tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tigor:8cbde4811fc630acfaae3c9b9b1983f206dc6342
Branches Tags
tigor:main
...
compare: tigor:aab201ab9ea015ad257e7925aac4d152ab234fd0
Branches Tags
tigor:main

8 commits
8cbde4811f ... aab201ab9e

Author SHA1 Message Date
Tigor Hutasuhut aab201ab9e bareksa: added 192.168.31.0/24 subnet to exclusion list 2024-10-30 16:10:51 +07:00
Tigor Hutasuhut a7acfa6ff0 ntfy-sh: client added delay for network availability 2024-10-30 11:42:09 +07:00
Tigor Hutasuhut 99097713c6 bitwarden: update secrets 2024-10-30 11:36:05 +07:00
Tigor Hutasuhut 235c45614d alloy: add tls_insecure_skip_verify to otelgrpc.tigor.web.id 2024-10-29 21:56:27 +07:00
Tigor Hutasuhut 828e7fe174 grafana: alloy and tempo now uses proper configurations 2024-10-29 21:45:05 +07:00
Tigor Hutasuhut abbc79066c pihole: fix upstream recursive DNS server not pointing to stubby 2024-10-29 21:07:04 +07:00
Tigor Hutasuhut f75b592027 caddy: removed unused env file 2024-10-28 21:40:53 +07:00
Tigor Hutasuhut 8bc7dea1ef services: update caddy configs 2024-10-28 21:38:34 +07:00
17 changed files with 117 additions and 190 deletions
Show stats Expand all files Collapse all files

2
home/modules/hyprland/bitwarden.nix
View file

@ -19,7 +19,7 @@ in
];
sops = {
secrets."bitwarden/config.json" = {
secrets."bitwarden/rbw/config.json" = {
sopsFile = ../../../secrets/bitwarden.yaml;
path = "${config.home.homeDirectory}/.config/rbw/config.json";
};

1
options/services.nix
View file

@ -77,5 +77,6 @@ in
default = config.profile.services.telemetry.enable;
};
};
technitium.enable = mkEnableOption "technitium";
};
}

1
profiles/homeserver.nix
View file

@ -71,6 +71,7 @@
ntfy-sh.enable = true;
ntfy-sh.client.enable = false;
couchdb.enable = true;
technitium.enable = false;
};
};
}

