diff --git a/machines/tounge/configuration.nix b/machines/tounge/configuration.nix index 56b6535..99b3eb2 100644 --- a/machines/tounge/configuration.nix +++ b/machines/tounge/configuration.nix @@ -71,22 +71,37 @@ # Setup home manager home-manager.users.nathan = import ./home.nix; - # Setup pi hole - virtualisation.oci-containers.containers."pihole" = { - image = "pihole/pihole:latest"; - ports = [ - "10.0.0.10:53:53/tcp" - "10.0.0.10:53:53/udp" - "100.75.37.98:53:53/tcp" - "100.75.37.98:53:53/udp" - "3080:80" - "30443:443" - ]; - volumes = - [ "/var/lib/pihole/:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" ]; - extraOptions = [ "--cap-add=NET_ADMIN" "--dns=1.1.1.1" ]; + # Containerized applications + virtualisation.oci-containers.containers = { + # Setup pi hole + "pihole" = { + image = "pihole/pihole:latest"; + ports = [ + "10.0.0.10:53:53/tcp" + "10.0.0.10:53:53/udp" + "100.75.37.98:53:53/tcp" + "100.75.37.98:53:53/udp" + "3080:80" + "30443:443" + ]; + volumes = [ + "/var/lib/pihole/:/etc/pihole/" + "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" + ]; + extraOptions = [ "--cap-add=NET_ADMIN" "--dns=1.1.1.1" ]; + }; + # Setup heimdall + "hub" = { + image = "lscr.io/linuxserver/heimdall:latest"; + environment = { + "PUID" = "1001"; + "PGID" = "1001"; + "TZ" = "America/New_York"; + }; + ports = [ "4080:80" "4433:433" ]; + volumes = [ "/var/lib/heimdall:/config" ]; + }; }; - # Nginx virtual hosts services.nginx = { enable = true; @@ -107,6 +122,17 @@ ''; }; }; + "hub.mccarty.io" = { + forceSSL = true; + useACMEHost = "mccarty.io"; + locations."/" = { + proxyPass = "http://localhost:4080"; + extraConfig = '' + allow 100.64.0.0/10; + deny all; + ''; + }; + }; "sonarr.mccarty.io" = { forceSSL = true; useACMEHost = "mccarty.io";