navi my drone n my vidia · aylac.top/nixcfg@b551ac7

aylac.top / nixcfg

fork atom

this repo has no description

fork atom

navi my drone n my vidia

aylac.top 3 weeks ago b551ac7f df28c8ec

verified

+27 -7

7 changed files

expand all

unified split

flake.lock

hosts

nanpi

default.nix

secrets.nix

modules

nixos

profiles

backups

default.nix

services

caddy

default.nix

navidrome

default.nix

snippets

aylac-top

default.nix

+3 -3

flake.lock

··· 1072 1072 "secrets": { 1073 1073 "flake": false, 1074 1074 "locked": { 1075 - "lastModified": 1766576457, 1076 - "narHash": "sha256-fXJELdnaFE0VBB1LfvL/dlyoqdf6OC7iJemmdo0tyUI=", 1075 + "lastModified": 1771433023, 1076 + "narHash": "sha256-OtjoBGtBcEYfFjkYYKzFxjTJqt9jwr/IprmTscKZJNI=", 1077 1077 "owner": "ayla6", 1078 1078 "repo": "secrets", 1079 - "rev": "3f11bc679a5e623f92dea347cb162922a89aa6a3", 1079 + "rev": "07f1593c19da4b94a4e67f27c03c8370b6600762", 1080 1080 "type": "github" 1081 1081 }, 1082 1082 "original": {

+2 -3

hosts/nanpi/default.nix

··· 4 4 ... 5 5 }: { 6 6 imports = [ 7 - ./home.nix 8 7 ./secrets.nix 9 8 ./notifier.nix 10 9 ./backups.nix ··· 43 42 copyparty.enable = false; 44 43 dnsmasq.enable = true; 45 44 forgejo.enable = true; 46 - glance.enable = true; 47 45 jellyfin.enable = true; 48 46 jellyseerr.enable = true; 49 47 karakeep.enable = false; 50 - miniflux.enable = true; 48 + navidrome.enable = true; 49 + # miniflux.enable = true; 51 50 ntfy.enable = true; 52 51 pds.enable = true; 53 52 privatebin.enable = true;

hosts/nanpi/secrets.nix

··· 8 8 syncthingCert.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/cert.age"; 9 9 syncthingKey.file = "${self.inputs.secrets}/ayla/syncthing/nanpi/key.age"; 10 10 ntfyAuto.file = "${self.inputs.secrets}/ntfyAuto.age"; 11 + navidrome.file = "${self.inputs.secrets}/navidrome.age"; 11 12 }; 12 13 }

modules/nixos/profiles/backups/default.nix

··· 223 223 paths = ["/var/lib/vaultwarden"]; 224 224 } 225 225 { 226 + name = "navidrome"; 227 + inherit (config.services.navidrome) enable; 228 + paths = ["/var/lib/navidrome"]; 229 + exclude = ["cache"]; 230 + backupMode = "notify"; 231 + } 232 + { 226 233 name = "passwords"; 227 234 enable = builtins.elem config.networking.hostName config.mySnippets.syncthing.folders."Passwords".devices; 228 235 paths = [config.mySnippets.syncthing.folders."Passwords".path];

+1 -1

modules/nixos/services/caddy/default.nix

··· 31 31 32 32 package = pkgs.caddy.withPlugins { 33 33 plugins = ["github.com/tailscale/caddy-tailscale@v0.0.0-20250508175905-642f61fea3cc"]; 34 - hash = "sha256-r9EDkhcgwK11dB46AV+Em8ZE6Aa7IDMwibDGkg3e/rc="; 34 + hash = "sha256-XQpSWgI/7E9FvWw2EMEOyl/rkddgLWd3SSusCmViMwo="; 35 35 }; 36 36 }; 37 37 tailscale.permitCertUid = "caddy";

modules/nixos/services/navidrome/default.nix

··· 8 8 9 9 network = config.mySnippets.tailnet; 10 10 service = network.networkMap.${name}; 11 + publicNetwork = config.mySnippets.aylac-top; 12 + publicService = publicNetwork.networkMap.${name}; 11 13 in { 12 14 options.myNixOS.services.${name} = { 13 15 enable = lib.mkEnableOption "${name} server"; ··· 27 29 reverse_proxy ${service.hostName}:${toString service.port} 28 30 ''; 29 31 32 + cloudflared.tunnels."${publicNetwork.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy { 33 + "${publicService.vHost}" = "http://${publicService.hostName}:${toString service.port}"; 34 + }; 35 + 30 36 navidrome = { 31 37 enable = true; 32 38 openFirewall = true; ··· 35 41 Address = "0.0.0.0"; 36 42 Port = service.port; 37 43 }; 44 + environmentFile = config.age.secrets.navidrome.path; 38 45 }; 39 46 }; 40 47 };

modules/snippets/aylac-top/default.nix

··· 58 58 port = 7748; 59 59 vHost = "bin.aylac.top"; 60 60 }; 61 + 62 + navidrome = { 63 + inherit (config.mySnippets.tailnet.networkMap.navidrome) hostName; 64 + inherit (config.mySnippets.tailnet.networkMap.navidrome) port; 65 + vHost = "nvidia.aylac.top"; 66 + }; 61 67 }; 62 68 }; 63 69 };