nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/config/domain-config/sea.fudo.org.nix

141 lines
4.2 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
hostname = config.instance.hostname;
hostSecrets = config.fudo.secrets.host-secrets."${hostname}";
domainName = "sea.fudo.org";
domainSecrets = config.fudo.secrets.files.domain-secrets."${domainName}";
frigateExternalHost = "sea-cam.fudo.link";
frigateHost = "zbox";
frigateDirectory = frigateCfg.state-directory;
frigateMqttPassword =
pkgs.lib.passwd.stablerandom-passwd-file "frigate-mqtt-passwd"
config.instance.build-seed;
immichHost = "cartus";
immichMlHost = "toothless";
immichVersion = "v1.105.1";
mabelHost = "zbox";
in {
imports = [ ./sea.fudo.org/8bitdo.nix ];
config = {
fudo = {
services = {
mabel = {
enable = true;
verbose = true;
mabel-host = mabelHost;
matrix = {
domain = "fudo.im";
username = "mabel";
token-file = domainSecrets."mabel-matrix.token";
channel = "#thecitadel:fudo.im";
};
};
metrics = {
private-network = true;
grafana.oauth = {
hostname = "authentik.fudo.org";
client-id =
config.fudo.secrets.files.domain-secrets."fudo.org"."grafana-oid-client-id";
client-secret =
config.fudo.secrets.files.domain-secrets."fudo.org"."grafana-oid-client-secret";
slug = "grafana-metrics";
};
};
mqtt.private.users.frigate = {
password-file = frigateMqttPassword;
acl = [ "frigate/#" ];
};
};
zones."${domainName}".aliases = {
chat = "nostromo";
frigate = "zbox";
immich = immichHost;
immich-ml = immichMlHost;
};
};
services = {
tailscale.enable = true;
immichContainer = mkIf (hostname == immichHost) {
enable = true;
images = let pgVectoVersion = "v0.2.1";
in {
immich = "ghcr.io/immich-app/immich-server:${immichVersion}";
redis = "redis:6.2-alpine";
postgresql = "tensorchord/pgvecto-rs:pg14-${pgVectoVersion}";
};
};
immichMlContainer = mkIf (hostname == immichMlHost) {
enable = true;
hostnames = [ "immich-ml.${domainName}" "immich-ml.fudo.ninja" ];
port = 3923;
immich-version = immichVersion;
};
nginx = {
enable = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"immich.${domainName}".locations."/" = mkIf (hostname == immichHost) {
proxyPass = "http://127.0.0.1:${
toString config.services.immichContainer.port
}/";
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 1024M;
'';
};
"pics.fudo.ninja".locations."/" = mkIf (hostname == immichHost) {
proxyPass = "http://127.0.0.1:${
toString config.services.immichContainer.port
}/";
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 1024M;
'';
};
};
};
frigateContainer = mkIf (config.instance.hostname == frigateHost) {
enable = true;
log-level = "info";
images.frigate = "ghcr.io/blakeblackshear/frigate:0.13.0-beta5";
cameras =
genAttrs [ "cam-steps" "cam-patio" "cam-entrance" "cam-driveway" ]
(cam: {
default = cam == "cam-driveway";
streams = {
low =
"rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@${cam}.${domainName}:554/cam/realmonitor?channel=1&subtype=0";
high =
"rtsp://frigate:{FRIGATE_RTSP_PASSWORD}@${cam}.${domainName}:554/cam/realmonitor?channel=1&subtype=0";
};
});
camera-password-file =
config.fudo.secrets.files.domain-secrets."${domainName}".seattle-camera-password;
mqtt = {
host = config.fudo.services.mqtt.mqtt-hostname;
port = config.fudo.services.mqtt.private.port;
user = "frigate";
password-file = frigateMqttPassword;
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink