EK2bN6iL20Drd1+eSdXsMRI347wZjZds4a
            I8jb7vPiKbHAPp/7zZ5Go7jNIh+UkscOf5YGMja82ts7M81QC0K5+Q==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWNJNXNnQjZ4a0NsK2dS
            ZkpCUkJSUzZhd2NiNWhiNHh5ajQvazZlcUdrCkJDYkJTVXVrVG5Ia3VWVEZRajVi
            VGkyZExJdkNxY2JMbXlqd2JMTkNram8KLS0tIDRqTUJDcjR6dUttaWlOS3lpU0s2
            ejV5MytJMXgzNkM1SHN4dXo3eE05WXMKCLGPFGaQa542A1Oqqrq6NtjRBl2rDycB
            6YQjCKReLfT1QA/Q3C3B0eDZm8ZWMV2re55kDCDr7CIIf4mpu1zghw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2026-02-12T09:29:35Z"
    mac: ENC[AES256_GCM,data:5tYqDg30iM0VVSA/K+XkSF3IarRHvjLVSuEdcemKgfBXCzf6Eny3x2Q32FhfgwGQ4SrgPK69YgZjTAOVeeVPGArTRO01SWzeHpcOkejhscZp39Sc+uWRiMMrjeCrvP6dUWrScwYk0naOi4n4rEn1WiwRougfevvsWJXGrwD13I4=,iv:Xo/OMkbr25zQcSgSZgwmruC5YQFrphK78LbBsGcVozs=,tag:4NlviKbACQkT9BT9NCJBXg==,type:str]
    encrypted_regex: ^(data|stringData)$
    version: 3.11.0
--- a/config/modules/services/caddy.nix
+++ b/config/modules/services/caddy.nix
@@ -14,9 +14,6 @@
          enable = true;
          email = "doloroo@proton.me";
          enableReload = true;
          virtualHosts."example.org".extraConfig = ''
            reverse_proxy http://10.25.40.6
          '';
        };
      };
  };
--- a/config/modules/services/ddns.nix
+++ b/config/modules/services/ddns.nix
@@ -0,0 +1,43 @@
 {
  den,
  __findFile,
  modules,
  ...
 }:
 {
  # Basic traefik
  modules.services.provides.ddns = {
    nixos =
      { config, pkgs, ... }:
      let
        ddnsImg = pkgs.dockerTools.pullImage {
          imageName = "qmcgaw/ddns-updater";
          imageDigest = "sha256:ee16ab4f6203bf9e5b0925d38a0b4ebf2d9f23771f933cfb2f5a2dbd5f9a2f88";
          finalImageName = "qmcgaw/ddns-updater";
          finalImageTag = "latest";
          sha256 = "sha256-dMCHkvoFaORmGwbIM9io4Vc9fq+wBks25k2dmnW7naI=";
          arch = "arm64";
        };
      in
      {
        virtualisation.oci-containers.containers = {
          ddns = {
            image = "qmcgaw/ddns-updater";
            imageFile = ddnsImg;
            volumes = [
              "/run/dbus:/run/dbus:ro"
              "/etc/localtime:/etc/localtime:ro"
            ];
            ports = [ "0.0.0.0:8123:8123" ];
            # networks = [ "meow" ];
          };
        };
        networking.firewall = {
          allowedTCPPorts = [
            8123
          ];
          allowedUDPPortRanges = [ ];
        };
      };
  };
 }
--- a/config/modules/services/home-assistant.nix
+++ b/config/modules/services/home-assistant.nix
@@ -24,11 +24,6 @@
          home-assistant = {
            image = "homeassistant/home-assistant";
            imageFile = homeAssistantImg;
            labels = {
              "traefik.enable" = "true";
              "traefik.http.routers.websecure.service" = "home-assistant";
              "traefik.http.routers.websecure.rule" = "Host(`ha.home.doloro.co.uk`)";
            };
            volumes = [
              "/data/homeAssistant:/config"
              "/run/dbus:/run/dbus:ro"