6
secrets/bareksa.yaml
View file

@ -1,6 +1,6 @@
bareksa:
mongodb-compass: ENC[AES256_GCM,data:l4zKnbAKQURlNzLS2CDQMCcZCCyZr8MdbJaHYjGtXnNde7zyS/wkPMKpUzvp39qhFZ87w54n85djdIjW9a3cyjx1Z8L800UFrEAZqiX2CNp1YLZSdyIuq+aD36+H9+3ceB35Z2eeHaLTDUUWK4g+WL07kglwx/IV5wBM0K7CO1uEd6iLcHFxUMUYt/N8l05LmXK95VwVXwMKDwsz5uxrPH5Eao8VG9J5Xh7B9tqY9SyLOhr06W8Y3iyvLHZmlpix0dectSoBTNPY4OM2Uv94Qxy96i8Qv0KMwrYQ8M2FcDXrzV+jXq+6dV/E+8xuqGEn5CDqNDZhaEWZ7VKkeY6Tq7INQqm2S020OfJviemlYXURe/j1a8thoeZGDZeMBTGL+0+fB5VVZoN4Yjmy3ezWMhE+zouvkpCX6nWdE6rTwLOoErtBMktjZTI/DcGBN8dprNYpAclXp16RWYYvSHJEeLOCxCjhi5oySqFgtychmJBDO6L0DW3BwRqe5qhK9wSOWpwZUEp4FcVrorgzKJCzfYJYox5ctrd37mXhikp7aB0ADVwFAV7i3/RTKM+C9H26nrIdl6fF1wyrytt2Ge5MPsHutaj1LB2xcyLGebFTis8fyycDchIpF8PYqulyiw+YIrXiF0MZo7N/G91G83rNT3SMuEQpeTHv4H3wuWWHoiSXIoYhCOuJNoyxSZMi3ZTcVQmgSv0oant3Cxz0+/MrjBl0tgkpeFWdugMKuvl3GWO0uMmLppKUkfUa1vxLoxZ/rk/ATfz/jkg0gQcZ01PJij4iJU/EDByKU0lTcyCd7aaLLG9u96sKn4ymxBjkP1Z9bKOaqtybXB1R9X4Jw12UtsjFhNEyClyrRC9xQ9H0vPh8oWzxyKbIW9KId0XxvFMLhKH6TmWrX2+L324xqkRS5VCtS3YhDtLNJXA8gjj9G2LjYf66rI0Tir9YaYSmiiuE8J0rOoKEJjuaLBwQP1PQo9NsTj4fG7mOUqCOPGp66oiWGRtxuC9j2j841gUUvjzkNOJ2Pj077yQNMO5rRBG1l4EoNhaAzZygp0dGp03np2WTDbqpCtBB6GuQcBnzc5pdzTtFndbOfbHzC9VaG/1Y9FfNEK4TaWm0J7ep4VDa3bzKvUYYb9lSwaAIF/pmP3dMDiRgcn3Ck8uQlHyRxvK+eqNqJpObeiKKsvKfKeniqnpJwUvCEf8yczENu25A/3mRYJW6yWCERxZxiPZn6RdOu/bjZ6Y1wO80lxJ5xGKHpWemAyar8aLuOsPpbbsVWFpx8TG29Z50SGh7TNdgHBJJtuY8voMxsrxMceDhWkNDw1/3IP45RjW2FQ0a/xQ/MAgoCdFopOmzj7lc2zdU6Py5O2goznOrnyQdkik4RwCPenBT1p3WLZjSnH7ymc7elq8bQn5zUUHaDK7oQnIYrHtlYSsSuKY+cSjd3v72HbF85XvIal2LzwxgURafWJ0AUU++SNmR2lKT4s3azVywT/gqq6fVEm5Ffu5hdsTGMU5QgYFRfpPrB7IAYQlpVk8VfYmim5/IY0TG1/0Qv4ylWU2chC+Spof04PmCEQy5MnQru/LP2s7MQ/ZlSaHfZgR2NGdryf2Dyu4FTEZSY08Cdj3EthdvC1aAeiz1yuDpunbZPqF1Oop+lCBfZlWTpc06CdA26+0SjY5EUFtazzuQOY0WsO54dcj0CIfAxpQJEQ==,iv:xu/zsGEV2RWyfKtKmEo9yajNO3RMcaxdP/6Sn4sQQtA=,tag:RpfrCMYfEjJKgwjr+AJ4KA==,type:str]
openvpn: ENC[AES256_GCM,data:eqkyCsEu0PGPpMbweh+w1mhIDXBIDbxwHj9m91AzztbjyJ+2xWo4wWxa7F+luosddoQfB5nCUiGIKqhcYi8LQHUfnVxD4Dsd3Ysc04eXh9cbx22+LfjPbokAP+QvBXRaJTY15g/JUYstKENMfbCwE7PBUNywme7iFPhqGH+h8kqlgGdtHIoNJjs5HFVe73zTPpEP4805F06EmLAxG/y7r0k/XiVBSCf+uwcaweXVMRnj7IEv/EQ8cvAimfYz3bzeJwqGQG23ExAStdaaIq5tW78LtMq2qmIWDw+sA6v/b8b+gSDLf/tx8glbOs/kcH6NOGq99wN2Ubv1kAFs9SEH0FYZQNmxUxaqrzcCGgo3aJLDzic5KleIpGT0feCtm0tYy3ao/QAcXBOuTc5RJOZo4675eyGsALayKtFHUU7uDLC3s3Dz4Uh5JRlbVRBtL1oJCqNnrkMzBiBNhxQ1zGTQyAxQXE4yIw3IsyZqX6kagAsaaIv1T36X882IoU5YTmr2bsm+Xs3Rd2DMKDWu4a89dD6n6Ufbu7rge5WRP/sz6ZRGP+TuhpAfWgzvYwc23wT5rDazzG/rUJK0vICgQcAduCkKE7RML7Q7N+lMAV2UqLve9JTc6TZfgrfBWaqi8+MYA2pM8aYqqdS2n9kRAwJs1O6Oli3ZLrM/LKARTwG63GV0xVbOd+ie7Pyz6KoqxE+Oebo3q39cBunZEq88ki3SggIIhpdcjAqNyH9GCyzEhTn8uuddZ5ZC0NXj8lQAGVCgwhEDPTERxycOOiBGkcWYmvoOSP/m3CV3tOTatir6cTDKjifrpL3ngTc/T21WXloMk27g790nY/GeJd+yHaoFs2AVNEvvFuOsNuecV3FQOxuajPTaho5+aDQK6iNioG+ivpu5eLYmqsy45X5Lf317dsJzHsxyZmH82OH/HX0qFtvpW57OZg1eAO9oAqJtfPkEnyw3CW5qc38oVN4DgK9mvdnGoXRQjky/1PSNAG1hRjdF4VvLKK3Ls/EgHRzd3Kik+xUwdbzyeQ7cSkhai+lEHNNzOV6eBDbhEYTQFqU7b+U7k9d+xVWrAHQMRYMIswotcS/UuQYIzd9b/qYraUe8ynxLK1Rcz6J5m3lZ1NrX4tfwJRDXuj429P2e2UAaPv8x0lgiQWcmHFPsaTPcPA9n3bzTG81FYrdDy5jJ15+RLWdWHUZc/RKNSmZWzHe/ocqm4Oj1oS9jgB5nn5JGAtVZbEWDUabPPGgDl9c9expbwXOodSHgu/MVXfxqbCKFrhwOxpNFTMeJKe6WFZ9/3TaqmA/lDwXELzmyEFNS19jPM9BriHOKSPwwZ/BhJMxYLFvM2J5UfHiPbNCVH9FvHk/VdfPTmY9XssXmEEGGPNt194os3rxRxVCFLkTMvPYWRx2gMeSNk3qwnHzlsOqCSGJiyGNSavEK07C1AkAOHQBk5VhBDpWtqtLBJneu7zxIIezt6Nr6I8XVr2ceTlJsvZT3WuxpAIbTNNGxgDzRaRIjSdBy6lXjWT4bLn4ZzXLO8XcJ01T7chmeTPDqzymF+3VEWo7Rsk0W7wk5w7JOwjfX2aV5hWq1Vb0zUtiJc9+PtvIq78eMi3KgMZtpukuikSehX6wgozSL0zi1zo8JHYyYIt46kfcW4o1hZ9qE6H4uFca3lwKvLSHx7z3TJe79LEL+4ObXWWowBGZNoSN1cWEw3BNlNrzfMTZw4VcIFzufegits6nGT8WpGqqR3oiH4CcZhyQ6Qx78RYOkAs33GVhdFda2QlsRdFOWmMYTDPfM6ABXgWfO2Nzxj3gjHVACv+0g/rYUCd94TiEDVYcKStjvvPr4r+fj6eUY6EsdtzgwnhMQWNaNRMO8Q3CNzG8plaFk/O/CK8R7FvIdeigEs1O1CwxRcr/80ZVx7/xj/T7p3hvM67nzGvfyRTwEgkl9hnBLZU7sMV12d7DOsanGJOViVrqQ/GgfvP9w637SmtLFDLzZ6WREX3W2edp5JXQMg0hzW25p7sSgpTde21bY607/25VKRVw7ejwOeRebBrqj4lu7Xk2iXY2H0hp0+klxOZp/INl8WfxGIY4W34McTkGdLOonWqdCUoDjUJvbfH5uPCqoghRk+l4Ex5ogjCaGx6GQAMdvg/uEG8DtJx1GSW/SonlhfeNZncmhx7l3zvtt1WziRCo4xAOma0GjdtGhg92zNqGzWYjBtqKL4kXFX31ygwdF+CG5JlAv64B8bTEJeU9UiYb/D9QyQxUmUixjB/DbACA8j6c5VchkAEkdz8p+eexugk2aOb1IkkM0/kcGVeAHJ2J6rzQjQ+5GHwiU1Zh/j44Jy/2L94U6xcrampcB4NBHY/lOOgeSaGGZ9gvskrAW5EGiusiil8V7vdoLGNa2ke1LAv8rawqAlDiIA0XRKi+NV2egeqD7oatnDsQ+FExNaoAAyFmk9To4UWMSuv30X3E08MzETWuXiVAD+adGfAy3Ha9odCwf2GbJji9x2SkDv9lA0AJ+ZlfKOuUU5+GNpbusuRYqGeTXtgorgAtzx1+Fw03xm37FKBw4qEY1UtbNZjhO8rPHCDjgt5zBD54Kct50GbKL1aG6gVlAJN6u0KCFbluF2kEI4NCMoZGe0YdjukmRpHSd+DepHK+mBDoroUPSbuhv6Pk5SrzyeFBGB0ynrnI4gwyf3y3I+c03vV7potWUusNCJz4rv0hgtW4Uup6eoYjJ081x49JkaYFHu0m+bE8R7kJFzcWIgJeUu9lJvmVCRG5bSj0pRlQGrewebt51bvmV5mJ7z0sAI8rgouP09LFom2K4mPWMgOD4mlhKHUdIRQ0/x2zl0Mp9HLWdXu/Ns5fhQSIH7YpvmYJs1OHiCG1iLiDdN24UKl5oN+va3gt03gH2jePRvba8hOltbf7+kRDccI8toLb9IyEmb0RDQg0jB+WssiJupLk4aRrCG/VIuVcVFPRsvWCqJi3FVXKvCB6VhoHs9rnlc3Jlxod9ZjlwEQ7lpVxFun6vFFDqLwQwZHuHr26cKOQIpgL1Q+uj9/WjO9WAIfUp68Ley0W3vQMaljjWhDODJ21SZnU+hHApUMY69MKAL4wuQq002fN+fmrkfeG2qYjbHGnlFYjNp9LP612mANxW636cCkWfH+FABm143Fm+yd+XA/FPBlsAMeuz2w9NLL2Djc6mIDfKETwovXU4daelAsZEmnYFPSpelIfRPBWS5JTVREvkUDyFROKKtzzA53b4k2z7HdN8YRTB/sRIdErRFP+EtpymZXPtBAOh/vbOXRY/H90dHvyTwB7xomMrRpa1hLeJm3vtBTToQL8ZWeCX2R53yIWg0SQe5QMO2VgoslZNhi5RQnJ1GxlOQ1iWxrHI8ViWwqEgyoV1q8JXIE2GfbhwXrWXF8WxdJBZPwmuNVn5xk04,iv:gDpHNdBvCy9AsFsDICMJrjVFU8x8GPG7nImgSYHtatk=,tag:OJf7+u0nIDeITY8deQQ0JA==,type:str]
openvpn: ENC[AES256_GCM,data:uV5WsWvPWbNY9c7m/Qf/GcJiOi+jgIA9R+45Zt9gymBvmoCq+9ePGYxpEhiugVjPh/NAQ/sowr/LD3Su8CrokPSlkELtk/f14MIyBNqhrVKqKW3xkLwFj6P6My0W0Odg/2XVe1wsWd82NF4L9RNCqDcEVt0uCv1zKA7PzK5hEswmnsL3fLYoETpWB3AjC49VgrvxN2lnNfgS/s9zagbd+vfz49Y3GtFkqRlke3Jr0Rk2rl5TlKwLV4UE5CiuMsDEPfiA2I3dR069Mmu8HeYEPbmNyPfvQhwhocqiqlu9CvXAzqlGaBmqRovZrNyrpK+poMBWqVrEGWurYPHVBZkCPQc0cF959B5gjGfANoM20t8nTJqV39SyyarWwdH2hrHqLiCSQFaR78977Gnw4RO0C6eSLJBIkG/QvGYjjbltQUcPgSoEfc8xjQp/1Jok/AlVDnvA5MsqTnLPf0QPWdvGEA6msg8r/ZRbQ4VRsBNxgiorO+zJg+cjCG7VGuO/ARvXyrooyiS3lrHEz8o4BY1c/Dkb6tbbrJ+ENJdKIYjswGSOL6QcGQzBWqeAm96e6iFPMMnnPjpKPr8mDlVDsLXeCGx76VuvY8iVkcg7tT+btL5UuzkiDlzwu5He5oS48Zk8tDlA4+vnRyUvr2rdAu4ErWx3wKGSnG4ojKZZQujUWxPCWS2YcyOt2lZ16d7GqX/vYde9HnxnbdN3XPuIlJ+aedW9eljhpK194gTyIBBqjuskuMKN8t4LiI7fl6uZsr+USnYf+HF5dIJEFShJ0ZD6YgCjNjq5V6KADlowys8bRaiSfA3BUKaodJtqaxCDqaGUvabFJPQ6PYSky8+wGAmjrv5gfISpdkSMNEgqh4aPspEDeKUkx0EeoW9rgUhFiliEmbNUWWqRUpoVNL2O3xAgNgZJt+WzrWRnXZIzYQujYvcoi1B0dTxG5WEclhD91kTSmtwx8FpYsOCKds1qHkFxh6ekRMkjqYWMf9lJ/W+A2x9bCqcNubpH4GWLbfSJBNpCKW86JAD16+aqb4sPvUKPvvNTRHAqK0bA1/hlvmlOvdR/kYDE5S148HdFz0FujSPOX9g2UDZVyCxW8xw48Lj+QWlrrgPFzomT/gL09LtnA9KFmk2cGkfnPaMYUKX8xPmg+34tjrFhr/HVJ/P0rqbBTFqJGZel/PiF8RbF9L/R3iIf/x04dxDQxz0gCHsyHtl1MgussbHpxfqV0Nxrc11FwAokJ+vKMbUfsW+OWNmZ2lNNJOPjVsQc+Hq2AlZUi1PIfXx4f6QiWXoYIqhpkMkQUTmXAvvLj/8QTm0dleKvbdOVrOI+nXS98zsU90G/JThBBYXGHMubYsuEaJQEJfk3POsSKpZ47Kj6YHTmPsvn7BUkBAR5mQ0UknuOPKQ7y95cytk7su2HC+Jts6jB0PCoexRvubEQkFiZ//0SPQ79GNYDJRUrY89F1XE0lL5PrqChhGjNtcxcao+MYcEq+u1+0m7/vHqTjf89EHUUxoMubU7S+3aOT4kMZwetpIxLp+uQMrm7vB9BOaobelhPJMb/ehpktjkkii07fHPIA13YbcdNx5xvp4Hkn+4ZGl08c8qt0IfpZ9/qfROqirtn8733khrWfpPvcOOdyunIBtT3dmUHbnknSBtci1zumGbaCCaZPUGLUh36XKnqr+RjI0VKLf9OEKpik2s88nolXQpCiZx0qoErvhWG9stJOWEZMj1EKcsg9RcW1V+PdrV7Nhry03BdItwqk2p/BV45U4Di8sXTw4mminohEpW9k/0Lsv25OoTlvqGK4MQHhJRYgKFqZHbLttq6vBqGJg1rinU97rSZU5iaisI5uDdrx4mam/7SukRIZlr84cNiIeii+FDgbIuruAM43KVdb2SaHDayfHJb9xAjDEOHz1OfVYYwrR2eleIOW96lzua0YOYYX0EAx88DYQ+ulKjLKMtKqGMDOMBSv63WJiPpm7DyiIbQAWsHSKQeYE7gnBNg98ug6TI9570RZybSzdk67ZiaerEkyCDOWg+iPHmFO3TCly/LklpZI0SJxEgQp3M6yAAkLRxNLawRjl0TF5/xNxhH0tZEU2U3fHyiXIiuFJTzgMl2NCVSfu1l+BTUZCDbd3StJuKS2yq5i73XJX0nrg2K7g9u88tsNuZUngaH6njjtrayuycjpB/wZDq00gA6fiuQs74DIGafjG+PlIv2niwhtbkW56S53tKOeZKhuZKW7r8IEYAHDMQByPxBKEuA28N7NjQytsI5fkMQENqySwEejPhJMhOw7i3ODbr+VRKNiq+xYBQrB8PgXkbXCpfNhZWOr0O2ICk4HwqcRaYislnkJ3VZ3TO3e7MpRFOtIv1Ajwz5FsQu+TJReqv7rjuAVM265idFgxpz8JE9wMq21JT3M/RebvQS2mYJYZyy8vZH0HZ92Vv4MljyBlw1uCGfKnl1gdB7jBy8TNygs0YTFGCSVATuPPfn/TOjI3LD3P6jVYIlsii7RSXUOO83PvBTjEk4MaL2qnfHqymRnlQu6QI6FBUgqE1Ak9DoaFRmR5kW5N2MbVfD+gZliPQsFDiJZvdPpSqHkW7pVax+2DjLxY6tX8au5S+HW3zxgw4vczOK8sbd6F0shlYXviFmi5a72ta9wAv4AaevRJxigBmc8WOTivW+uz3XSjl09yDFtNwlEvDt/jzneVNouEOu5Q09ZJKFOba0oSUUKNNWD1XmoPaqV1uSZ2LcaNng+JxLmMtZasHIqW03b18m2Sll1vhqq7GebStkImPwwFN+03QRMZFdaZRNKhHLMfPzOjtyoe1VyWHwJ8gOoN/qjCC8cOMSquck0EDZKhRIMOw56ZHoCVgAmkMpYl4beGfc+C1C30MB1RPD2Hbyh/9yhuQrYW6Fektc2IrGtFVXEEZSzyvhvSM5I6MVfRYggLBp0bk5ZruapVYxdzIVxCogyX8hI3HgvSgXAnIdBKPdW67P9qbg+aty+jnx2cnabdrlW+0Aa2PNVMCYZ1yHqRD1dTQflKuhdkBBhMrNSrRcpUaCnDgOII7z8GPyXzztdJ0W2pcoIzmNVaQwmS3D5Ctas3bVyLV4XMBlhi0KqSass+FQaBd+nMOfYfxKLeCJPw2twR8C0oi2DnP9OkoA1X8eeZ5LRUjpeNoyjbm3++HntUSGJXZ7F4jOiwBWgAdmtcvUds9g1DkbXF2mf11l8AkBtcubwLWh5pDE8JwER7EILzSG/EgrDxH+ePtqxlIiULGzdKONiUuUW7HMnL5hmjOf+lnCizo7Q0lNkkr9SChuCAUa8L0xlDl+LYdHet4Iq61qvBkI4GTfmM9VWiohy7gWPpe/vyIeK313DbbMhtXrWfnwsXtCUs2amZrFbREo+cre5563CH9eHfyvXLzfaSDrHd+aksTQzz/UbaVeKLwEspLSHjAjs9v28KjWJVdHSzxwSzTI7q+teiW6Sd2RCKfLy+QedRDi6Bdq,iv:BPphYLrq+qdZwBYk58wKtCQpMMvyUskNVAH9bWwNao0=,tag:yVmJjmVFz6bcSqPSZo6EOQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -16,8 +16,8 @@ sops:
TlB6MjhXY1VPUkJQS05hdFVGbGlIdUEKhK2RFfuDZUXdDUL/ueJnRP65lAGFVPXg
zqZdgIU6/CKKRjguw4LC2aO75y2tISRrACvvzjjp0LED6rZQfZspWg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-28T07:56:59Z"
mac: ENC[AES256_GCM,data:sY9EySdiDrXVAKKa2OlyDKStL/zMgbZzjU2MYqfjaKMn7YcYhToJqXZVx7xZr2jUR3BzwY0sjjirzTyjsq7uGsR6hbzOBy0LAMYkgup9UbD6T7xIPF4IMoMrku7fzq2fp4atCEKy38fXLr1cI0FIQkHN+vm3onpJ1g2ymtOonwc=,iv:9GZQmhCBydsBOzbPLX2LHfBuDpsvNcBHGZ4PxccaTTk=,tag:AmrkUeJ9u9/l0zBvBOBVyQ==,type:str]
lastmodified: "2024-10-30T09:10:48Z"
mac: ENC[AES256_GCM,data:HsRRHrttuqeh9+PYTQZNWc4g6HZhhyMyBmuQjD5/+FyunC5x1xYLHB/yrtwPBpSbN3KfZA6QMEstxA7YH+DBT1fL2+IL+gKx/tWDzAmQIoB1dA0dufwnuZDPqwhnTRbcMczQUPOzMny6TZh5PY+XyAWjDrmrCE5lYtjw9Jh4RfM=,iv:SlAOXITlkIEg1Hqp4Z5oryfNryp9SkfoerhR7hShY/I=,tag:Wd2EEV47H38otNMCvpYBgg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

