JuliusFreudenberger/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Migrate srv01-hf to pangolin and dockhand

Browse source
This commit is contained in:
JuliusFreudenberger 2026-02-08 12:25:48 +01:00
parent e890501a0a
commit fd6810bd59
2 changed files with 26 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

12
flake.nix
View file

@ -11,7 +11,7 @@
}; };
inputs = { inputs = {
#nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
home-manager = { home-manager = {
@ -48,7 +48,7 @@
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
#nixpkgs-unstable, nixpkgs-unstable,
nixos-hardware, nixos-hardware,
home-manager, home-manager,
auto-cpufreq, auto-cpufreq,
@ -81,10 +81,6 @@
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
#pkgs-unstable = import nixpkgs-unstable {
# inherit system;
# config.allowUnfree = true;
#};
inherit inputs outputs username; inherit inputs outputs username;
}; };
@ -142,6 +138,10 @@
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
pkgs-unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
}; };
modules = [ modules = [

66
hosts/srv01.hf/default.nix
View file

@ -17,8 +17,9 @@
../../modules/docker.nix ../../modules/docker.nix
../../modules/teleport.nix ../../modules/teleport.nix
../../modules/portainer_agent.nix ../../modules/portainer_agent.nix
../../modules/arcane.nix ../../modules/pangolin.nix
../../modules/traefik.nix ../../modules/newt.nix
../../modules/dockhand.nix
../../modules/auto-upgrade.nix ../../modules/auto-upgrade.nix
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
@ -35,54 +36,27 @@
virtualisation.oci-containers.containers.portainer_agent.environmentFiles = [ config.age.secrets."portainer-join_token".path ]; virtualisation.oci-containers.containers.portainer_agent.environmentFiles = [ config.age.secrets."portainer-join_token".path ];
services.traefik-docker = { services = {
enable = true; pangolin = {
dashboardUrl = "traefik.juliusfr.eu"; dnsProvider = "netcup";
dnsSecrets = [ baseDomain = "juliusfr.eu";
config.age.secrets."netcup-dns" letsEncryptEmail = "contact@jfreudenberger.de";
]; environmentFile = config.age.secrets."pangolin".path;
mTLSCaCertSecret = config.age.secrets."step-ca-crt"; };
oidcAuthProviderUrl = "https://login.juliusfr.eu"; traefik = {
oidcClients = { environmentFiles = [ config.age.secrets."netcup-dns".path ];
traefik-dashboard = {
secret = config.age.secrets."traefik-oidc-auth";
};
immich = {
secret = config.age.secrets."immich-oidc-auth";
scopes = [
"openid"
"email"
"profile"
];
enableBypassUsingClientCertificate = true;
};
arcane = {
secret = config.age.secrets."arcane-oidc-auth";
scopes = [
"openid"
"email"
"profile"
"groups"
];
};
firefly = {
secret = config.age.secrets."firefly-oidc-auth";
scopes = [
"openid"
"email"
];
useClaimsFromUserInfo = true;
headers = [
{ Name = "FFIII-User"; Value = "{{`{{ .claims.email }}`}}"; }
];
};
}; };
}; };
services.arcane = { services.newt-docker = {
enable = true; enable = true;
appUrl = "arcane.juliusfr.eu"; pangolinEndpoint = "https://pangolin.juliusfr.eu";
secretFile = config.age.secrets."arcane-secrets"; connectionSecret = config.age.secrets."newt";
};
services.dockhand = {
enable = true;
appUrl = "dockhand.juliusfr.eu";
}; };
systemd.network = { systemd.network = {