erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Tweak some stuff, clean up some other stuff

Browse source
This commit is contained in:
Erwin Boskma 2023-07-04 20:29:59 +02:00
parent f70a25f475
commit b041bae420
Signed by: erwin
SSH key fingerprint: SHA256:9LmFDe1C6jSrEyqxxvX8NtJBmcbB105XoqyUZF092bg
6 changed files with 131 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
machines/frigate/configuration.nix
View file

@ -40,7 +40,6 @@
# };
# defaultGateway = "10.0.0.1";
nameservers = [ "10.0.0.254" ];
};
proxmoxLXC = {

5
machines/minio/configuration.nix
View file

@ -7,7 +7,10 @@
];
eboskma = {
users.erwin.enable = true;
users.erwin = {
enable = true;
server = true;
};
services = {
minio.enable = true;
};

46
modules/adguard/default.nix
View file

@ -31,29 +31,8 @@ in
clients = {
persistent = [
{
blocked_services = [ ];
filtering_enabled = false;
ids = [ "10.0.0.81" ];
ignore_querylog = false;
ignore_statistics = false;
name = "TV";
parental_enabled = false;
safe_search = {
bing = false;
duckduckgo = false;
enabled = false;
google = false;
pixabay = false;
yandex = false;
youtube = false;
};
safebrowsing_enabled = false;
tags = [ "device_tv" ];
upstreams = [ "1.1.1.1" ];
use_global_blocked_services = true;
use_global_settings = true;
}
{
name = "xiaomi-fan";
ids = [ "5a:b6:23:35:1c:76" ];
blocked_services = [
"9gag"
"amazon"
@ -92,10 +71,8 @@ in
"youtube"
];
filtering_enabled = true;
ids = [ "5a:b6:23:35:1c:76" ];
ignore_querylog = false;
ignore_statistics = false;
name = "xiaomi-fan";
parental_enabled = true;
safe_search = {
bing = false;
@ -294,18 +271,6 @@ in
name = "AdAway";
url = "https://adaway.org/hosts.txt";
}
{
enabled = true;
id = 3;
name = "hpHosts - Ad and Tracking servers only";
url = "https://hosts-file.net/ad_servers.txt";
}
{
enabled = true;
id = 4;
name = "MalwareDomainList.com Hosts List";
url = "https://www.malwaredomainlist.com/hostslist/hosts.txt";
}
{
enabled = true;
id = 1586463155;
@ -376,7 +341,12 @@ in
"@@||ab.tweakers.nl^$important"
"||zip^"
];
users = [ ];
users = [
{
name = "erwin";
password = "$2b$12$bcE.EzNPhKmtDlgkej83xeAE/ADmAczt.iaElp6v4QT8DBlbVBgb.";
}
];
verbose = false;
web_session_ttl = 720;
whitelist_filters = [ ];

1
modules/frigate/config.yml
View file

@ -59,6 +59,7 @@ go2rtc:
webrtc:
candidates:
- 10.0.0.205:8555
- 100.114.77.58:8555 # Tailscale
- stun:8555
cameras:

129
modules/frigate/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.eboskma.services.frigate;
@ -7,25 +7,10 @@ in
options.eboskma.services.frigate = { enable = mkEnableOption "frigate"; };
config = mkIf cfg.enable {
# docker run -d \
# --name frigate \
# --restart=unless-stopped \
# --mount type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000 \
# --device /dev/bus/usb:/dev/bus/usb \
# --device /dev/dri/renderD128 \
# --shm-size=64m \
# -v /path/to/your/storage:/media/frigate \
# -v /path/to/your/config.yml:/config/config.yml:ro \
# -v /etc/localtime:/etc/localtime:ro \
# -e FRIGATE_RTSP_PASSWORD='password' \
# -p 5000:5000 \
# -p 1935:1935 \
# blakeblackshear/frigate:stable
virtualisation.oci-containers.containers = {
frigate = {
autoStart = true;
image = "ghcr.io/blakeblackshear/frigate:0.12.0";
image = "ghcr.io/blakeblackshear/frigate:0.12.1";
ports = [
"1984:1984" # go2rtc
"5000:5000" # Frigate
@ -36,6 +21,7 @@ in
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${./config.yml}:/config/config.yml:ro"
"${pkgs.go2rtc}/bin/go2rtc:/config/go2rtc"
"/data/frigate:/media/frigate"
];
extraOptions = [
@ -55,5 +41,114 @@ in
];
};
};
# services.frigate = {
# enable = true;
# hostname = "frigate.datarift.nl";
# settings = {
# mqtt = {
# enabled = true;
# host = "mqtt.datarift.nl";
# port = 1883;
# user = "frigate";
# password = "{FRIGATE_MQTT_PASSWORD}";
# };
# detectors = {
# coral = {
# type = "edgetpu";
# device = "pci";
# };
# };
# birdseye = {
# enabled = false;
# };
# ffmpeg = {
# hwaccel_args = "preset-vaapi";
# output_args = {
# record = "preset-record-generic-audio-aac";
# };
# };
# detect = {
# width = 640;
# height = 480;
# };
# objects = {
# track = [ "person" "cat" ];
# };
# record = {
# enabled = true;
# retain = {
# days = 4;
# };
# events = {
# retain = {
# default = 14;
# };
# };
# };
# snapshots = { };
# go2rtc = {
# streams = {
# deurbel = [
# "rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.0.0.31/h264Preview_01_main"
# "ffmpeg:deurbel#audio=opus"
# ];
# deurbel_sub = [
# "rtsp://hass:{FRIGATE_DOORBELL_PASSWORD}@10.0.0.31/h264Preview_01_sub"
# ];
# };
# webrtc = {
# candidates = [
# "10.0.0.205:8555"
# "stun:8555"
# ];
# };
# };
# cameras = {
# deurbel = {
# ffmpeg = {
# inputs = [
# {
# path = "rtsp://127.0.0.1:8554/deurbel?video=copy&audio=aac";
# input_args = "preset-rtsp-restream";
# roles = [ "record" ];
# }
# {
# path = "rtsp://127.0.0.1:8554/deurbel_sub?video=copy";
# input_args = "preset-rtsp-restream";
# roles = [ "detect" ];
# }
# ];
# };
# record = {
# events = {
# required_zones = [ "oprit" ];
# };
# };
# snapshots = {
# required_zones = [ "oprit" ];
# };
# zones = {
# oprit = {
# coordinates = "0,480,640,480,640,480,640,259,513,255,323,254,211,254,144,353,79,325,33,286,0,289";
# objects = [ "person" "cat" ];
# };
# };
# };
# };
# };
# };
# systemd.services.frigate.serviceConfig.EnvironmentFile = config.sops.secrets.frigate.path;
};
}

11
modules/keycloak/default.nix
View file

@ -28,13 +28,14 @@ in
"${config.services.keycloak.settings.hostname}" = {
extraConfig = ''
@public_or_allowed_remote {
not {
not path /realms/* /resources/* /js/* /robots.txt
not remote_ip 100.64.0.0/10 86.85.243.40/32
}
expression path('/realms/*', '/resources/*', '/js/*', '/robots.txt') || remote_ip('10.64.0.0/10', '86.85.243.40/32', '2a02:a441:c959:1::/64')
}
reverse_proxy @public_or_allowed_remote ${config.services.keycloak.settings.http-host}:${toString config.services.keycloak.settings.http-port}
route {
reverse_proxy @public_or_allowed_remote ${config.services.keycloak.settings.http-host}:${toString config.services.keycloak.settings.http-port}
error "Nope." 401
}
'';
};
};