Compare commits
11 Commits
50c930eeaf
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 7fd79c9911 | |||
| 41eacfec02 | |||
| 0a0748b920 | |||
| d6e0e09e87 | |||
| 61c3020a5e | |||
| 972b973f58 | |||
| 8c5a7b78c6 | |||
| 675204816a | |||
| 3bb82dbc6b | |||
| 0f6233c3ec | |||
| 43fa56bf35 |
@@ -1,7 +1,7 @@
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
# this line prevents hanging on network split
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.mount-timeout=5s";
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.mount-timeout=5s,nobrl";
|
||||
in
|
||||
{
|
||||
environment.systemPackages = [ pkgs.cifs-utils ];
|
||||
|
||||
102
flake.lock
generated
102
flake.lock
generated
@@ -62,11 +62,11 @@
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762889327,
|
||||
"narHash": "sha256-BaWFCPKMsL8eh2aokQjDOnjnm/T0E9P8/bzeOXLvijo=",
|
||||
"lastModified": 1763766218,
|
||||
"narHash": "sha256-CM694zS6IeO/tFvUW7zhlb8t67+6L9QfvCDgQy0nVyQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "browser-previews",
|
||||
"rev": "cafc3bbbb81eb4c2b78b11bab434eca2b0d3cb39",
|
||||
"rev": "04f8550aa62ccda42a6eb839a4ccf6cdcf3d953d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -105,11 +105,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1741473158,
|
||||
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
|
||||
"lastModified": 1762521437,
|
||||
"narHash": "sha256-RXN+lcx4DEn3ZS+LqEJSUu/HH+dwGvy0syN7hTo/Chg=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
|
||||
"rev": "07bacc9531f5f4df6657c0a02a806443685f384a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -125,11 +125,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762276996,
|
||||
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
|
||||
"lastModified": 1764110879,
|
||||
"narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
|
||||
"rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -152,11 +152,11 @@
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762930906,
|
||||
"narHash": "sha256-jRmmOm0lsj4fslaPtZP0RIDIG/X/Mu1v1Rw1vBPkYe4=",
|
||||
"lastModified": 1764174664,
|
||||
"narHash": "sha256-CYAjcXbI6RzQ3cWKiW/u3ZiJCeVX9PQd2J0+V8zX7c8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "ethereum.nix",
|
||||
"rev": "3454a125aab212f4a243feb623d6f495f6ad38d7",
|
||||
"rev": "e3a1e2d86a6bc1ef25bdb395d9c770b471d53e7f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -202,11 +202,11 @@
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762040540,
|
||||
"narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=",
|
||||
"lastModified": 1762980239,
|
||||
"narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "0010412d62a25d959151790968765a70c436598b",
|
||||
"rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -223,11 +223,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762810396,
|
||||
"narHash": "sha256-dxFVgQPG+R72dkhXTtqUm7KpxElw3u6E+YlQ2WaDgt8=",
|
||||
"lastModified": 1763759067,
|
||||
"narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "0bdadb1b265fb4143a75bd1ec7d8c915898a9923",
|
||||
"rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -308,11 +308,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759569036,
|
||||
"narHash": "sha256-FuxbXLDArxD1NeRR8zNnsb8Xww5/+qdMwzN1m8Kow/M=",
|
||||
"lastModified": 1762247499,
|
||||
"narHash": "sha256-dPBqjoBcP3yczY7EUQP6BXf58wauRl+lZVZ/fabgq3E=",
|
||||
"owner": "shazow",
|
||||
"repo": "foundry.nix",
|
||||
"rev": "47ba6d3b02bf3faaa857d3572df82ff186d5279a",
|
||||
"rev": "ae6473c7190edea0e505f433293688014b556b29",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -352,11 +352,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1758463745,
|
||||
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
|
||||
"lastModified": 1763992789,
|
||||
"narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
|
||||
"rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -716,11 +716,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762660502,
|
||||
"narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=",
|
||||
"lastModified": 1763870992,
|
||||
"narHash": "sha256-NPyc76Wxmv/vAsXJ8F+/8fXECHYcv2YGSqdiSHp/F/A=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "15c5451c63f4c612874a43846bfe3fa828b03eee",
|
||||
"rev": "d7423982c7a26586aa237d130b14c8b302c7a367",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -731,11 +731,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1762847253,
|
||||
"narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
|
||||
"lastModified": 1764328224,
|
||||
"narHash": "sha256-hFyF1XQd+XrRx7WZCrGJp544dykexD8Q5SrJJZpEQYg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
|
||||
"rev": "d62603a997438e19182af69d3ce7be07565ecad4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -747,11 +747,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1762756533,
|
||||
"narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
|
||||
"lastModified": 1763948260,
