149 current 2025-10-09 03:59:16 25.05.20251006.20c4598 6.12.50 *

2025-10-09 11:43:03 -05:00
parent 6889344290
commit 6c7a2ecb10
4 changed files with 132 additions and 0 deletions
--- a/modules/homelab/services/nginx-proxy/default.nix
+++ b/modules/homelab/services/nginx-proxy/default.nix
@@ -0,0 +1,39 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.homelab.nginx-proxy;
+in
+{
+  options.modules.homelab.nginx-proxy = {
+    enable = lib.mkEnableOption "enables nginx-proxy";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # enable nginx proxy manager
+    services.nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+    };
+    # enable acme for auto ssl certs with lets encrypt
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "me@blakedheld.xyz";
+    };
+
+    # nginx secrets
+    sops.secrets = {
+      "ssl_blakedheld_crt" = {
+        restartUnits = [ "nginx.service" ];
+        owner = "nginx";
+        group = "nginx";
+#        neededForUsers = true;
+      };
+      "ssl_blakedheld_key" = {
+        owner = "nginx";
+        group = "nginx";
+#        neededForUsers = true;
+      };
+    };
+  };
+}
--- a/modules/homelab/shares/nfs.nix
+++ b/modules/homelab/shares/nfs.nix
@@ -0,0 +1,25 @@
+{ pkgs, config, lib, ... }:
+
+# define nfs exports
+let
+  cfg = config.modules.homelab.nfs;
+  nfs_exports = ''
+    /holocron/vault *(rw,sync,no_subtree_check,no_root_squash)
+    /holocron/media *(ro,sync,no_subtree_check)
+  '';
+in
+{
+  options.modules.homelab.nfs = {
+    enable = lib.mkEnableOption "enables nfs";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # enable nfs with all exports
+    services.nfs = {
+      server = {
+        enable = true;
+        exports = nfs_exports;
+      };
+    };
+  };
+}
--- a/modules/homelab/shares/smb.nix
+++ b/modules/homelab/shares/smb.nix
@@ -0,0 +1,33 @@
+{ pkgs, config, lib, ... }:
+
+# define smb shares
+let
+  cfg = config.modules.homelab.smb;
+  smb_shares = {
+    vault = {
+      path = "/holocron/vault";
+      browseable = true;
+      writable = true;
+      guestOk = false;
+    };
+    media = {
+      path = "/holocron/media";
+      browseable = true;
+      writable = true;
+      guestOk = false;
+    };
+  };
+in
+{
+  options.modules.homelab.smb = {
+    enable = lib.mkEnableOption "enables smb";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # enable smb with all shares
+    services.samba = {
+      enable = true;
+      settings = smb_shares;
+    };
+  };
+}
--- a/modules/homelab/shares/zfs.nix
+++ b/modules/homelab/shares/zfs.nix
@@ -0,0 +1,35 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.homelab.zfs;
+in
+{
+  options.modules.homelab.zfs = {
+    enable = lib.mkEnableOption "enables zfs";
+  };
+
+  config = lib.mkIf cfg.enable {
+    # set network host id
+    networking.hostId = "3e6e7055";
+
+    # enable zfs support
+    boot.kernelModules = [ "zfs" ];
+    boot.supportedFilesystems = [ "zfs" ];
+
+    # enable smart monitoring
+    services.smartd.enable = true;
+
+    # enable zfs
+    services.zfs = {
+      autoScrub.enable = true;
+      autoScrub.interval = "weekly";
+    };
+
+    fileSystems."/holocron" = {
+      device = "holocron";
+      fsType = "zfs";
+      options = [ "nofail" ];
+    };
+  };
+
+}