Setup heimdall

machines/tounge/configuration.nix

@@ -71,8 +71,10 @@
   # Setup home manager
   home-manager.users.nathan = import ./home.nix;
 
+  # Containerized applications
+  virtualisation.oci-containers.containers = {
     # Setup pi hole
-  virtualisation.oci-containers.containers."pihole" = {
+    "pihole" = {
       image = "pihole/pihole:latest";
       ports = [
         "10.0.0.10:53:53/tcp"
@@ -82,11 +84,24 @@
         "3080:80"
         "30443:443"
       ];
-    volumes =
+      volumes = [
-      [ "/var/lib/pihole/:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" ];
+        "/var/lib/pihole/:/etc/pihole/"
+        "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
+      ];
       extraOptions = [ "--cap-add=NET_ADMIN" "--dns=1.1.1.1" ];
     };
-
+    # Setup heimdall
+    "hub" = {
+      image = "lscr.io/linuxserver/heimdall:latest";
+      environment = {
+        "PUID" = "1001";
+        "PGID" = "1001";
+        "TZ" = "America/New_York";
+      };
+      ports = [ "4080:80" "4433:433" ];
+      volumes = [ "/var/lib/heimdall:/config" ];
+    };
+  };
   # Nginx virtual hosts
   services.nginx = {
     enable = true;
@@ -107,6 +122,17 @@
           '';
         };
       };
+      "hub.mccarty.io" = {
+        forceSSL = true;
+        useACMEHost = "mccarty.io";
+        locations."/" = {
+          proxyPass = "http://localhost:4080";
+          extraConfig = ''
+            allow 100.64.0.0/10;
+            deny all;
+          '';
+        };
+      };
       "sonarr.mccarty.io" = {
         forceSSL = true;
         useACMEHost = "mccarty.io";