From 6c7a2ecb10c8a1f7eab5775843d8ceb9cec59b89 Mon Sep 17 00:00:00 2001 From: blake Date: Thu, 9 Oct 2025 11:43:03 -0500 Subject: [PATCH] 149 current 2025-10-09 03:59:16 25.05.20251006.20c4598 6.12.50 * --- .../homelab/services/nginx-proxy/default.nix | 39 +++++++++++++++++++ modules/homelab/shares/nfs.nix | 25 ++++++++++++ modules/homelab/shares/smb.nix | 33 ++++++++++++++++ modules/homelab/shares/zfs.nix | 35 +++++++++++++++++ 4 files changed, 132 insertions(+) create mode 100644 modules/homelab/services/nginx-proxy/default.nix create mode 100644 modules/homelab/shares/nfs.nix create mode 100644 modules/homelab/shares/smb.nix create mode 100644 modules/homelab/shares/zfs.nix diff --git a/modules/homelab/services/nginx-proxy/default.nix b/modules/homelab/services/nginx-proxy/default.nix new file mode 100644 index 0000000..86ce2b1 --- /dev/null +++ b/modules/homelab/services/nginx-proxy/default.nix @@ -0,0 +1,39 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.modules.homelab.nginx-proxy; +in +{ + options.modules.homelab.nginx-proxy = { + enable = lib.mkEnableOption "enables nginx-proxy"; + }; + + config = lib.mkIf cfg.enable { + # enable nginx proxy manager + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + # enable acme for auto ssl certs with lets encrypt + security.acme = { + acceptTerms = true; + defaults.email = "me@blakedheld.xyz"; + }; + + # nginx secrets + sops.secrets = { + "ssl_blakedheld_crt" = { + restartUnits = [ "nginx.service" ]; + owner = "nginx"; + group = "nginx"; +# neededForUsers = true; + }; + "ssl_blakedheld_key" = { + owner = "nginx"; + group = "nginx"; +# neededForUsers = true; + }; + }; + }; +} diff --git a/modules/homelab/shares/nfs.nix b/modules/homelab/shares/nfs.nix new file mode 100644 index 0000000..9d987e0 --- /dev/null +++ b/modules/homelab/shares/nfs.nix @@ -0,0 +1,25 @@ +{ pkgs, config, lib, ... }: + +# define nfs exports +let + cfg = config.modules.homelab.nfs; + nfs_exports = '' + /holocron/vault *(rw,sync,no_subtree_check,no_root_squash) + /holocron/media *(ro,sync,no_subtree_check) + ''; +in +{ + options.modules.homelab.nfs = { + enable = lib.mkEnableOption "enables nfs"; + }; + + config = lib.mkIf cfg.enable { + # enable nfs with all exports + services.nfs = { + server = { + enable = true; + exports = nfs_exports; + }; + }; + }; +} diff --git a/modules/homelab/shares/smb.nix b/modules/homelab/shares/smb.nix new file mode 100644 index 0000000..1eed22d --- /dev/null +++ b/modules/homelab/shares/smb.nix @@ -0,0 +1,33 @@ +{ pkgs, config, lib, ... }: + +# define smb shares +let + cfg = config.modules.homelab.smb; + smb_shares = { + vault = { + path = "/holocron/vault"; + browseable = true; + writable = true; + guestOk = false; + }; + media = { + path = "/holocron/media"; + browseable = true; + writable = true; + guestOk = false; + }; + }; +in +{ + options.modules.homelab.smb = { + enable = lib.mkEnableOption "enables smb"; + }; + + config = lib.mkIf cfg.enable { + # enable smb with all shares + services.samba = { + enable = true; + settings = smb_shares; + }; + }; +} diff --git a/modules/homelab/shares/zfs.nix b/modules/homelab/shares/zfs.nix new file mode 100644 index 0000000..2ed5643 --- /dev/null +++ b/modules/homelab/shares/zfs.nix @@ -0,0 +1,35 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.modules.homelab.zfs; +in +{ + options.modules.homelab.zfs = { + enable = lib.mkEnableOption "enables zfs"; + }; + + config = lib.mkIf cfg.enable { + # set network host id + networking.hostId = "3e6e7055"; + + # enable zfs support + boot.kernelModules = [ "zfs" ]; + boot.supportedFilesystems = [ "zfs" ]; + + # enable smart monitoring + services.smartd.enable = true; + + # enable zfs + services.zfs = { + autoScrub.enable = true; + autoScrub.interval = "weekly"; + }; + + fileSystems."/holocron" = { + device = "holocron"; + fsType = "zfs"; + options = [ "nofail" ]; + }; + }; + +}