9
secrets/bitwarden.yaml
View file

@ -1,5 +1,8 @@
bitwarden:
config.json: ENC[AES256_GCM,data:oob3Dybuex844TY57FmTL+JVgPS/QQeEVMVeiOYrGaXLpH0OE76rJMiOPw==,iv:aH6Xz+3bPRkK7Il8/g516du4IJ7k71hZMTlF33YARBQ=,tag:LOf9yZDkASMwAq3UvWjv2g==,type:str]
rbw:
config.json: ENC[AES256_GCM,data:dKdB1aYPKGcC5xmlKMsGzusw5n916uR3TH00oKlbhvlkYaK4JYAze2R1mQ==,iv:fg3FDh/kWQL8ZXtCOYGy0fKkqRXM19h/JnmB626stK4=,tag:+z03/3YZ5vdzQtL+C4WWtg==,type:str]
bitwarden-menu:
password: ENC[AES256_GCM,data:GpU2KvjenwLcH0CMN9wx7LtRly786KDPoak=,iv:imgghA9ti3VLd7fU0Wx7s3WujHs/GfeKSqEYK0/GQkI=,tag:5DuQjIy2Hr02Q10Tzwt+6Q==,type:str]
sops:
kms: []
gcp_kms: []
@ -15,8 +18,8 @@ sops:
NkhTR0pOd1JxNXhjb3hsWlFyREl5RU0KHFFdDs1BDo/CUeIjV7QGxIfL6nwfuzYE
+zRqZDbocFnNQ5m6X17O11+xGhRASL7ORweIeVlzCpCyJ27IsaoSIA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-28T02:13:49Z"
mac: ENC[AES256_GCM,data:52uwqIj5gXnXlFRuzd9mqvziAGkso+HWwqlD4EcOhXs11dHpgaWsusq27ItwyHwZaN8UUN8frfC9/U4JppOgjiUXpteO78DX/Hc8QZP9Q7Fw5rvd0jpQIWDhXC0LmqIIg0v3lvv1jgWkMHrxBsB5IfJiOlitwX9hG9wn+8H7Qq0=,iv:FvZmiqJmD5bJAM0PV6/uolsMn4r2UC964MUXL17K3o8=,tag:Dy9kVUhtbLrC5ykJsr1Mcg==,type:str]
lastmodified: "2024-10-29T04:54:37Z"
mac: ENC[AES256_GCM,data:jaTnfW+stQNSsbeUIvI3viXYAkw0VJ+oc2IDFrEuU5p3h23gmPoJkaY3fQ+eC9BAtcElvkLAyvIFKD1zOLtWb4brQUWW64xK/sjuYc0xdathbSMtjbNiX6eDciBcSGOqcncJ1FsnYkaYT7u2U5NFUh9G+WjQzET28gIbDKGnDbA=,iv:9X43hNPnQ6CtvIaw+lOtFXu9586Axi+fQvOoudeMYkw=,tag:y7vlNt3lcfoYP0F2SIJHlg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

5
system/podman/pihole.nix
View file

@ -6,7 +6,7 @@ let
inherit (lib) mkIf attrsets;
ip = "10.88.1.1";
image = "docker.io/pihole/pihole:latest";
piholeDNSIPBind = "192.168.100.3";
piholeDNSIPBind = "192.168.100.5";
in
{
config = mkIf (podman.enable && pihole.enable) {
@ -59,7 +59,7 @@ in
hostname = name;
environment = {
TZ = "Asia/Jakarta";
PIHOLE_DNS_ = "192.168.100.5";
PIHOLE_DNS_ = "192.168.100.3";
DHCP_ACTIVE = "true";
DHCP_START = "192.168.100.20";
DHCP_END = "192.168.100.254";
@ -70,6 +70,7 @@ in
ports = [
"${piholeDNSIPBind}:53:53/udp"
"67:67/udp"
"2000:80/tcp"
];
volumes = [
"pihole-etc:/etc/pihole"