|
||||
"narHash": "sha256-dY9qLD0H0zOUgU3vWacPY6Qc421BeQAfm8kBuBtPVE0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
|
||||
"rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -793,11 +793,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1761880412,
|
||||
"narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=",
|
||||
"lastModified": 1763191728,
|
||||
"narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a7fc11be66bdfb5cdde611ee5ce381c183da8386",
|
||||
"rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -809,11 +809,11 @@
|
||||
},
|
||||
"nixpkgs-unstable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1762844143,
|
||||
"narHash": "sha256-SlybxLZ1/e4T2lb1czEtWVzDCVSTvk9WLwGhmxFmBxI=",
|
||||
"lastModified": 1764242076,
|
||||
"narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9da7f1cf7f8a6e2a7cb3001b048546c92a8258b4",
|
||||
"rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -849,11 +849,11 @@
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762904125,
|
||||
"narHash": "sha256-+T9oUulnXOQmy37GGOivHSvEyViA4gQ41mFZEPEDuOA=",
|
||||
"lastModified": 1764238240,
|
||||
"narHash": "sha256-7Znm3koZ4sF+O41Y7rJqf651BPEbjIUYF3r9H23GRGw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "84902b354fd0f122c40880b90dc8ac89d4d0daea",
|
||||
"rev": "f1e07ba53abd0fb4872a365cba45562144ad6130",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -897,11 +897,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762734885,
|
||||
"narHash": "sha256-HvM+nF1iuD1AolgbJZe/hJp4WwXtezwhKQaD815lskQ=",
|
||||
"lastModified": 1762999930,
|
||||
"narHash": "sha256-uKyxLwiN6sD6EmRSno66y1a8oqISr1XiWxbWHoMJT7I=",
|
||||
"owner": "henrysipp",
|
||||
"repo": "omarchy-nix",
|
||||
"rev": "128a95235f39443cf77fbb4786626a5401291c65",
|
||||
"rev": "308e0f85a0deb820c01cfbe1b4faee1daab4da12",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -958,11 +958,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762812535,
|
||||
"narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=",
|
||||
"lastModified": 1764021963,
|
||||
"narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "d75e4f89e58fdda39e4809f8c52013caa22483b7",
|
||||
"rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -1069,11 +1069,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1762305549,
|
||||
"narHash": "sha256-iHxl8YwQsCX9QyB0ImEvmr+C3FuZP0BR/9vMmjbaITA=",
|
||||
"lastModified": 1762938485,
|
||||
"narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "144d1e80d642c50c71846c0cb674e86c956e9a24",
|
||||
"rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -25,7 +25,6 @@
|
||||
internalInterfaces = [ "tailscale0" ];
|
||||
};
|
||||
|
||||
# Security hardening: Enable firewall (override global setting)
|
||||
networking.firewall = {
|
||||
enable = lib.mkForce true;
|
||||
allowedTCPPorts = [ 80 443 ]; # Public web traffic only
|
||||
@@ -33,11 +32,7 @@
|
||||
trustedInterfaces = [ "tailscale0" ]; # Full access via VPN
|
||||
};
|
||||
|
||||
# Security hardening: Restrict SSH to Tailscale only + key-based auth
|
||||
services.openssh = {
|
||||
listenAddresses = [
|
||||
{ addr = "100.75.147.49"; port = 22; } # Tailscale IP only
|
||||
];
|
||||
settings.PasswordAuthentication = false; # Keys only
|
||||
};
|
||||
}
|
||||
|
||||
@@ -18,4 +18,7 @@
|
||||
networking.hostName = "beefy";
|
||||
networking.cluster.primaryInterface = "enp1s0";
|
||||
services.tailscaleAutoconnect.authkey = "tskey-auth-k79UsDTw2v11CNTRL-oYqji35BE9c7CqM89Dzs9cBF14PmqYsi";
|
||||
|
||||
# Enable all SysRq functions for debugging hangs
|
||||
boot.kernel.sysctl."kernel.sysrq" = 1;
|
||||
}
|
||||
|
||||
50
services/homepage.hcl
Normal file
50
services/homepage.hcl
Normal file
@@ -0,0 +1,50 @@
|
||||
job "homepage" {
|
||||
datacenters = ["alo"]
|
||||
|
||||
group "app" {
|
||||
network {
|
||||
port "http" { to = 3000 }
|
||||
}
|
||||
|
||||
task "homepage" {
|
||||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "ghcr.io/gethomepage/homepage:latest"
|
||||
ports = [ "http" ]
|
||||
volumes = [
|
||||
"/data/services/homepage:/app/config",
|
||||
]
|
||||
}
|
||||
|
||||
env {
|
||||
PUID = 1000
|
||||
PGID = 1000
|
||||
HOMEPAGE_ALLOWED_HOSTS = "homepage.v.paler.net"
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 200
|
||||
memory = 256
|
||||
}
|
||||
|
||||
service {
|
||||
name = "homepage"
|
||||
port = "http"
|
||||
|
||||
tags = [
|
||||
"traefik.enable=true",
|
||||
"traefik.http.routers.homepage.entryPoints=websecure",
|
||||
"traefik.http.routers.homepage.middlewares=oidc-auth@file",
|
||||
]
|
||||
|
||||
check {
|
||||
type = "http"
|
||||
path = "/"
|
||||
interval = "10s"
|
||||
timeout = "5s"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -252,7 +252,7 @@ job "media" {
|
||||
|
||||
resources {
|
||||
cpu = 2000
|
||||
memory = 1000
|
||||
memory = 2000
|
||||
}
|
||||
|
||||
service {
|
||||
|
||||
Reference in New Issue
Block a user