tux/nix-config
1
0
Fork 0
mirror of https://github.com/tuxdotrs/nix-config.git synced 2025-12-15 23:00:06 +05:30
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: tux:abd2134a2a59caa48dd8e908e439e474054261e4
Branches Tags
tux:main tux:old
tux:25.11.2025
...
compare: tux:71cc3c3e7f264b74e50706e72fdd2aa02812ca21
Branches Tags
tux:main tux:old
tux:25.11.2025

2 Commits
abd2134a2a ... 71cc3c3e7f

Author SHA1 Message Date
tux
71cc3c3e7f feat(node): enable firewall for additional ports 2025-11-14 20:37:51 +05:30
tux
f3063dd250 feat: add umami 2025-11-14 14:13:37 +05:30
4 changed files with 49 additions and 5 deletions
Expand all files Collapse all files

6
hosts/arcturus/default.nix
View File

@@ -19,7 +19,7 @@
../../modules/nixos/selfhosted/headscale.nix ../../modules/nixos/selfhosted/headscale.nix
../../modules/nixos/selfhosted/vaultwarden.nix ../../modules/nixos/selfhosted/vaultwarden.nix
../../modules/nixos/selfhosted/gitea.nix ../../modules/nixos/selfhosted/gitea.nix
../../modules/nixos/selfhosted/plausible.nix ../../modules/nixos/selfhosted/umami.nix
../../modules/nixos/selfhosted/monitoring/grafana.nix ../../modules/nixos/selfhosted/monitoring/grafana.nix
../../modules/nixos/selfhosted/monitoring/loki.nix ../../modules/nixos/selfhosted/monitoring/loki.nix
../../modules/nixos/selfhosted/monitoring/promtail.nix ../../modules/nixos/selfhosted/monitoring/promtail.nix
@@ -97,6 +97,10 @@
aiostreams = { aiostreams = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
umami = {
sopsFile = ./secrets.yaml;
};
}; };
nixpkgs = { nixpkgs = {

5
hosts/arcturus/secrets.yaml
View File

@@ -12,6 +12,7 @@ cs2_secrets:
CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str] CS2_RCONPW: ENC[AES256_GCM,data:ZyVeoOngZjxKR/ObYo5yJC1ViCNufuA=,iv:+fJK0sY39V/iH7OjT0AzQq6RefVzLZCDETYcAMFnZNU=,tag:IOhRUQRdffNMXa2cKZvi/w==,type:str]
CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str] CS2_PW: ENC[AES256_GCM,data:W1Cur7YT1F/+45vmqif2JbpjVURfnfo=,iv:sBNDM2N+QWDAMculBBZtYZcM7ILEfpwkwOd7ErORQhI=,tag:XFsxTUjctZKU38RQUfJ8HQ==,type:str]
aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str] aiostreams: ENC[AES256_GCM,data:2U2EoRUsKr4OIkqrudmIUEp2bABNlSlNUTzR3vtvTfSJVemIGK31iu0SG8aR4tLSQFEZyhIP9M22zZJVWY5hX1UcMEJ1rmtXnaRjTiurRSpTj76pT9plnrjp0NWDcSWY+uhDrAsEko4oPPJEECTT3qMYLXipnzqpPeWsTrNYiuxmfDPcZw==,iv:tHKbtnLMNfY7B2ssE8x0dri9XhA2M6jIj2KOxOsmG2o=,tag:8hjqmniL/P+PfwfYiAdAwA==,type:str]
umami: ENC[AES256_GCM,data:BJN9VpwknBaX+mz6xjq1GX9epM2bukplraPw67TttnLhM9JTmZiela5oFWZiaGjG3Oss3n4WPsPvhC4m28Ah+TQLCoiDFCFqervk228=,iv:YwbJ2/1hXs5Jbqx1dNj1t4ExFS27PWbA4NT9h8/tyU8=,tag:+R1aRF/TaMSGbLDi9GnYwA==,type:str]
sops: sops:
age: age:
- recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4
@@ -32,7 +33,7 @@ sops:
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9 NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q== uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-14T07:04:37Z" lastmodified: "2025-11-14T08:22:34Z"
mac: ENC[AES256_GCM,data:6fiO+dtyMqVH+KeZerAwjYpK1pwa9bLcSSinA6U/UZa5r8GsVlL2C3Z0edsuqgyC84rYZKF7rbV41earhds2i29RhrfiJUeGdTG04ce3ncWlqHWL8gtyw+wop3FYgC2UYi0IwhLxd8vYQe2XqD6Ml949SsqkKe/taIf7uJ9aDXA=,iv:IlgHvw5XB847ZhFFiy2Vmbm3/zQW6mvVv3VX6pSzh7o=,tag:nqDDq+jAjDP+/QbhOu9JNg==,type:str] mac: ENC[AES256_GCM,data:IiZKrdo500rf0JS2c94u1XiCtIB6QguJr1XKFcPilxN4G7coUJyD8v/z/BDqSyCDbiY6RjRWoyttyi1gzKlj/WQsJh65tbDHTXhk2nPGBoHL4ojnP1a7PYCaRKk64SyBg6vjNWHb0wILc2wu/yvKNfVKX6FtMEGhUcpReoJomAI=,iv:a4hmm47FAHnY2k+YY+WmLUWjpEE+5KwtUxc+Dq6sCMQ=,tag:Rx0yOoiKd2mRx/H5k8Hq8w==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

11
hosts/node/default.nix
View File

@@ -2,7 +2,8 @@
inputs, inputs,
username, username,
... ...
}: { }:
{
imports = [ imports = [
inputs.disko.nixosModules.default inputs.disko.nixosModules.default
@@ -28,7 +29,13 @@
}; };
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [22]; allowedTCPPorts = [
22
8545
8546
9545
9546
];
}; };
}; };

32
modules/nixos/selfhosted/umami.nix Normal file
View File

@@ -0,0 +1,32 @@
{
lib,
config,
...
}: {
services = {
umami = {
enable = true;
settings = {
APP_SECRET_FILE = config.sops.secrets.umami.path;
PORT = 4645;
};
createPostgresqlDatabase = true;
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"umami.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.umami.settings.PORT}";
proxyWebsockets = true;
};
};
};
};
};
};
}