32
system/podman/soulseek.nix
View file

@ -16,44 +16,19 @@ let
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
basic_auth = {
username = "soulseek/caddy/username";
password = "soulseek/caddy/password";
template = "soulseek/caddy/basic_auth";
};
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$SOULSEEK_USERNAME} {$SOULSEEK_PASSWORD}
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${ip}:6080
'';
sops = {
secrets =
let
opts = {
sopsFile = ../../secrets/soulseek.yaml;
};
in
{
${basic_auth.username} = opts;
${basic_auth.password} = opts;
};
templates = {
${basic_auth.template}.content = # sh
''
SOULSEEK_USERNAME=${config.sops.placeholder.${basic_auth.username}}
SOULSEEK_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
'';
};
};
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/{config,downloads,incomplete}
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
@ -67,9 +42,6 @@ in
serviceName = "podman-${name}-autorestart";
in
{
services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
};
services.${serviceName} = {
description = "Podman container ${name} autorestart";
serviceConfig = {

33
system/podman/ytptube.nix
View file

@ -68,36 +68,11 @@ let
in
lib.mkMerge [
(mkIf podman.${name}.enable {
sops = {
secrets =
let
opts = { };
in
{
${basic_auth.username} = opts;
${basic_auth.password} = opts;
"ntfy/tokens/homeserver" = {
sopsFile = ../../secrets/ntfy.yaml;
};
};
templates = {
${basic_auth.template}.content = # sh
''
YTPTUBE_USERNAME=${config.sops.placeholder.${basic_auth.username}}
YTPTUBE_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
'';
"ytptube/webhooks.json" = mkIf config.services.ntfy-sh.enable {
content = webhook;
path = "/etc/podman/${name}/webhooks.json";
owner = config.profile.user.name;
};
};
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$YTPTUBE_USERNAME} {$YTPTUBE_PASSWORD}
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${ip}:8081
@ -107,10 +82,6 @@ lib.mkMerge [
chown -R ${uid}:${gid} ${volume} /etc/podman/${name}
'';
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
};
systemd.services."podman-${name}".restartTriggers = [ webhook ];
environment.etc."podman/${name}/ytdlp.json" = {

15
system/services/caddy.nix
View file

@ -20,6 +20,21 @@ in
package = unstable.caddy;
};
sops = {
secrets = {
"caddy/basic_auth/username" = { };
"caddy/basic_auth/password" = { };
};
templates."caddy/basic_auth.env".content = ''
AUTH_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
AUTH_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
'';
};
systemd.services.caddy.serviceConfig = {
EnvironmentFile = [ config.sops.templates."caddy/basic_auth.env".path ];
};
services.caddy.globalConfig = # caddy
''
servers {

1
system/services/default.nix
View file

@ -19,5 +19,6 @@
./wireguard.nix
./photoprism.nix
./ntfy-sh.nix
./technitium.nix
];
}

9
system/services/ntfy-sh.nix
View file

@ -74,7 +74,14 @@ lib.mkMerge [
];
description = "ntfy-sh client";
serviceConfig = {
ExecStart = "${pkgs.ntfy-sh}/bin/ntfy --debug subscribe --config /etc/ntfy/client.yml --from-config";
ExecStart = lib.meta.getExe (
pkgs.writeShellScriptBin "entrypoint.sh" ''
until ${pkgs.unixtools.ping}/bin/ping -c 1 ${domain}; do
${pkgs.coreutils}/bin/sleep 1;
done
${pkgs.ntfy-sh}/bin/ntfy --debug subscribe --config /etc/ntfy/client.yml --from-config
''
);
Restart = "on-failure";
# User = config.profile.user.uid;
# Group = config.profile.user.gid;

2
system/services/stubby.nix
View file

@ -15,7 +15,7 @@ in
services.stubby = {
enable = true;
settings = pkgs.stubby.passthru.settingsExample // {
listen_addresses = [ "192.168.100.5" ];
listen_addresses = [ "192.168.100.3" ];
upstream_recursive_servers = [
{
address_data = "1.1.1.1";

23
system/services/technitium.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, lib, ... }:
let
cfg = config.profile.services.technitium;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
services.technitium-dns-server = {
enable = true;
openFirewall = true;
};
services.caddy.virtualHosts."dns.tigor.web.id".extraConfig = ''
@require_auth not remote_ip private_ranges
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy localhost:5380
'';
};
}

