cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dendritic migration

Browse Source 
dendritic migration
This commit is contained in:
Christoph Schmatzler
2026-03-05 10:58:00 +00:00
parent 05544d0597
commit e463c42740
142 changed files with 4411 additions and 2779 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
modules/_hosts/tahani/adguardhome.nix Normal file
View File

@@ -0,0 +1,60 @@
{
services.adguardhome = {
enable = true;
host = "0.0.0.0";
port = 10000;
settings = {
dhcp = {
enabled = false;
};
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
safebrowsing_enabled = true;
blocked_response_ttl = 10;
filters_update_interval = 24;
blocked_services = {
ids = [
"reddit"
"twitter"
];
};
};
filters = [
{
enabled = true;
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt";
name = "HaGeZi Multi PRO";
id = 1;
}
{
enabled = true;
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt";
name = "HaGeZi Threat Intelligence Feeds";
id = 2;
}
{
enabled = true;
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt";
name = "HaGeZi Gambling";
id = 3;
}
{
enabled = true;
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/nsfw.txt";
name = "HaGeZi NSFW";
id = 4;
}
];
};
};
}

10
modules/_hosts/tahani/cache.nix Normal file
View File

@@ -0,0 +1,10 @@
{...}: {
services.caddy.virtualHosts."cache.manticore-hippocampus.ts.net" = {
extraConfig = ''
tls {
get_certificate tailscale
}
reverse_proxy localhost:32843
'';
};
}

38
modules/_hosts/tahani/networking.nix Normal file
View File

@@ -0,0 +1,38 @@
{config, ...}: {
services.tailscale.extraSetFlags = ["--accept-routes=false"];
networking = {
useDHCP = false;
interfaces.eno1.ipv4.addresses = [
{
address = "192.168.1.10";
prefixLength = 24;
}
];
defaultGateway = "192.168.1.1";
nameservers = ["1.1.1.1"];
firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
allowedUDPPorts = [
53
config.services.tailscale.port
];
allowedTCPPorts = [
22
53
];
checkReversePath = "loose";
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
}

73
modules/_hosts/tahani/paperless.nix Normal file
View File

@@ -0,0 +1,73 @@
{config, ...}: {
services.caddy = {
enable = true;
globalConfig = ''
admin off
'';
virtualHosts."docs.manticore-hippocampus.ts.net" = {
extraConfig = ''
tls {
get_certificate tailscale
}
reverse_proxy localhost:${toString config.services.paperless.port}
'';
};
virtualHosts."docs-ai.manticore-hippocampus.ts.net" = {
extraConfig = ''
tls {
get_certificate tailscale
}
reverse_proxy localhost:3000
'';
};
};
virtualisation.oci-containers = {
backend = "docker";
containers.paperless-ai = {
image = "clusterzx/paperless-ai:latest";
autoStart = true;
volumes = [
"paperless-ai-data:/app/data"
];
environment = {
PUID = "1000";
PGID = "1000";
PAPERLESS_AI_PORT = "3000";
# Initial setup wizard will configure the rest
PAPERLESS_AI_INITIAL_SETUP = "yes";
# Paperless-ngx API URL accessible from container (using host network)
PAPERLESS_API_URL = "http://127.0.0.1:${toString config.services.paperless.port}/api";
};
extraOptions = [
"--network=host"
];
};
};
services.redis.servers.paperless = {
enable = true;
port = 6379;
bind = "127.0.0.1";
settings = {
maxmemory = "256mb";
maxmemory-policy = "allkeys-lru";
};
};
services.paperless = {
enable = true;
address = "0.0.0.0";
passwordFile = config.sops.secrets.tahani-paperless-password.path;
settings = {
PAPERLESS_DBENGINE = "sqlite";
PAPERLESS_REDIS = "redis://127.0.0.1:6379";
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_CSRF_TRUSTED_ORIGINS = "https://docs.manticore-hippocampus.ts.net";
};
};
}