meow

2026-02-13 11:34:12 +00:00
parent 26195b6411
commit 540359308e
5 changed files with 88 additions and 9 deletions
--- a/config/hosts/aspects/servers/rpi5.nix
+++ b/config/hosts/aspects/servers/rpi5.nix
@@ -8,7 +8,8 @@
  den.aspects.rpi5 = {
    includes = [
      <modules/raspberry-pi/5>
-      <modules/services/traefik>
+      # <modules/services/traefik>
+      <modules/services/caddy>
      <modules/services/home-assistant>
    ];
    nixos = {
--- a/config/modules/secrets/server.yaml
+++ b/config/modules/secrets/server.yaml
@@ -0,0 +1,43 @@
+namedotcom_api_key: fbf0bc2133da020b64bbe9c884f616afe59dfdf7
+sops:
+    age:
+        - recipient: age1ykcy2r4kk729e7adqxu8s24ujc60z5eux7ma0ca4ruzydwgm5p6qmdp838
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY0JYbStoeWR0VHV4UXNo
+            Y3c5d1BUZk5tZm1tc1dXczlCTlBoVHd6R1JjCklXbmNUdU13VWVBT3hwcW9HNHE3
+            YjhBWGhZRW5Cc0cyV0hjYXFaY1l2cWsKLS0tIGcxd05BTmVoRjc2dVdNQ1J4M2dx
+            YUFiaHE1MVQ0NnJZbGsxQ014c0ZieXMK0GD+VeFpYrEGTc0CSYMOftJOTsKJVWvL
+            DmkxM5fz60j2v0aVAjBp6dRjScWkueKGYtITMHHzjj8QIFJPOR5RVw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1e6vws55p0g23qzthm4qa93hpt6lqmck6670gkygph0sc0j7my4uq5wqjfh
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNTzVUeUg5Tm9sNmt6MDQ2
+            Mm1pMTNKeDJ1OU1qS2tqZFdtTm9lcUhOUVVzCitEYzJNOHIrOHFuTUdXdXFPaXhX
+            M21DSEVGejJsRXNXVSs1WFJqWFMyMFUKLS0tIGkzVzlMNWorTUZsajlWTzBFSlNk
+            WGJYRWRlYXUrTm5LWWxIUG9MTzNGb2sK8iMaTbdZjqDSJkhsobnilBRsTXkP0lgl
+            hbHWEX8w2LNvO9IJxbs9wxMwJ4h7vRDLwqDmba7EVFRMb6E9PDyLZg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1x3lahhkefkap67cdmdjcqaxan9hp62er78akr79v9m73nvgugpeqk0y32a
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZUZTdWNOa2w0ZU1mSTli
+            Tm5YYWw5aXVGY1BnQ1hySkFYQ3Q4NUhCR0djCjBHWDljQ1lid2ZFTXRTS0tUUzRM
+            N0w1N0JkRENXaEwvbE1BM2dEa1Q4TE0KLS0tIEZwYmxleldMbytkcXF0Z0xEcUxU
+            bGVzUTZkR0JseVRLWFdZUVljZ2VFT0EK2bN6iL20Drd1+eSdXsMRI347wZjZds4a
+            I8jb7vPiKbHAPp/7zZ5Go7jNIh+UkscOf5YGMja82ts7M81QC0K5+Q==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1exzngtk4d9vcsmcq6ap5xx3ca9qacqjkrv86ymged7msx9z6vfyqsf5sjq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUWNJNXNnQjZ4a0NsK2dS
+            ZkpCUkJSUzZhd2NiNWhiNHh5ajQvazZlcUdrCkJDYkJTVXVrVG5Ia3VWVEZRajVi
+            VGkyZExJdkNxY2JMbXlqd2JMTkNram8KLS0tIDRqTUJDcjR6dUttaWlOS3lpU0s2
+            ejV5MytJMXgzNkM1SHN4dXo3eE05WXMKCLGPFGaQa542A1Oqqrq6NtjRBl2rDycB
+            6YQjCKReLfT1QA/Q3C3B0eDZm8ZWMV2re55kDCDr7CIIf4mpu1zghw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-02-12T09:29:35Z"
+    mac: ENC[AES256_GCM,data:5tYqDg30iM0VVSA/K+XkSF3IarRHvjLVSuEdcemKgfBXCzf6Eny3x2Q32FhfgwGQ4SrgPK69YgZjTAOVeeVPGArTRO01SWzeHpcOkejhscZp39Sc+uWRiMMrjeCrvP6dUWrScwYk0naOi4n4rEn1WiwRougfevvsWJXGrwD13I4=,iv:Xo/OMkbr25zQcSgSZgwmruC5YQFrphK78LbBsGcVozs=,tag:4NlviKbACQkT9BT9NCJBXg==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.11.0
--- a/config/modules/services/caddy.nix
+++ b/config/modules/services/caddy.nix
@@ -14,9 +14,6 @@
          enable = true;
          email = "doloroo@proton.me";
          enableReload = true;
-          virtualHosts."example.org".extraConfig = ''
-            reverse_proxy http://10.25.40.6
-          '';
        };
      };
  };
--- a/config/modules/services/ddns.nix
+++ b/config/modules/services/ddns.nix
@@ -0,0 +1,43 @@
+{
+  den,
+  __findFile,
+  modules,
+  ...
+}:
+{
+  # Basic traefik
+  modules.services.provides.ddns = {
+    nixos =
+      { config, pkgs, ... }:
+      let
+        ddnsImg = pkgs.dockerTools.pullImage {
+          imageName = "qmcgaw/ddns-updater";
+          imageDigest = "sha256:ee16ab4f6203bf9e5b0925d38a0b4ebf2d9f23771f933cfb2f5a2dbd5f9a2f88";
+          finalImageName = "qmcgaw/ddns-updater";
+          finalImageTag = "latest";
+          sha256 = "sha256-dMCHkvoFaORmGwbIM9io4Vc9fq+wBks25k2dmnW7naI=";
+          arch = "arm64";
+        };
+      in
+      {
+        virtualisation.oci-containers.containers = {
+          ddns = {
+            image = "qmcgaw/ddns-updater";
+            imageFile = ddnsImg;
+            volumes = [
+              "/run/dbus:/run/dbus:ro"
+              "/etc/localtime:/etc/localtime:ro"
+            ];
+            ports = [ "0.0.0.0:8123:8123" ];
+            # networks = [ "meow" ];
+          };
+        };
+        networking.firewall = {
+          allowedTCPPorts = [
+            8123
+          ];
+          allowedUDPPortRanges = [ ];
+        };
+      };
+  };
+}
--- a/config/modules/services/home-assistant.nix
+++ b/config/modules/services/home-assistant.nix
@@ -24,11 +24,6 @@
          home-assistant = {
            image = "homeassistant/home-assistant";
            imageFile = homeAssistantImg;
-            labels = {
-              "traefik.enable" = "true";
-              "traefik.http.routers.websecure.service" = "home-assistant";
-              "traefik.http.routers.websecure.rule" = "Host(`ha.home.doloro.co.uk`)";
-            };
            volumes = [
              "/data/homeAssistant:/config"
              "/run/dbus:/run/dbus:ro"