64
system/services/telemetry/alloy.nix
View file

@ -8,6 +8,8 @@
let
cfg = config.profile.services.telemetry.alloy;
webguiListenAddress = "0.0.0.0:5319";
otelcolHTTPListenAddress = "192.168.100.5:4318";
otelcolGRPCListenAddress = "192.168.100.5:4317";
domain = "alloy.tigor.web.id";
in
{
@ -22,38 +24,40 @@ in
extraFlags = [ ''--server.http.listen-addr=${webguiListenAddress}'' ];
package = unstable.grafana-alloy;
};
sops = {
secrets =
let
opts = { };
in
{
"caddy/basic_auth/username" = opts;
"caddy/basic_auth/password" = opts;
};
templates = {
"alloy-basic-auth".content = # sh
''
ALLOY_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
ALLOY_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
'';
};
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${webguiListenAddress}
'';
systemd.services.caddy.serviceConfig.EnvironmentFile = [
config.sops.templates."alloy-basic-auth".path
];
services.caddy.virtualHosts."otelhttp.tigor.web.id".extraConfig = ''
@require_auth not remote_ip private_ranges
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${otelcolHTTPListenAddress}
'';
services.caddy.virtualHosts."otelgrpc.tigor.web.id".extraConfig = ''
@require_auth not remote_ip private_ranges
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${otelcolGRPCListenAddress} {
transport http {
tls
tls_insecure_skip_verify
}
}
'';
systemd.services.alloy.serviceConfig = {
User = "root";
@ -62,18 +66,18 @@ in
environment.etc."alloy/config.alloy".text =
let
lokiConfig = config.services.loki.configuration;
tempoServer = config.services.tempo.settings.server;
tempoProtocols = config.services.tempo.settings.distributor.receivers.otlp.protocols;
mimirServer = config.services.mimir.configuration.server;
in
# hcl
''
otelcol.receiver.otlp "homeserver" {
grpc {
endpoint = "0.0.0.0:5317"
endpoint = "${otelcolGRPCListenAddress}"
}
http {
endpoint = "0.0.0.0:5318"
endpoint = "${otelcolHTTPListenAddress}"
}
output {
@ -156,7 +160,11 @@ in
otelcol.exporter.otlp "tempo" {
client {
endpoint = "${tempoServer.http_listen_address}:${toString tempoServer.http_listen_port}"
endpoint = "${tempoProtocols.grpc.endpoint}"
tls {
insecure = true
insecure_skip_verify = true
}
}
}

33
system/services/telemetry/loki.nix
View file

@ -7,39 +7,10 @@ let
in
{
config = mkIf cfg.enable {
sops =
let
usernameKey = "loki/caddy/basic_auth/username";
passwordKey = "loki/caddy/basic_auth/password";
in
{
secrets =
let
opts = {
sopsFile = ../../../secrets/telemetry.yaml;
owner = "grafana";
};
in
{
${usernameKey} = opts;
${passwordKey} = opts;
};
templates = {
"loki/caddy/basic_auth".content = # sh
''
LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}
LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];
};
services.caddy.virtualHosts.${lokiDomain}.extraConfig = # caddy
''
basicauth {
{$LOKI_USERNAME} {$LOKI_PASSWORD}
basic_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
'';

26
system/services/telemetry/mimir.nix
View file

@ -7,28 +7,6 @@ let
in
{
config = mkIf cfg.enable {
sops = {
secrets =
let
opts = { };
in
{
"caddy/basic_auth/username" = opts;
"caddy/basic_auth/password" = opts;
};
templates = {
"mimir-basic-auth".content = # sh
''
MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ];
};
services.caddy.virtualHosts.${domain}.extraConfig =
let
mimirServerConfig = config.services.mimir.configuration.server;
@ -37,8 +15,8 @@ in
''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${hostAddress}

45
system/services/telemetry/tempo.nix
View file

@ -3,55 +3,25 @@ let
cfg = config.profile.services.telemetry.tempo;
inherit (lib) mkIf;
domain = "tempo.tigor.web.id";
basic_auth = {
username = "tempo/caddy/basic_auth/username";
password = "tempo/caddy/basic_auth/password";
template = "tempo/caddy/basic_auth";
};
server = config.services.tempo.settings.server;
in
{
config = mkIf cfg.enable {
sops = {
secrets =
let
opts = {
sopsFile = ../../../secrets/telemetry.yaml;
owner = "grafana";
};
in
{
${basic_auth.username} = opts;
${basic_auth.password} = opts;
};
templates = {
${basic_auth.template}.content = # sh
''
TEMPO_USERNAME=${config.sops.placeholder.${basic_auth.username}}
TEMPO_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$TEMPO_USERNAME} {$TEMPO_PASSWORD}
basic_auth @require_auth {
{$AUTH_USERNAME} {$AUTH_PASSWORD}
}
reverse_proxy ${server.http_listen_address}:3200
'';
services.tempo = {
services.tempo = rec {
enable = true;
settings = {
server = {
http_listen_address = "0.0.0.0";
http_listen_address = "192.168.100.3";
http_listen_port = 3200;
grpc_listen_port = 9096;
};
@ -59,7 +29,12 @@ in
receivers = {
otlp = {
protocols = {
http = { };
http = {
endpoint = "${settings.server.http_listen_address}:4318";
};
grpc = {
endpoint = "${settings.server.http_listen_address}:4317";
};
};
};
};