cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

containers/emerald: move to alyssum
Some checks are pending
CI / Build linux-lava for x86_64-linux (push) Waiting to run
Details

Browse source
This commit is contained in:
Cilly Leang 2026-06-19 08:01:17 +10:00
parent 4dfc898140
commit e1c02d7a91
Signed by: cilly
GPG key ID: 6500251E087653C9
6 changed files with 15 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

12
containers/emerald/flake.nix
View file

@ -9,11 +9,11 @@
shareFqdn = "muse.lava.moe"; shareFqdn = "muse.lava.moe";
subnetId = "5"; subnetId = "5";
subnet = x: "fd0d:1::${subnetId}:${toString x}"; subnet = x: "fd0d:2::${subnetId}:${toString x}";
host = subnet 1; host = subnet 1;
client = subnet 2; client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}"; subnet4 = x: "10.32.${subnetId}.${toString x}";
host4 = subnet4 1; host4 = subnet4 1;
client4 = subnet4 2; client4 = subnet4 2;
@ -39,13 +39,7 @@
useACMEHost = "lava.moe"; useACMEHost = "lava.moe";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://[${client}]:4533"; locations."/".proxyPass = "http://[${client}]:4533";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; listenAddresses = [ "100.67.2.1" ];
};
services.nginx.virtualHosts."${shareFqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "404";
locations."/share/".proxyPass = "http://[${client}]:4533";
}; };
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];

2
hosts/alyssum/default.nix
View file

@ -6,6 +6,7 @@
age.secrets = { age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age; acme_dns.file = ../../secrets/acme_dns.age;
passwd.file = ../../secrets/passwd.age; passwd.file = ../../secrets/passwd.age;
navidrome_env.file = ../../secrets/navidrome_env.age;
wpa_conf = { wpa_conf = {
file = ../../secrets/wpa_conf.age; file = ../../secrets/wpa_conf.age;
path = "/etc/wpa_supplicant/imperative.conf"; path = "/etc/wpa_supplicant/imperative.conf";
@ -27,6 +28,7 @@
modules.services.nginx modules.services.nginx
modules.services.syncthing modules.services.syncthing
inputs.c-emerald.nixosModule
inputs.c-garnet.nixosModule inputs.c-garnet.nixosModule
./filesystem.nix ./filesystem.nix

3
hosts/dandelion/default.nix
View file

@ -5,7 +5,6 @@
age.secrets = { age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age; acme_dns.file = ../../secrets/acme_dns.age;
navidrome_env.file = ../../secrets/navidrome_env.age;
slskd_env.file = ../../secrets/slskd_env.age; slskd_env.file = ../../secrets/slskd_env.age;
wg_dandelion.file = ../../secrets/wg_dandelion.age; wg_dandelion.file = ../../secrets/wg_dandelion.age;
}; };
@ -31,12 +30,12 @@
inputs.c-beryllium.nixosModule inputs.c-beryllium.nixosModule
inputs.c-citrine.nixosModule inputs.c-citrine.nixosModule
inputs.c-diamond.nixosModule inputs.c-diamond.nixosModule
inputs.c-emerald.nixosModule
inputs.c-fluorite.nixosModule inputs.c-fluorite.nixosModule
./filesystem.nix ./filesystem.nix
./kernel.nix ./kernel.nix
./networking.nix ./networking.nix
./nginx.nix
../../users/hana ../../users/hana
]; ];

8
hosts/dandelion/nginx.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }: {
services.nginx.virtualHosts."muse.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "404";
locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
};
}

2
secrets.nix
View file

@ -13,7 +13,7 @@ in {
"secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
"secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
"secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
"secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
"secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
"secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/warden_admin.age".publicKeys = [ rin ];

BIN
secrets/navidrome_env.age
View file

Binary file not shown.